Dial Telecom a.s., one of the leading Czech providers of data and voice services, recently averted a massive DDoS attack of over 65 Gbps, which affected one of the clients in the Czech Republic. The AntiDDoS protection applied by Dial Telecom is so strong that the attack was eventually averted without any disruption to other traffic.
The primary target of the attack was the DNS server infrastructure. In addition, some other systems were also affected by the attack. Among others, the Dial Telecom website or our mailservers were temporarily down, which prevented us from informing you, our customers, in a timely and proactive manner.
The motivation for the attack was extortion - just before the attack we received several threatening and extortionate messages.
The attack started on the night of June 1, 2021 at 03:31 UTC (05:31 CEST) and lasted until 10:45 UTC (12:45 CEST). It was a distributed amplification attack that came into our network from multiple directions.
At peak times, we saw approximately 100 Gbps of malicious traffic on our network, but given the saturated links, it is likely that the attack was much stronger and some of the traffic terminated before the boundaries of our network.
The execution of the attack, its strength and nature were out of line with attacks we have seen in previous months, which we were able to undercut and eliminate so that they did not directly impact the functionality of services to our customers.
This is one of the reasons why some types of otherwise functional protection did not work as well as in the past and were only partially successful.
However, thanks to the measures taken in the past and thanks to the experience from past attacks, our specialists and technicians were able to successfully identify the type of attack very quickly and immediately start applying rules to eliminate it.
We have used all our capacities in the solution and we have also used the external support capacities of HW suppliers.
By taking successive corrective steps, during which we simultaneously retrieved and backed up the data necessary for further analysis, we were able to gradually reduce the attack's strength and restore the functionality of individual systems. Gradually, the malicious traffic ceased and we were able to return the network traffic to a normal and functional state.
During the afternoon hours of Tuesday, June 1, 2021, the first set of new security measures were deployed and fine-tuned, especially in relation to connectivity to foreign countries. Further measures were deployed on the night of 1-2 June 2021 and we will continue to apply them using information from the data collected.
In dealing with the aftermath of the attacks, we are of course also complying with the regulations under the Cybersecurity Act. In view of the ongoing investigation, we cannot yet disclose the content of the security measures taken or further technical details of the attack. We trust that you will understand this procedure.
Dear customers, we are very sorry for the inconvenience caused. We are fully aware of the seriousness of what happened and assure you that the resolution of this incident has been and continues to be of the highest priority for us.
In this context, we would also like to thank you for your understanding, patience and support. We appreciate it very much.
Thank you again and have a nice and peaceful day
Dial Telecom team