(Ddos) Attacks

Core Infrastructure Protection from Distributed Denial-of- Service (DDoS) Attacks

Uldis Lībietis Tet Chief information security officer

Restricted access information Corporate structure

Republic of Latvia 51% 49% Telia Company

Citrus Solutions T2T Helio Media Baltic Computer Academy Data Experts 35% Overkill Ventures Brand structure Tet

Technology Brand Entertainment Brand

Tet Data Centres: Tet GDPR Consultations Helio Media Helio iTV Cloud Services Contents (360TV, STV, Broadcasts) Virtual Platforms Electricity Advertisements Helio vTV IT Solutions, IT audit Technology Local Content Shortcut Tet SOC Tet Internet for business Baltic eSports League Internet for HyperTown RIX, TLL Entertainment Tet IT security Tet is a Backbone of Latvian internet with more than 54% of internet connections

Western Europe and CEE telecommunication market matrix

Restricted access information Todays to-do list

• Overview about last years • Cybersecurity challenges within ISP • DDoS is getting smarter • Our approach • What to do next

Restricted access information Most of you have seen this

Restricted access information Image Source: TrendMicro DDoS services of your choice Examples from Latvia

Government institutions News portals Private Critical services Mass services Enterprises

Restricted access information What about Tet?

Restricted access information DDoS on Tet core infrastructure

59,5 75% Gbps Home max! users

350 1995 1556 1072 1042

2016 2017 2018 2019* Stopped attacks Expected Q4 2019

Restricted access information • Rate limit access lists on BGP level • Advanced IPS/IDS on enterprise level • Full Flow investigation on application level • NBA, AI, ML for advanced automation

Restricted access information Tet Cybersecurity Services in progress

DDoS Lattelecom Virtual FW and UTM (SD- SOC as Protection Endpoint WAN) Service Oct (2014) Protection Jul (2019) (Oct 2019) May (2018)

2014 2018 2019 2020

Vulnerability IT/GDPR Audit Vulnerability and SIEM as Next gen DDoS Management Jan (2018) Penetration Services Service Protection Services Nov (2018) Jun (2019) Q1 (2020) Jan (2018)

Restricted access information DDoS events per year 42158

10000

11085 9242 33210

2016 2017 2018 2019* DDoS events Expected Q4 2019

Restricted access information Restricted access information DDoS events per year 42158

10000

11085 9242 33210

2016 2017 2018 2019* DDoS events Expected Q4 2019

Restricted access information What happened in 2018?

Restricted access information LV internet users involved in DDoS

7000 17432

21932 1582 487

2016 2017 2018 2019* Outgoing DDoS events Expected Q4 2019 Restricted access information Restricted access information Typical outgoing DDoS

• Attackers group size 100

300 • Traffic from one group Mbps

• Attack duration, minutes 1,5

• Task shift between groups YES

Restricted access information Extreme outgoing DDoS values from Latvia

• Attackers group size 2000

2,6 • Traffic generated Gbps

• Attack duration, minutes 5

• Multiple attacks a day YES

Restricted access information Restricted access information Recent DDoS Attacks Rattle Online Poker Industry The typical DDoS poker cheating technique targets a specific user

Exchanges for the digital currency Bitcoin have often been the target for attacks Sometimes with the intention of stealing money directly, other times simply to induce investor panic

Restricted access information Hackers are getting smarter

Restricted access information Challenges for the future

• DDoS still alive and growing • Smarter attacks • Local attackers – geo filtering will not work • IoT expansion – more vulnerable devices • Industrial security • AI/ML expansion for better attack planning

Restricted access information In case of attack • Don’t panic • Have a communication plan • Identify attack • Know your recourses and weaknesses • Mitigate attack by using anti-DDoS solutions If you can't do it yourself, hire a partner

Restricted access information We will manage your IT Security

Restricted access information Restricted access information Tet IT Security

Thank you!

Restricted access information Meet us @ Riga Comm – 10.10.2019

DSS ITSEC – 17.10.2019

Payment Market Conference - 24.10.2019

Restricted access information