Posted on September 25, 2019 at 4:46 PM
A DDoS attack on a South African internet service provider left several of its clients in the dark. The attack took place over two days between the 21st and 22nd of September.
Hackers targeted Cool Ideas, one of the largest ISP providers in the United States. The hackers made use of a technique called carpet bombing to facilitate the DDoS attack on Cool Ideas’ system. The hackers succeeded in bringing down Cool Ideas’ external connections to other service providers.
The attack resulted in Cool Ideas’ clients failing to access connectivity and receiving degraded performance throughout the weekend. All access to international services or websites was lost due to the DDoS attack.
After the first attack, the hackers kept tabs on how the ISP would handle the matter. After Cool Ideas had successfully dealt with the DDoS attack on its system, a second attack followed within minutes of the system coming back up.
The ISP’s servers were brought down again. Yesterday, on the 24th of September, Cool Ideas was the victim of another DDoS attack. This attack was not aimed at its system but rather on its website.
The information about the latest attack was provided by a source who refused to be named, but they provided evidence of the attack.
The attacks on Cool Ideas are different from ordinary DDoS attacks that are focused on a critical server in a network. The hackers in these attacks sent junk traffic to random IP addresses associated with Cool Ideas’ system.
This means that all of Cool Ideas’ customers received some junk traffic from hackers. The junk traffic wouldn’t be enough to bring down each customer connection, but collectively, the traffic overwhelmed the servers on the provider’s network border. When these servers went down, they took down all external connectivity for the network.
The hackers knew that mitigation solutions on the network would have revealed a simple DDoS attack on Cool Ideas servers. These solutions would have dealt with the junk before it could affect the system in any way.
Aiming the attack at all IPs associated with the network rendered the mitigation solutions useless. The solutions do not work when they see high levels of traffic heading to the company’s different customers.
DDoS carpet bombing is not a new technique used by hackers. These attacks have been documented for many years, but since 2018, there has been a spike in the use of carpet bombing. Netscout researchers say that the recent spike has been influenced by the proliferation of DDoS-for-hire services and DDoS botnets.
ISP’s susceptible to DDoS attacks
ISPs regularly suffer from DDoS attacks because the structure of their networks makes it easy for hackers to launch such attacks successfully. These attacks can result in a nationwide loss of connectivity in some cases.
Tucker Preston, a network security researcher, said that these attacks are generally successful enough to cause network-wide prolonged slowdowns or disruptions.
Preston added that these attacks may come during peak browsing hours to frustrate users. The network slows down considerably, and this affects how much access users have during these peak periods.
Some hackers are determined to cause as much customer dissatisfaction as possible. The result of this is loss of business for the ISP and bad publicity which affects the perception of any future customers.
The attack on an ISP does not have to last for an entire day for it to have the desired effect. Attacks during peak browsing hours have been known to cause as much damage.
Customers who need network connectivity for real-time applications such as gaming can be significantly affected by connection downtime of as little as 5 minutes. ISPs are working on ensuring that they prevent any form of DDoS attack, no matter how short it may be.
Many ISPs have employed mitigation solutions to prevent the effects of these DDoS attacks. One of the measures used is the DDoS Open Threat Signaling (DOTS) protocol. This helps the network sinkhole any bad traffic aimed towards any of the network’s members before it reaches the intended target.
ISPs and large data companies need to employ mitigation solutions and tools to protect their systems from attacks. If upgrades to systems’ security are not made, these companies run the risk of suffering from carpet bombing or any other form of DDoS attack. Despite all the security that exists today, carpet bombing is a present threat and it needs to be dealt with.