20 November 2018

The first time creates an indelible memory. This autumn the CSI Cloud service, well known for its reliability, got to be a collateral target of a Denial-of-Service attack.

Reports and news about cyber-attacks are so common that you tend to ignore most of them – unless cyber-security is your business or your dear hobby. The attacks do happen though, all the time and ever increasingly. For example, distributed Denial-of-Service attacks, DDoS, can be made even as a service – this gives the opportunity to attack without profound knowledge or skills. The motive of an attacker often does not seem to make much sense either: I recently read an article about a Finnish city’s services being attacked because of their youth center not accepting members older than 18!

Services Down – Accessible – and Down again

On a Friday evening in September, we got to experience at CSI the problems and nuisances Denial-of-Service attacks can cause. Just after noon, our customer support started to receive reports that customers were not able to login to the software.

We discovered very quickly that only cloud service customers were affected. In only five minutes’ time our cloud service partner Soluto, who provides the data center services, was investigating the cause. The disruptions continued however throughout the afternoon, services being alternately down and accessible. Really annoying and frustrating for our customers who were on the last working day of the quarter trying to get their invoicing done.

After things got to normal, we breathed a sigh of relief, only to be back in the same situation on Sunday afternoon. Fortunately, Soluto’s data center experts on call were well prepared and quickly got hold of things. 

Attacks affect not only the target

The cause of both of the service disruptions turned out to be a distributed Denial-of-Service attack (DDoS), mainly from Eastern Europe and South America. Its goal was to block the Internet connections of two different operators. The attack was targeted towards a service that was not hosted or supported nor a customer of either Soluto or CSI but was located in the same data center. In a typical manner, the attack did not last for long and recurred quite soon.

During the Sunday’s attack, Soluto was, co-operating with the Internet operator of the data center, able to locate the source and the target of the attack. After this, they were able to disconnect the target from the Internet, causing the attacks to cease and the disruptions to last for only an hour.

A Blemish in statistics

The incidents of the weekend got us to take a closer look at the statistics. We have put a lot of effort to the CSI cloud service, launched in 2011, and that has been seen in the statistics of accessibility and usability. Prior to the DDoS attacks the only noticeable downtime was during the Easter holidays, when moving the Soluto services to a new datacenter.

Even taking into account the DDoS attacks - leaving out the move and other pre-announced service-window downtimes - the service has been 99,86% available and accessible. Other unforeseen downtimes for the service have been caused by short failures of the Internet connections. In other words, the availability of the service is statistically on an excellent level – similar to e.g. Office 365.

Managing risks with awareness and preparedness

Last September’s hardship showed that despite all the safety measures one can suffer collateral damage. And you do remember the attack, although we and our customers got through with very slight damages. The motivation to dig deeper into protection increased a lot – as did the interest into news about cyber-attacks. You probably cannot prevent these attacks. Being aware and by learning from others’ experiences can still help you to improve your preparedness and thus minimize the effects of attacks.

Jari Loiri

CSI Helsinki, IT Manager

Life is not all about technology. I'm technology's friend whenever it makes human life easier.