Due to a massive Distributed Denial of Service (DDos) attack which hit South Africa last week and which was initially thought to have been targeting South African Banks, numerous Internet Service Providers (ISP)s have subsequently reported service outages.
MyBroadband reported on Sunday, 27 October 2019 that several services providers, namely Afrihost, Axxess, Webafrica and Liquid Telecom were suffering from intermittent connectivity issues. Afrihost CEO Gian Visser commented that “It looks like the attacks are destined to several networks advertised by Liquid Telecom and are not specific to Echo or Afrihost”.
Liquid Telecoms confirmed on Sunday at 22:40 that the attacks were successfully mitigated. Andrew Alston told MyBroadband they’d measured in excess of 100Gbps of fake traffic during this Distributed Denial of Service attack.
Although the attack was mitigated, some of the service providers are still experiencing ongoing connectivity issues. Afrihost today, 28 October 2019, is still reporting intermittent connectivity on their website for all their major internet services – see Afrihost network status
What are DDos Attacks?
Unlike data breaches, Distributed Denial of Service (DDoS) attacks aim to disrupt rather than steal information. The threat actor uses previously compromised devices, known as bots, to flood servers, networks or services with fake traffic, inevitably overwhelming it. Once the device or service is overwhelmed, valid user requests cannot be processed, rendering the attack successful. The bots can be any device on the internet from IOT devices like routers or cameras to fully-fledged web servers, or even cell phones. IOT devices alone have already grown to almost 20 Billion worldwide.
The goal of these attacks is to exhaust the resources of the target, causing service disruptions like seen with the recent attempts on South Africa’s banking sector. Unlike data breaches, DDoS attacks are easily detected and do not involve information theft. In most cases, the traffic is picked up by the ISP and blocked, but even their services can be overwhelmed if the attack is big enough.
DDos Attacks have become more prevalent in South Africa and will continue to plague ISPs and other companies in the future. These types of attacks are not likely to be go away any time soon and will only continue to grow.