[ad_1]
However, the situation in the media market is constantly changing: if you want to support quality business journalism and want to be part of the Portfolio community, subscribe to Portfolio Signature articles. Know more
Who was attacked?
According to Magyar Telekom, the case that came to light the other day is an attack of outstanding size in its volume and complexity, the removal of which took time, so its effect was also noticeable to a small extent for clients. The hackers’ targets were primarily financial institutions, but the Magyar Telekom network was involved in the attack and service was interrupted for a short time in some areas of Budapest.
OTP Bank only responded to our question, “On Thursday, a surge attack was launched against telecommunications systems that serve some of the banking services. We thwarted the attempt – together with Telekom, which is also involved in the case – and that afternoon the short-term disruption to some of our services was removed. And Magyar Telekom has responded so much to our question about the details of the attack that they do not want to reveal any more details than the information contained in the previously issued announcement.
Typically, when attackers target a bank, for example, they attack its infrastructure, so it is the infrastructure provider that can defend themselves in this situation, said East Arthur cybersecurity expert, founder and president of the Voluntary Cyber Defense Cooperation (KIBEV). More importantly, if the targets have a protection solution or service that can detect and handle the congestion attack. Today, most infrastructure providers have such a tool that detects the attack first and then reduces the force of the attack by separating useful and unhelpful traffic and other technology solutions. According to the expert, the acquisition and maintenance of such a protection device costs a significant amount, and since the customers in general also pay this cost in the end, the management can also venture to a reasonable extent when building the protection.
How big could the attack have been?
Today, the most serious volumetric congestion attacks, that is, that consume bandwidth, are already A data transfer rate of 100 gigabits per second is also achieved. Although we have seen several terabit attacks this year, Amazon’s servers have been running at 2.3 terabits per second. In 2018, attempts were made to cripple GitHub at the peak of the attack at 1.35 terabits per second, and the previous record-breaking DDoS attack was carried out in 2016, making most of the top internet sites in the United States inaccessible at data rates of 1.2 terabits per second.
According to Magyar Telekom, the size of last week’s attack in Hungary was “ten times the average number of attacks by hackers using similar methods, making it one of the largest domestic attacks of all time in terms of size. and complexity “.
Although it has not been revealed how much bandwidth it actually covers, it is very likely that the attack can already be categorized as “more serious”, which means that it could fall into the category of tens or even 100 gigabits / second.
Another type of congestion attack occurs when a service provider is not simply bombarded with a large amount of bandwidth, but with a large number of packets, so that the devices cannot tolerate small packets. Likewise, the use of amplified attacks is becoming more and more common, both of which are mentioned, which, by some mistake, makes the attack intensify: “it’s a bit like a microphone, if you ‘listen’ to yourself it will it starts to swell, ” he explains. the expert.
Who could have done it?
In the case of surge attacks, it is especially difficult to determine who may have committed them. Even if someone carries out the attack, it is not possible to know if the trigger for the attack is actually present or someone else. Kenneth Currin Schuchman, one of the creators of Satori Botnet, was sentenced in the summer and 18 months to public service in the United States. However, punishing perpetrators who have already been detected does not appear to deter cybercriminals from carrying out more DDoS attacks.
As is clear from Telekom’s announcement, the multi-wave series of attacks reached Hungary via various foreign servers, mainly from Russia, China and Vietnam. This in itself doesn’t reveal much about the attackers’ motivations, nationality and identity, only that it is likely that they were professional hackers capable of mobilizing an extensive global network. Today, hackers not only attack with an “army” of infected computer networks built by themselves, that is, with a botnet, which they can activate at the touch of a button in such an action, but they can even rent one from illegal markets and platforms.
However, they cannot steal data with an overload attack alone, according to Telekom. “Intrusion attempts” were also prevented, meaning that offloading operators are likely to listen in and deter other suspicious activities.
What comes next?
What happens now can also change from one attack to another: the attack can continue, repeat, intensify, change sectors, it all depends on what the attackers intend. And it can also happen that this attack is not repeated.
This situation looks a bit like what COVID has caused in the world: this threat is here, it will probably last a long time, there is no perfect defense against it, but that does not mean that you should not have to defend yourself all the time and sacrifice money. for her.
The mere fact that Hungary may be affected by attacks of this size today means that companies must also devote more resources to defense and constantly reassess their risks, Keleti emphasizes.
[ad_2]