Cool Ideas is battling a distributed denial of service attack which it says is the biggest it has faced so far.
On 23 November, Cool Ideas issued a notice to subscribers stating that it had limited the Domain Name System servers accessible from its network.
“Due to the issues that we are currently experiencing, please be aware that only Cool Ideas DNS, Google DNS and Cloudflare DNS will be accessible,” it said.
The most recent update from Cool Ideas was at 12:00, when it said that engineers were attending to the issue and there was no estimated time to resolve it.
Feedback from one of the company’s staff members on the MyBroadband forum was that international traffic cleaning services they use had mitigated attack bandwidth in excess of 120Gbps.
South Africa under attack
This distributed denial of service (DDoS) attack on Cool Ideas comes after a similar big attack brought the network to its knees recently.
Cool Ideas has been the target of several attacks over the past few months. The first attack to make headlines was on 11 September, and the second on 21 September over Heritage Day weekend.
The second assault was a type of DDoS attack known as a “carpet bombing” attack, where the Internet service provider’s individual customers were sent large quantities of garbage network traffic.
The traffic was not enough to flood the individual connections of Cool Ideas’ customers. However, the overall traffic on the network eventually added up to the point where the ISP’s core network infrastructure could not cope with the load.
It is a type of attack specifically used against organisations like ISPs with the aim of bringing down their whole network.
Data centre operators, web hosting companies, and large corporate networks – anyone who runs their own pool of IP addresses – are also examples of potential targets of carpet bombing attacks.
Cool Ideas is not the only ISP attacked in this way. South Africa has faced the largest cyber attacks it has ever seen, with banks, ISPs, and the government being targeted in 2019.
ISPs under attack
On 19 October, Cybersmart was hit by a large DDoS attack which caused intermittent connectivity over two days.
Afrihost, Axxess, and Webafrica were also hit by a very large DDoS attack which affected DSL and fibre subscribers.
The attack, which also targeted parts of Liquid Telecom’s network, measured in excess of 100Gbps. The attack was mitigated, but a new attack was launched on the ISPs’ upstream providers the following day.
Banks hit with DDoS attacks
On 23 October, the South African banking industry was hit by a wave of DDoS attacks targeting consumer-facing services.
These attacks were accompanied by a ransom note which was sent to publicly-available staff email addresses.
“Threat intelligence which has surfaced has revealed that this is a multi-jurisdictional attack, with entities from several countries being targeted,” the South African Banking Risk Information Centre (SABRIC) said.
While the DDoS attacks were disruptive, South African banks refuted reports that sensitive information had been compromised as part of the attack.