The motivation behind Distributed Denial of Service (DDoS) attacks is often unknown. In some cases it might be cyber-vandalism, causing disruption for disruption’s sake. In other cases it might be down to hactivism, reaction to a cause or an event. And while DDoS attacks on business enterprises can result in huge commercial losses due to downtime, the reverberations of a DDoS attack are not always purely economic.
This week Belgium was hit by a massive Distributed Denial of Service (DDoS) attack causing disruption to the services of more than 200 organizations in the country including government, parliamentary, healthcare and academic institutions. The large-scale attack, which started on Tuesday May 4, targeted the network of Belgian internet service provider (ISP) BelNet and was still in progress on Wednesday with the attacks taking place in successive waves. In response to the attack, Belnet immediately activated its crisis procedures and contacted the Centre for Cybersecurity Belgium (CCB) to bring the attack under control.
BelNet is a government-funded ISP providing internet services to government, educational, research and scientific institutions, as well as a number of other organizations across the country. As a result of the attack a number of scheduled meetings of the Belgian Parliament and other virtual events were unable to go ahead as planned due to internet services having been blocked. In addition, remote learning for some Belgian Universities and other academic institutions was disrupted by connectivity stability issues.
The BelNet attack, while large in size, was a fairly rudimentary DDoS, with the objective seemingly to saturate the ISP’s network by sending thousands of IP addresses to create a surge in traffic flow. However, by targeting a national ISP, the attackers managed to cause major disruption to critical government, scientific and academic infrastructure and services in Belgium which is the home of the European Union Headquarters and a key location in terms of European socio and economical policy and decision making.
And whatever the motive behind a DDoS attack, when the target of the DDoS attack is a national Internet Service Provider, upon whom large sections of the country’s infrastructure are dependent, they need to have a solid and reliable DDoS protection in place that guarantees a swift and seamless mitigation otherwise they leave themselves open to many difficult questions as to why they were not better-protected. ISPs are not experts in DDoS protection and relying on ISP security solutions to mitigate against a DDoS attack and keep your business up and running can leave you open to a certain level of risk. For example, in the event of a ‘noisy neighbor’ scenario where a cloud-computing co-tenant might be utilizing more bandwidth, CPU and other resources, possibly due to being the target of a DDoS attack, ISPs have been known to revert to mitigation tactics such as FlowSpec or RTBH (remotely-triggered black holing), causing traffic routed to the targeted IP address to drop off. The problem is that these measures impact all traffic, even the traffic from legitimate users trying to reach your server, resulting in a huge success for the attackers.
Time to mitigation and the importance of automation
According to Dirk Haex, Technical Director at Belnet, the reason why the attacks were so difficult to bring under control was because the attackers kept changing their tactics.
At the core of any DDoS protection solution is the SLA for time to mitigation (TTM) and in a case like this one where the attacker uses different approaches and applies different vectors, security teams can waste critical time switching mitigation tactics to match those of the attacker. Even seconds of downtime can have a huge impact with extended time to mitigation potentially costing your business hundreds of thousands of dollars, and with essential national services and infrastructure being disrupted, as was the case in Belgium where even the country’s COVID vaccination reservation portal was brought down, being unprepared for a DDoS attack is a risk not many can afford.
DDoS attackers are growing more sophisticated in their methods to maximize disruption, using diverse approaches and vectors to distract and attack. Having a solid DDoS mitigation solution in place is crucial at times like these to enable security teams to mitigate quickly and effectively to minimize disruption and ensure the availability of critical services.
Imperva always-on DDoS Protection and our 3-second time to mitigation guarantee – from when the first DDoS attack packet hits, all the way to full mitigation – leverages automation and AI to offer you the fastest and most comprehensive SLA. No matter what kind of attack, or the size, every DDoS threat is mitigated in 3 seconds or less, without affecting the flow of legitimate traffic.
Our global network mesh topology enables attacks on our customers’ ranges to be scrubbed closer to the attack origin. This eliminates the need for the traffic to travel over the ISP backbone to the PoP in which a customer is connected to us, and combats the ISP in the middle null routing the range. And, in an idle state, clean traffic flows over quality pipes for optimal capacity and performance.
Named a leader in the Forrester Wave™ DDoS Mitigation Solutions Q1 2021 report Imperva offers the fastest DDoS mitigation in the market with a guaranteed SLA of 3 seconds for all attack vectors.
Join us for a webinar on May 20 to witness our DDoS for Networks Protection in action. Register here.
Get the latest from imperva
The latest news from our experts in the fast-changing world of application, data, and edge security.