Last week over 200 organizations in Belgium, including the Brussels and Antwerp police agencies, Belgium’s Parliament, Brussels transit company, and many other government, education, and scientific organizations, were impacted by distributed denial of service (DDoS) attacks that significantly disrupted online business and prevented some government meetings. According to ZDNet.com, “The attack targeted Belnet, the government-funded ISP provider for the country’s educational institutions, research centres, scientific institutes and government services – including government ministries and the Belgian parliament. Some debates and committee meetings had to be postponed as users couldn’t access the virtual services required to take part.” ZDNet reported that all the organizations affected by the attack were associated with the Internet Service Provider (Belnet), but another report by ThreatPost indicated that two other telecommunications companies, Telenet and Proximus, were also targeted.
Critical infrastructure should be protected
The attacks are noteworthy for three reasons: they were long, lasting approximately two days, some of the victims were critical national infrastructure organizations, and they were directed at ISPs. Two days of downtime for any organization is more than an inconvenience to its employees and the people they serve; but two days may seem like an eternity for government agencies. These attacks are a prime example of how important it is to protect the networks of government and municipal agencies. We may never know the full ramifications or ripple effects of that downtime, in terms of cost to taxpayers, valuable time lost for the law enforcement agencies, or the political system.
Fortunately, no data breaches have been reported in association with the attacks, but it is possible that the cybercriminals were trying to exploit other cyber vulnerabilities in those organizations or exploring ways to do so in the future. Last but not least, the ISPs may be liable for some failure to meet their service level agreements (SLAs), which may incur direct costs, as well as suffering longer-term brand and reputational damage. It is possible that the agencies and the ISPs may face fines, or at least a considerable amount of scrutiny and paperwork, in relation to their compliance with the European Union’s Directive on Security of Network and Information Systems.
The attacks were sourced in 29 different countries, which is not surprising, since the botnets that are often used to launch these typically span multiple regions. The perpetrators are currently unknown, although one may hope that with a lot of luck and perseverance international law enforcement agencies may be able to track them down. In this age of cybercrime, it is often difficult to determine whether an attack is the act of a lone wolf trying to create mayhem, or an act of cyber warfare.
Multi-vector attacks are common
It is no surprise, to those in the industry, that the cybercriminals kept changing their tactics, making it even more difficult to detect and block these damaging attacks. Cybercriminals commonly use multi-vector attacks to evade detection and mitigation. If the defense systems in question relied on human intervention to mitigate the attacks, it was a lost battle from the beginning, because security analysts simply cannot react fast enough to the rapidly changing vectors and typically lack the tools to mitigate them, without impacting, or completely blocking, legitimate traffic. The best solution to this problem is to have always-on, automated, real-time DDoS mitigation that can detect and block all types of attacks, including multi-vector.
Corero research has shown that DDoS attacks are often not “one-off” events; unfortunately for victims, once targeted, they will likely be attacked again and again, if not within 24 hours, then with a reasonable degree of certainty within the following three months. Let’s hope that Belnet and other ISPs can quickly adapt their cybersecurity posture to be more resilient and prevent another such round of attacks.