DDoS Attack left “Sweden not Working”

Bipin Mistry
By | December 12, 2014

Posted in: ISP DDoS Protection , Hosting Provider DDoS Protection

The recent DDoS attacks impacting Swedish cable, Internet and mobile service provider, TeliaSonera is another grim reminder of the impact a DDoS attack can have not only on the business itself, but the 5 million subscribers that were left without service, and left "Sweden not working", as TeliaSonera’s CEO Johan Dennelind has stated publically.

There are a few unique points to take away from this particular attack.  The sheer scale of Internet, mobile and cable operators network infrastructure and massive customer base presents an incredibly attractive attack surface. With multiple entry points and significant aggregate bandwidth available make these providers one of the most vulnerable targets for DDoS attacks.

Solution Providers need to protect their internal infrastructure so that they are not used as the attack vector.  Due diligence around patching servers combined with inline DDoS protection and comprehensive security forensics will allow providers to quickly determine that their infrastructure has been compromised. Another equally dramatic takeaway is the escalating malicious use of standard Internet services such as DNS (Domain Name System) and NTP (Network Time Protocol) as unwilling attack drones for third-party Distributed Denial of Service (DDoS) attacks. In reflection or amplification DDoS attack scenarios, the legitimate infrastructure of the Internet is tricked into attacking innocent victims. These specific services are just two common examples of Internet services with vulnerable populations of millions of publicly accessible servers that can be easily co-opted as "bots-on-demand" without any security compromise needing to have taken place in advance of the attack. These innocent servers are just sitting out there, waiting to be called into action to attack at a moment’s notice. Based on reports outlining details of the TeliaSonera takedown, it appears as though some kind of massive amplification attack rendered their services inaccessible for extended periods of time.

As these DDoS attacks have confirmed once again, no single company, organization or government is up to the task of securing the Internet.  However, it is encouraging to learn that Swedish postal and telecoms regulator, PTS is organizing efforts to collaborate with telecommunications operators in early 2015 to engage in a dialogue to identify further remediation and protection against these types of attacks in the future.

In order to implement proper protection against DDoS attacks with the performance and scale required by carrier networks, a new architectural approach to DDoS and volumetric attack mitigation will be required. It is no longer sufficient to think in terms of attack mitigation performance in the 1-2 Gbps range. Service providers will need to provide this capability across multiple 40G and 100G links. Fortunately, there have been a number of recent technological improvements utilizing both purpose-built and high-performance security appliances. That means they can be utilized to instantiate arrays of DDoS mitigation engines that can scale into the Terabit range -- designed to offer real-time protection against these evolving threats.

You May Also Be Interested In: