Core Infrastructure Protection from Distributed Denial-of- Service (DDoS) Attacks
Uldis Lībietis Tet Chief information security officer
Restricted access information Corporate structure
Republic of Latvia 51% 49% Telia Company
Citrus Solutions T2T Helio Media Baltic Computer Academy Data Experts 35% Overkill Ventures Brand structure Tet
Technology Brand Entertainment Brand
Tet Data Centres: Tet GDPR Consultations Helio Media Helio iTV Cloud Services Contents (360TV, STV, Broadcasts) Virtual Platforms Electricity Advertisements Helio vTV IT Solutions, IT audit Technology Local Content Shortcut Tet SOC Tet Internet for business Baltic eSports League Internet for HyperTown RIX, TLL Entertainment Tet IT security Tet is a Backbone of Latvian internet with more than 54% of internet connections
Western Europe and CEE telecommunication market matrix
Restricted access information Todays to-do list
• Overview about last years • Cybersecurity challenges within ISP • DDoS is getting smarter • Our approach • What to do next
Restricted access information Most of you have seen this
Restricted access information Image Source: TrendMicro DDoS services of your choice Examples from Latvia
Government institutions News portals Private Critical services Mass services Enterprises
Restricted access information What about Tet?
Restricted access information DDoS on Tet core infrastructure
59,5 75% Gbps Home max! users
350 1995 1556 1072 1042
2016 2017 2018 2019* Stopped attacks Expected Q4 2019
Restricted access information • Rate limit access lists on BGP level • Advanced IPS/IDS on enterprise level • Full Flow investigation on application level • NBA, AI, ML for advanced automation
Restricted access information Tet Cybersecurity Services in progress
DDoS Lattelecom Virtual FW and UTM (SD- SOC as Protection Endpoint WAN) Service Oct (2014) Protection Jul (2019) (Oct 2019) May (2018)
2014 2018 2019 2020
Vulnerability IT/GDPR Audit Vulnerability and SIEM as Next gen DDoS Management Jan (2018) Penetration Services Service Protection Services Nov (2018) Jun (2019) Q1 (2020) Jan (2018)
Restricted access information DDoS events per year 42158
10000
11085 9242 33210
2016 2017 2018 2019* DDoS events Expected Q4 2019
Restricted access information Restricted access information DDoS events per year 42158
10000
11085 9242 33210
2016 2017 2018 2019* DDoS events Expected Q4 2019
Restricted access information What happened in 2018?
Restricted access information LV internet users involved in DDoS
7000 17432
21932 1582 487
2016 2017 2018 2019* Outgoing DDoS events Expected Q4 2019 Restricted access information Restricted access information Typical outgoing DDoS
• Attackers group size 100
300 • Traffic from one group Mbps
• Attack duration, minutes 1,5
• Task shift between groups YES
Restricted access information Extreme outgoing DDoS values from Latvia
• Attackers group size 2000
2,6 • Traffic generated Gbps
• Attack duration, minutes 5
• Multiple attacks a day YES
Restricted access information Restricted access information Recent DDoS Attacks Rattle Online Poker Industry The typical DDoS poker cheating technique targets a specific user
Exchanges for the digital currency Bitcoin have often been the target for attacks Sometimes with the intention of stealing money directly, other times simply to induce investor panic
Restricted access information Hackers are getting smarter
Restricted access information Challenges for the future
• DDoS still alive and growing • Smarter attacks • Local attackers – geo filtering will not work • IoT expansion – more vulnerable devices • Industrial security • AI/ML expansion for better attack planning
Restricted access information In case of attack • Don’t panic • Have a communication plan • Identify attack • Know your recourses and weaknesses • Mitigate attack by using anti-DDoS solutions If you can't do it yourself, hire a partner
Restricted access information We will manage your IT Security
Restricted access information Restricted access information Tet IT Security
Thank you!
Restricted access information Meet us @ Riga Comm – 10.10.2019
DSS ITSEC – 17.10.2019
Payment Market Conference - 24.10.2019
Restricted access information