Amazon Web Services hit by a DDoS attack

What happened?

The distributed denial of service (DDoS) attack was directed towards Amazon Web Services (AWS) route 53 domain name system (DNS), but did not directly target the larger AWS main site. For many companies using AWS services, this resulted in downtime of their own websites. In addition, customers couldn’t access AWS, as their DNS servers were essentially jammed and Amazon’s basic DDoS mitigations appeared to have little to no effect. Finally yet importantly, legitimate traffic was stopped to try to manage the malicious traffic from the attack. In practical terms, it meant that many AWS customers along the East Coast of the United States couldn’t get their cloud-based services to work for eight hours—from 10:30 a.m. until 6:30 p.m.

Do we know who launched the attack?

At this point, there is still no information about who launched this attack and why. This information is vital to help the business community understand what it takes to breach one of the largest companies today and strengthen their defenses accordingly.

So what are the conclusions and advice from CSC?

• When assessing different providers, look at history of outages.

Simply research the provider to see if it has been involved in any outages. Look into having a secondary DNS solution, that way you have additional redundancy, as the secondary DNS steps in if the primary one is down.

• Even though cloud providers go to some lengths to protect themselves, the DDoS attack shows that even a company as big as Amazon is vulnerable. Not only that, but thanks to the way companies use cloud services these days, the attack had a ripple effect.

You can read more about AWS outage here.

Latest TLD launches

.AR

With the release of TLD domain .AR, we have notified everyone about the change and reached out proactively to those of you who have already had .COM.AR domains registered. The Grandfather Phase has closed, and the General Availability phase began November 9. As mentioned, this is the phase where anyone living up to the requirements may register a domain under .AR.

Are there any limitation to what domains you can register? There has previously been questions if the registry allows two-, three-, and four-character domains. We’ve been informed that the registry will not allow the registration of these domains at this point, but will inform you if there is any change. Should you want, we can set up pre-registrations for the domains.

What are pre-registrations?

These are orders we submit in our system so they queue, meaning if the registry allows for the registration of these domains at some point down the line, we’ll automatically push them through to the registry. This helps you avoid having to remember or wait to find out when the domains will be available to register.

.AU

AUDA, the Australian TLD registry, announced in August 2019 it expected further delays to the release of the direct second-level TLD registrations, i.e., allowing the public to register .AU domains directly.

What are reasons behind these delays?

The release was expected to launch Q3 2019, but AUDA is consulting the industry during 2019 and the first few months of 2020 on an appropriate model to avoid implementation issues.

What is this license model and what impact may this have?

The license model is the requirements and specifications registrants applying for .AU domains needs to live up to. It is yet unknown how this may impact registrants, but it may suggest they are easing the rules of the application. Today, a registrant applying for .COM.AU needs to either register with an Australian registered trademark, or by being an Australian registered company.

Ok, so what are the registries expectation for a release date?

According to AUDA, they hope to have the license model in place as soon as possible, being able to release the TLD during the first half of 2020. CSC expects Q2 rather than Q1, but we’ll have to wait and see as they progress.

.NEW

What is this about .NEW that is so interesting? As a TLD operated by Google, the hype has been more about how Google has used it.

Why we think it’s interesting is because Google has, with its G-suite business, used this TLD cleverly. Google has registered some specific domains under .NEW. These include DOC.NEW, SHEET.NEW, FORM.NEW, PRESENTATION.NEW, and SITE.NEW. And what happens when you enter these sites deserves almost no explanation. If you type DOC.NEW into any browser, it immediately opens up a new Google document. The other domains also operate this way.

So why is this interesting?

It may not necessarily say anything about what it will mean for others. However, the way they have used .NEW demonstrates other ways to use domains online. It’s interesting that a user in a browser can instantly open a new document without menu interaction. It provides a very smooth user experience. It’s an innovative way users using Google documents can interact with the services going forward, and may not be the last we see from Google using .NEW or any other gTLDs?

Does CSC have any recommendations about the application of this?

It’s hard to say, but we hope that this inspires businesses about how to use domains in a different way—perhaps to create a better user experience by combining domains with online services.

This could help create a more user-friendly approach for other highly-used web pages.

Image-only infringements

Often in the context of brand protection services, we encounter online content that doesn’t include any text-based reference to a brand name, but instead uses an image that’s associated with the brand in question, or one of its products. This can be found on eCommerce sites, independent websites, social media posts or accounts, and is sometimes referred to as graphic brand-specific content.

Use of official images without authorization from the rights owner, with or without the associated presence of a logo or a figurative trademark, can be deemed an infringement.

Read more by visiting the latest CSC blog post.

Upcoming:

Webinars

Our next monthly webinar will be on 5 December, 2019. For the latest industry news from around the world regarding domain names, online security, and brand protection, sign up here.

Events

Invitation to “Glögg mingel” at the CSC Stockholm office

Thursday 5 December, 2019
Drop-in from 16:00-18:30
Drottninggatan 92-94, 113 36 Stockholm

Nordic blog

We have launched a Nordic version of the Digital Brand Insider blog, which will cover what’s going on in the domain and cyber security worlds and also keep readers informed about upcoming webinars and events in the Nordic region.

Have the best of both worlds: content designed for the Nordic region, plus relevant global topics.

Sign up for alerts here.

CSC Nordic Newsletter – November Edition