Belgian ISP Belnet has restored its service after a massive distributed denial of service (DDoS) attack earlier this week that cut off Internet access to numerous government, public, scientific and educational agencies, including Belgium’s Parliament and some law-enforcement agencies.
The attack occurred Tuesday at 11 a.m. (GMT) in Europe and affected “all the institutions connected to the Belnet network,” which number about 200, according to a statement published Wednesday on Belnet’s website.
Moreover, upon investigation, it seems the attack–a coordinated effort targeting the Belgium government–also affected other ISPs in what was the largest DDoS attack the country has seen, according to reports. Belgium is the headquarters of the European Union (EU) and thus a key hub of activity and decision-making that affects the global political and socio-economic landscape.
While Belnet restored service to its own network and website by Tuesday evening, the attack continues to have ongoing consequences, with some customers still unable to connect to websites and online services, according to Belnet.
“We are fully aware of the impact on the organizations connected to our network and their users and we are aware that this has profoundly disrupted their functioning,” Dirk Haex, technical director at Belnet, said in the statement.
However, the attack was “of such a scale that our entire network was saturated,” he said. “The fact that the perpetrators of the attack constantly changed tactics made it even more difficult to neutralize it,” Haex said.
No Sign of Intrusion
At this point there is no indication that cybercriminals have infiltrated the network of any of the institutions or organizations affected, as it appears the attack was aimed solely at saturating networks to disrupt traffic, he added.
Indeed, Belnet told news outlet VRT, which also was disrupted due to the attack, that it was the first time the service provider had been confronted with such a “gigantic data flow.”
The massive scale of the attack indicates that threat actors did not have Belnet in their crosshairs, but aimed to take down the network of the Belgian government, Geert Baudewijns, CEO of security company Secutec, told VRT. Secutec providers security services for the Belgian government.
“This was done via all telecom providers,” he said in the VRT report. “Providers such as Telenet and Proximus have also received this attack.”
Traffic flow that flooded networks in the attack came from some 29 countries, according to reports, although the original source or perpetrator of the attack has not yet been identified, according to Belnet.
Law Enforcement, Parliament Meetings Disrupted
The Brussels Times Wednesday reported on some of the specific and ongoing effects of the attack across Belgium’s public agencies. Belgium’s Parliament had to postpone several meetings due to the attack, according to the report.
The incident also took down access to online services for metropolitan police forces, such as those in Brussels and Antwerp, as well as the City of Brussels website. All have been restored as of Thursday morning in Europe.
The attack also caused problems for distance learning at several universities and colleges, which continue to offer online services due to the ongoing coronavirus pandemic, as well as caused ticket-purchasing problems with Brussel’s transit company, STIB.
Belnet, the Center for Cybersecurity Belgium and other authorities and security organizations are continuing to monitor and investigate the situation, and Belnet has filed a complaint with Belgium’s Federal Computer Crime Unit.
Join Threatpost for “Fortifying Your Business Against Ransomware, DDoS & Cryptojacking Attacks” – a LIVE roundtable event on Wed, May 12 at 2:00 PM EDT. Sponsored by Zoho ManageEngine, Threatpost host Becky Bracken moderates an expert panel discussing best defense strategies for these 2021 threats. Questions and LIVE audience participation encouraged. Join the lively discussion and Register HERE for free.