Internet Service Providers (ISPs) in South Africa were targeted with an unusually large number of Distributed Denial of Service (DDoS) attacks last month with media reports attributing these cyberattacks to organised criminal syndicates.
It’s not all bad news, however, as administrators at South Africa’s Internet Exchanges (INXs) are taking firm and co-ordinated action to join the global fight against DDoS attacks by creating a so-called ‘blackhole’ that will funnel identified DDoS traffic passing through the INXs into oblivion.
“The South African Internet will be better protected against DDoS attacks during the course of 2020 as local ISPs peering at JINX, CINX and DINX begin directing malicious traffic down a defensive blackhole,” says Guy Halse, co-chair of SA’s Internet Service Providers’ Association (ISPA).
For the uninitiated, DDoS attacks are the primary arrow in the quiver of today’s malicious hackers. As the term “denial of service” implies, a DDoS attack is a malicious attempt to disrupt the normal traffic of a targeted server, service or network by overwhelming the target with a flood of Internet traffic.
Hackers use multiple compromised computer systems as attack launchpads to prevent regular Internet traffic from arriving at its desired destination. Each infected connected device becomes a ‘bot’ that is linked up to other bots, creating a coordinated, remote-controlled ‘botnet’.
Victim websites are targeted by the botnet which transmits an overwhelming number of requests to the victim’s IP (Internet Protocol) address, resulting in a “distributed” denial-of-service to normal web traffic. Each bot is a legitimate Internet device which means separating the attack traffic from normal traffic is a challenge.
There are a number of types of DDoS attacks, but regardless of the specific type of attack, the goal is always disrupting normal service through traffic congestion and resource exhaustion in order to prevent legitimate users from accessing a target’s website. There is often a link to a ransom or some other illegitimate demand or purpose, such as targeting media houses or government entities.
South African Internet consumers can also play a part in safeguarding the local web. DDoS attacks require attackers to gain control of a network of connected devices.
“Being careful to always source apps from legitimate app stores while making sure to read the comments, permissions and terms & conditions of individual apps will help ensure users do not inadvertently download the malware that powers DDoS attacks,” advises Mr Halse.
“DDoS attacks are a clear threat to the entire South African Internet ecosystem and ISPA and its partners will continue to tackle this particular challenge with renewed vigour in 2020,” he concludes.
ISPA is a recognised Industry Representative Body (IRB) representing the interests of almost 200 small, medium and large Internet service and access provider members.