The cybersecurity situation in Estonia in 2023 was affected by increased attempts by criminals and political groups to congest the internet traffic devices of businesses and organizations with DDoS, or distributed denial-of-service attacks, Margus Vaino, head of cybersecurity at Telia Estonia, said.
“Statistics by Telia Estonia and the Information System Authority (RIA) show that, especially in recent months, the volume of DDoS attacks has increased three to four times,” Vaino said in a press release on Tuesday.
On average, more than a couple of hundred DDoS attacks are carried out against Estonian companies every month.
In broad terms, there are two types of such attacks. The goal of a typical DDoS attack is to congest the entire data channel along with all the information moving through it. However, in recent times, there has been an increase in Layer 7 DDoS attacks, which aim to congest a specific web server.
Layer 7 DDoS attacks usually target businesses that heavily rely on the functionality of their web environment, as well as the public sector and providers of essential services. These attacks have become so extensive that organizations which do not have DDoS attack protection in place cannot do anything to counter such attacks themselves. Therefore, effective cybersecurity measures have become vital for companies.
Most commonly, these attacks target the data connection ports 80 and 443, which are used by web browsers. This type of DDoS attack typically involves rapid and consecutive connection resets directed at the servers of the targeted service or website.
According to Vaino, attackers use special methods to do this, constantly creating new connections and then quickly disconnecting them. Such activity puts excessive load on the server resource. The attacks are not large in volume, mostly being in the region of 10-100 Mbit/s, but can sometimes reach 500 megabits per second.
“Since July, we have had a significant increase in the number of large-volume attacks, meaning more than 20 Gbit/s, and it remains high to this day,” Vaino noted.
Telia Estonia purchased special equipment to counter such attacks, and it has worked very effectively.
“Our experience so far shows that we are able to effectively protect companies against such attacks, so that customers do not even realize that they have been targeted by cyber criminals,” the head of cybersecurity at Telia Estonia said.
Criminals have adapted their tactics and are now attacking various web services with smaller targeted assaults. Since the second half of the summer, a new method for carrying out Layer 7 DDoS attacks, called “HTTP/2 Rapid Reset,” has been spreading globally. This method exploits a vulnerability in the HTTP/2 protocol, allowing for a high volume of dispersed DDoS attacks. As a result, last year’s attacks were three times more powerful than the previous year’s record. For instance, according to Google, they dealt with an HTTP/2 Rapid Reset attack that reached a volume of 400 million requests per second. Fortunately, such massive attacks have not occurred in Estonia.
“In recent months, as a new trend, attacks on our customers’ domain name system, or DNS servers have increased significantly. Such an action does not impair network traffic, but for the client, disrupting DNS servers results in the same outcome,” Vaino said.
He said the best protection against DDoS attacks against a web server is a web application firewall, or WAF, which is also offered to companies by Telia Estonia based on the managed service model. This is one of the most complex solutions, where multi-layered protection is created in one security device, and attacks on a website can be detected and countered effectively, with related logs and reports.
(Reproduction of BNS information in mass media and other websites without written consent of BNS is prohibited.)