Time to mitigation and the importance of automationĪccording to Dirk Haex, Technical Director at Belnet, the reason why the attacks were so difficult to bring under control was because the attackers kept changing their tactics.Īt the core of any DDoS protection solution is the SLA for time to mitigation (TTM) and in a case like this one where the attacker uses different approaches and applies different vectors, security teams can waste critical time switching mitigation tactics to match those of the attacker. The problem is that these measures impact all traffic, even the traffic from legitimate users trying to reach your server, resulting in a huge success for the attackers. For example, in the event of a ‘noisy neighbor’ scenario where a cloud-computing co-tenant might be utilizing more bandwidth, CPU and other resources, possibly due to being the target of a DDoS attack, ISPs have been known to revert to mitigation tactics such as FlowSpec or RTBH (remotely-triggered black holing), causing traffic routed to the targeted IP address to drop off. ISPs are not experts in DDoS protection and relying on ISP security solutions to mitigate against a DDoS attack and keep your business up and running can leave you open to a certain level of risk. However, by targeting a national ISP, the attackers managed to cause major disruption to critical government, scientific and academic infrastructure and services in Belgium which is the home of the European Union Headquarters and a key location in terms of European socio and economical policy and decision making.Īnd whatever the motive behind a DDoS attack, when the target of the DDoS attack is a national Internet Service Provider, upon whom large sections of the country’s infrastructure are dependent, they need to have a solid and reliable DDoS protection in place that guarantees a swift and seamless mitigation otherwise they leave themselves open to many difficult questions as to why they were not better-protected. The BelNet attack, while large in size, was a fairly rudimentary DDoS, with the objective seemingly to saturate the ISP’s network by sending thousands of IP addresses to create a surge in traffic flow. ![]() In addition, remote learning for some Belgian Universities and other academic institutions was disrupted by connectivity stability issues. As a result of the attack a number of scheduled meetings of the Belgian Parliament and other virtual events were unable to go ahead as planned due to internet services having been blocked. In response to the attack, Belnet immediately activated its crisis procedures and contacted the Centre for Cybersecurity Belgium (CCB) to bring the attack under control.īelNet is a government-funded ISP providing internet services to government, educational, research and scientific institutions, as well as a number of other organizations across the country. ![]() The large-scale attack, which started on Tuesday May 4, targeted the network of Belgian internet service provider (ISP) BelNet and was still in progress on Wednesday with the attacks taking place in successive waves. This week Belgium was hit by a massive Distributed Denial of Service (DDoS) attack causing disruption to the services of more than 200 organizations in the country including government, parliamentary, healthcare and academic institutions. And while DDoS attacks on business enterprises can result in huge commercial losses due to downtime, the reverberations of a DDoS attack are not always purely economic. In other cases it might be down to hactivism, reaction to a cause or an event. In some cases it might be cyber-vandalism, causing disruption for disruption’s sake. ![]() The motivation behind Distributed Denial of Service (DDoS) attacks is often unknown.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |