Belgian Parliament and Universities Rocked by a Massive DDoS Attack

Belnet, the Belgian internet provider, came under a large scale cyber attack on 4th May 2021. It hosts the websites of the country’s government, universities, scientific institutions and police.

The report published by EuroNews revealed that hackers launched a DDoS (Distributed Denial of Service) attack. This attack was intended to disrupt the internet availability of some online services. In a Volumetric DDoS attack like this one, this is done by overloading the servers with false data.

The attack on Belnet cut-off all of the company’s customers from the internet in different measures. Some were completely cut-off, some only partially. Many users couldn’t access the online services of certain administrations due to this attack. Even students were unable to access their universities’ online services.

The International Angle

Some people are also viewing this from an international politics angle. This attack took place just a day before the day when the Belgian Parliament was due to discuss the persecution of Uyghurs in China.

The scale of attack is huge as it covers around 200+ Belgian institutions which includes COVID-19 reservation app, tax filing services, and other such essential services.

According to ZDNet, Belnet has stated that the intent of the threat actors was only disruption of services as there has been no data breach or theft of any kind. Moreover, the attackers have not even tried to infiltrate the network, they have just flooded it with traffic.

Belnet is still investigating the attack to find a lead on perpetrators. Along with this, they have also filed a complaint about this attack with the Federal Computer Crime Unit (FCCU).

Also, it’s not the first time that a DDoS attack has hit national institutions. For instance,iIn September 2020, a massive DDoS attack hit Hungarian Banks and Telecom Services.

But a DDoS Attack Can Cause Damage in More Ways than One

Unlike the attack on Belgian institutions mentioned in this blog, a DDoS attack in general can be far more devastating having multiple implications. Some of these far reaching varieties of impacts are mentioned below:

1. A Smokescreen DDoS attack can pose a risk to the network security of an organization as attackers can easily infiltrate the network using such an attack.
2. In many cases, a DDoS attack is a prelude to a ransomware attack. Cyber attackers exploit the vulnerabilities present in the network and install a malicious software in order to launch a ransomware attack on the organization.
3. DDoS attacks may also be responsible for data breaches and data thefts which can result in reputation and financial losses for organizations.

Moreover, DDoS attacks are expected to grow in the year 2021. Here is a graph representing the projections for 2021 with regard to growth of DDoS attacks:

Bars - DDoS Attacks; Red line - attacks over 50 Gbps (Source - Security Boulevard)

So, the graph clearly shows that DDoS attacks are not going anywhere soon. Moreover, it tells us that organizations need to be prepared to defend this particular cyber attack vector. Now the question arises, how do we prevent DDoS attacks? Well, listed below are some of the prevention methods an organization can take up.

Prevention of DDoS Attacks

1. IDS and IPS: Intrusion Detection System (IDS) and Intrusion Protection System (IPS) work together to prevent DDoS attacks. IDS is a software application that monitors systems or networks for any malicious activity. IPS is a threat prevention or network security system that examines the network traffic flows which helps in detecting and preventing vulnerability exploits.
2. Traffic Scrubbing: Traffic scrubbing is a common DDoS mitigation technique in which the traffic routed to a particular IP address is redirected to data centres. At these data centres, the attack traffic is cleaned or ‘scrubbed’ and is then sent to the targeted IP address.
3. Securing the Network Infrastructure: Mitigating the threat to network security by using firewall, VPN, load balancing, content filtering and other techniques. This simultaneously helps in securing the network infrastructure of the organization.
4. Monitor the Early Symptoms: It is essential for an organization to monitor the early symptoms of a DDoS attack. A network slowdown, temporary loss of connectivity on company intranet, or intermittent website shutdowns can mean that there is a DDoS attack on the network being processed at that point in time. Any prolonged network loss can point towards this.
5. Security Awareness Training: Organization’s employees should be trained in order to develop a better understanding of the overall cyber security threat posture and response methods. A great number of cyber security threats can be avoided by strengthening the first line of defense i.e the workforce. For this purpose, organizations can use security awareness tools like ThreatCop which use a combination of simulation campaigns and engaging awareness content for imparting knowledge. An employee can make or break the cyber security plan of an organization.

Conclusion

As it can be seen, a DDoS attack can bring down national institutions with high grade security measures in place if successful. Therefore, it is advisable to be alert and proactive in dealing with a DDoS attack on the organization as these attacks can be damaging in a variety of ways.

As readers, what would be your advice for drawing a DDoS response plan for an organization? Please comment below.