Luxembourg government servers forced offline by DDoS attack
Luxembourg government servers forced offline by DDoS attack

Authorities in Luxembourg have said that government servers had come under a DDoS attack on Monday.

According to reports from the Luxemburger Wort, the attack started at 9.30 am, forcing the web servers of many state authorities offline or difficult to reach. Just over an hour later, the state-owned IT operator "Centre des Techniques de l'information de l'Etat" (CTIE) sent a message via Twitter, to confirm that the network was the victim of a DDoS attack.

Reports by Luxemburg publication Paperjam said that over a hundred servers had been affected by the attack and that the attack impacted servers for more than 24 hours.

Gilles Feith, chief of the CTIE government IT centre, said that this was the first-time Luxembourg authorities had been targeted to such an extent but could not confirm the origin of the attack.

"Before it gets back to normal, it may take some time to wait," said Feith, adding it may take "a few hours or even days."

Stephanie Weagle, VP, Corero Network Security, told SC Media UK that DDoS attacks have become many things over the last decade; weapons of cyberwarfare, security breach diversions and service impacting strategies.

“The motivations for these attack campaigns are endless – financial, political, nation-state, extortion and everything in between,” she said.

Weagle added: "Continuing to rely on traditional IT security solutions, and or human intervention to deal with the growing DDoS epidemic will continue to prove devastating to businesses. As recent events have confirmed once again, proactive, automated protection is required to keep the Internet connected business available in the face of DDoS attacks.”

Pascal Geenens, Radware EMEA security evangelist, told SC Magazine that these days anyone has access to booter or stresser services or DDoS-for-hire.

“Services are available on the Darknet as well as on the Clearnet and for just a couple of Euros one can launch a DDoS attack by a click of the mouse,” he said.

Geenens added the release of the Mirai source code last October was a turning point. “We saw a huge rise in the number of botnets leveraging IoT devices (mostly IP cams and residential routers) and attacks grew in size. A 1Tbps attack should not come as a surprise today, the potential certainly is there.”

He said the motivation behind DDoS attacks can be many things, combined with the user-friendly experience and low price provided by the services to perform them, the spectrum of motivations is only widening.

“The main drive of most cyber-crime is still money, we have witnessed countless cyber-ransoms leveraging DDoS. This attack could be precursor of a larger RDoS. Attackers typically provide some proof they have the ability to interrupt the service, which is typically followed by a message with a demand for ransom and if the victim does not pay there will be an ultimatum followed by a much larger and longer attack.”

Geenens said the number and size of DDoS attacks is growing and we do not predict this trend will slow in the near future.

“My advice to any online business or government, it is five past 12, everybody is a potential target. Make DDoS protection a priority. UEBA is another technology that should be part of the strategy for organisations that carry important or sensitive information.”