May 6, 2021
A massive distributed denial of service (DDoS) attack took down the websites of more than 200 organisations across Belgium, including government, parliament, universities and research institutes.
The DDoS attack started at 11am on Tuesday 4 May and overwhelmed the web sites with traffic, rendering their public-facing sites unusable for visitors, while the attack overwhelmed internal systems, cutting them off from the internet.
The attack targeted Belnet, the government-funded ISP provider for the county's educational institutions, research centres, scientific institutes and government services – including government ministries and the Belgian parliament. Some debates and committee meetings had to be postponed as users couldn't access the virtual services required to take part.
Belgium's central authority for cybersecurity, the Center for Cybersecurity Belgium (CCB), was contacted following the attack in order to help contain and resolve it. One of the reasons the attack was so disruptive was because those behind the disruption kept altering the techniques behind it.
"The fact that the perpetrators of the attack constantly changed tactics made it even more difficult to neutralize it," said Dirk Haex, technical director at Belnet.
A day on from the DDoS attack, an update from Belnet said its services are available again but that the service provider is remaining vigilant about potential follow-up attacks.
"We are fully aware of the impact on the organizations connected to our network and their users and we are aware that this has profoundly disrupted their functioning," said Haex.
A DDoS attack is designed purely with the intent of disrupting web sites and services by taking them offline by overwhelming them with an excessive amount of traffic.
In many cases, DDoS attacks will exploit servers, computers and Internet of Things devices that have been taken control of by cyber criminals and roped into a botnet – an army of devices controlled by cyber attackers – using that traffic to overwhelm the capabilities of the target to the extent it becomes inaccessible for anyone.
The intent of the attackers is purely disruption and Belnet have stated that there's been no data breach or theft of data as a result of the attack, nor did cyber criminals infiltrate the network – they just overwhelmed it with web traffic.
According to Belnet, it's unclear who was behind the attack, but the network provider is investigating it. Belnet has also filed a complaint with the Federal Computer Crime Unit.