South Africa is facing one of the largest cyber attacks it has ever seen, with banks, ISPs, and the government being targeted.
In the last two months:
- The City of Johannesburg fell victim to a cyberattack which led to its information systems becoming compromised, and its systems (including the website and billing) being such down. A ransom was demanded but the City is refusing to pay
- The banking industry was hit by a wave of DDoS attacks targeting consumer-facing services
- ISPs were hit by a number of DDoS attacks, as previously reported in My Tech News. In September, Cool Ideas and Atomic Access suffered an attack that severely affected their services; in October, Cybersmart was hit by a large DDoS attack which caused intermittent connectivity over two days; and recently Afrihost, Axxess, and Webafrica were hit by a very large DDoS attack which affected DSL and fibre subscribers
Parmi Natesan, CEO of the Institute of Directors in South Africa (IoDSA), told MyBroadband that “these attacks should serve as a wake-up call to companies” – who may not be taking adequate steps to protect themselves.
Internet service provider (ISP) Cool Ideas was hit by a second distributed denial of service (DDoS) attack in as many weeks on Saturday.
The first attack took place on 11 September and knocked the provider out for more than eight hours.
Cool Ideas then put a number of measures in place to mitigate these attacks; however, the second attack, on 21 September, was more than four times the size.
Below are highlights of the events that took place:
- Cool Ideas posted a notice to its website at 14:00 on Saturday to inform clients that it was being hit with another distributed denial of service attack (DDoS)
- It seemed that the cybercriminals were watching for announcements from the ISP, as the attack then increased in intensity
- DDoS attacks work by using “zombie” devices, which fake or “spoof” the amount of traffic on a given network
- DDos attacks do not have a specific target – the idea is merely to do reputational damage
- The attack occurred across the whole IP space, changing over time to use different ports and protocols
- One aspect of the attack was DNS amplification or DNS reflection attacks. A poorly configured Domain Name System (DNS) is used to flood computers with network traffic. The high volume of fake traffic prevents the computer from being able to carry out legitimate commands and the website appears to be offline
- The sheer size and distribution of the attack made it as effective as it was
- It is not known who attacked the ISP nor what the motivation for doing so was
Internet service provider Cool Ideas yesterday suffered a distributed denial of service (DDoS) attack, which affected all customers on their network.
The attack lasted almost four hours. Customers experienced intermittent connectivity loss and degraded performance during this time.
In a statement issued last night, the company did not have an exact time to resolution. By this morning, however, the issue affecting the Cool Ideas network has been mitigated.
What is a DDoS attack?
Accoding to CloudFlare, a DDoS attack is defined in the following way:
“A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt normal traffic of a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic. DDoS attacks achieve effectiveness by utilizing multiple compromised computer systems as sources of attack traffic. Exploited machines can include computers and other networked resources such as IoT devices. From a high level, a DDoS attack is like a traffic jam clogging up with highway, preventing regular traffic from arriving at its desired destination.”