Government Faces Massive DDoS Attacks Following Protests


Earlier this year, in a country populated with over 50 million people, a series of protests began due to higher taxes, corruption and a healthcare reform proposed by the government. Although the government authorities had anticipated the protests would be widespread, no one suspected that a massive DDoS attack would be launched on multiple assets of the government’s networks with the intent of bringing it down. Shortly after the attack began, a notorious group of hackers came forward and claimed responsibility for the three-wave attack lasting two weeks.

First Wave of Attacks: Hit by Surprise

The first wave of the attack came as a surprise to the government. The wave hit 9Gbps in only 30 seconds using highly sophisticated vectors. (see fig. 1)


The government has been a Radware client for over eight years and had multiple Radware DefensePro devices installed on-premise in all of its data centers. The devices were properly functioning and successfully mitigated several attacks in the past, but the government had no idea when the attack would dissipate and the maximum volume it would reach.  In parallel to the ongoing on-premise mitigation, they immediately reached out to Radware’s ERT (Emergency Response Team) to get additional assistance and ensuring their company was safeguarded. The ERT proposed an emergency onboarding of Radware’s Cloud DDoS Protection Service in an Always-On mode to be completely covered. Two hours later all government traffic was diverted to one of Radware’s 14 global scrubbing centers. The traffic was diverted in an always-on mode, meaning all network traffic is constantly inspected and scrubbed before continuing to the destination data center.

Figure 1

[Like this post? Subscribe now to get the latest Radware content in your inbox weekly plus exclusive access to Radware’s Premium Content.]

Unsuccessful Mitigation by Local ISP

In parallel to contacting Radware’s ERT, the government decided to contact their local ISPs, requesting them to start blocking some of the attack traffic on their end before it would reach the government’s data centers. The two ISPs (leveraged DDoS mitigation solutions fromNetscout and Corero) agreed to assist but unfortunately could not mitigate the attack traffic before it reached the Radware devices in a matter of the seconds the traffic was cleaned and there was no impact on the network.

Government Fully Prepared for Next Waves of Attacks

Less than 10 hours later, the second wave assault began (see Figure. 2). This time, five minutes into the attack, the volume reached 135Gbps. As all of the traffic was already diverted to Radware’s cloud scrubbing center, the government had no impact whatsoever on its network. This repeated itself during the third wave, which started a few days later.

Figure 2

[You may also like: Top Cybersecurity Challenges Facing Government Agencies]

You Can Never Be Over Prepared

After eight years of being a Radware client leveraging on-premise devices, the government now has a hybrid deployment covering all its assets. The solution combines on-premise attack mitigation with a cloud scrubbing service available on-demand to mitigate volumetric attacks that aim to saturate the internet pipe. The two mitigation methods work in perfect harmony, with innovative messaging technology that runs the communication between the appliance and the cloud service. If there is one thing to learn from what happened to this government’s network, it is better to be safe than sorry.

Download Series 1 of Radware’s Hacker’s Almanac 2021.

Download Now

Eva Abergel

Eva is a Product Marketing Manager in Radware’s network security group. Her domain of expertise is data center protection, where she leads positioning, messaging and product launches. Prior to joining Radware, Eva led a Product Marketing and Sales Enablement team at Elmo Motion Control - a global robotics company - and worked as an engineer at Intel. Eva holds a B.Sc. degree in Mechatronics Engineering from Ariel University and an Entrepreneurship Development certificate from the York Entrepreneurship Development Institute of Canada.

Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Locations
Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support
Join the Radware Customer Program

CyberPedia

An Online Encyclopedia Of Cyberattack and Cybersecurity Terms

CyberPedia
What is WAF?
What is DDoS?
Bot Detection
ARP Spoofing

Get Social

Connect with experts and join the conversation about Radware technologies.

Blog
Security Research Center