A tweet meant to spread misinformation sent much of the U.S. into a panic on Monday. A countrywide T-Mobile network outage was mistaken for a Distributed-Denial-of-Service attack when the Twitter account @YourAnonCentral claiming to be Anonymous affiliated tweeted Monday about a major DDoS attack on the U.S. Included in the tweet was a world map claiming to show proof of the large DDoS attack on the U.S.
Marcus Hutchins, a former black hat hacker turned white hat and cyber researcher responsible for stopping the WannaCry ransomware attacks in 2017, along with other cyber researchers, proved these tweets false that same day. About the map, Hutchins said it “show[s] a random sample of global DDoS traffic badly plotted on a world map. It does not indicate an attack against the US, it lacks context to make any inferences at all (other than DDoS attacks are happening all day every day).”
Other false reports of major outages with other services added to the confusion. The popular site for detecting outages Downdectector did detect outages for other major cellular carriers (Verizon, AT&T, Metro, Sprint, Consumer Cellular, US Cellular). However, Verizon assured DCD that its network was performing well: “We’re aware that another carrier is having network issues. Calls to and from that carrier may receive an error message. We understand Downdetector is falsely reporting Verizon network issues.”
AT&T also reported that its network was working properly.
Additional popular services were reported to be under attack, but researchers believe that this may be in consequence of T-Mobile users not being able to reach those services. Among those reported to be having problems were internet providers (Spectrum, Comcast, CenturyLink, Cox), social media platforms (Facebook, Instagram, Twitter, Snapchat, Twitter), gaming services (Fortnite, Roblox, Call of Duty, Steam, Xbox Live, Playstation Network), streaming services (Netflix, Hulu, HBO Now, Twitch), Banks (Chase Bank, Bank of America), and other major services (Doordash, Google, Zoom).
T-Mobile was able to fix what turned out to be a routing issue by 11 pm Monday evening. T-Mobile’s President of Technology Neville Ray tweeted an apology, with a promise that improvements were made to prevent future events like this.
Even though the panic of Twitter users turned out to be for nothing, this false alarm seems to beg the question, what would have happened if such a large scale DDoS attack had been real?
Many of the reported issues were with services that have become staples to businesses and individuals during this pandemic. Without telecommunication and technology services available, would people know how to survive? Events like this should be a wakeup call to organizations, to review and update their disaster recovery plans, or to create one if they don’t have an existing plan. On this blog, we have focused mainly on ransomware and how to recover from a ransomware attack, but a disaster recovery plan should cover all types of cyber threats, including DDoS attacks.
If your company does not have a disaster recovery plan for DDoS attacks (whether pointed at your organization or the services you use), try asking yourselves questions similar to these: Does your organization have a plan in place if you were to lose cell or internet service? What are your organization’s next steps in the event of a DDoS attack to get your services back up? Have you talked to your service providers about services or tools that can help? Do you have locally backed-up copies of mission-critical data? While creating a disaster recovery plan is time consuming, it will always be worth it.