Posted on February 11, 2020 at 1:29 PM
Iran’s Internet Infrastructure Hit by Severe DDoS Attack
Recent reports reveal that Iran is under massive attack as 25% of its internet connectivity is down. The cyberattack has crippled a large portion of the country’s access to the internet, as national connectivity fell to 75%, according to the report.
NetBlock International Observatory, a security firm that tracks shutdowns and disruptions, discovered the attack on Feb 8. According to the observers, the internet connectivity in the country was severely disrupted as about 25% of the network was shut down during a severe cyber attack.
The real-time network data indicated that connection to the internet in the country fell after “Digital Fortress” was activated by authorities to try and isolate the incident. The isolation is to prevent further disruptions and attacks on other connected networks.
Attack observed after deployment of Digital Fortress
NetBlock said it discovered the connectivity problem after the Iranian government deployed the national cyber shield known as “Digital Fortress” to try and isolate networks and mitigate the attack.
NetBlock’s internet observatory confirmed severe telecommunications network disruption in the country, which lasted for several hours.
As the network data shows, there is a large drop in the connections to the internet, as many internet service providers in the country were hit. The disruption affected fixed and cellular line operators, which greatly reduced the number of internet-related activities in the country.
An hour after the disruption and shutdown, the observers said there was partial recovery. However, many of the affected networks were still shut down, but the government says it’s working seriously to return the network to their full capacities.
Iran’s infrastructure a target of highly organized attackers
In Dec. last year, Mohammad Javadi, Iran’s minister of telecommunications, revealed that there is a highly-sophisticated attack on the Iranian government’s infrastructure by the Islamic Republic. According to him, the cyber-attacks were highly organized and it could have been from a state-sponsored group.
Although NetBlocks revealed that the attack could have been caused by a state-sponsored group, Financial Tribune was of a different opinion. It stated that there is no evidence that would suggest the attack was caused by a state-sponsored group.
According to the Financial Tribune, even though the attack was a well organized one, there is no clear evidence that a state government-backed the attack.
The news agency reported that the destinations and sources of the attack were highly distributed, as it has discovered source IPs from North America and East Asia. According to the Financial Tribune, the only way this could be a government-sponsored attack is only when the attackers used these different IPs sources to mislead the victims to think it was coming from individual hacking syndicates.
In late October last year, security expert Azari Jahromi spoke at Cyber Security Summit about the achievements of Digital fortress in combating cybercrime. He said the Fortress has identified and nullified about 33 million cyber attacks in 2018. According to him, Digital Fortress has been employed to combat situations like this and the software has always delivered to prevent further infiltration into Iran’s infrastructure.
Some security experts said the internet disruption had affected some network operators. And officials at the ICT ministry had confirmed that the ministry used Digital Fortress to combat and mitigate some of the attacks orchestrated by a Distributed Denial of Service attack, commonly known as DDoS attack.
The attackers were able to disable some of the networks before attacking the country’s network.
Another confirmation by a spokesman for the Telecommunications Infrastructure Company revealed that, although there was a DDoS attack, the Dzafa Shield has was employed to normalize the attack.
IRAN faces multiple cases of cyber-attack
There had been multiple cases of cyberattacks in recent months in Iran. In some cases, the issue was a result of internal sources while in other cases, it’s basically from external sources.
In December last year, Iran reported that it prevented two attacks on its system within one week. When the government removed subsidies on fuel, the wide protests by the citizens led the government to block all access to the internet to prevent the online spread of images, videos, and news relating to the issue.