27 October 2019
Yesterday several internet service providers (ISPs) in South Africa were hit by distributed denial of service (DDoS) attacks which crippled the connections of their customers.
The effects of this were felt around 15:00 and continued through much of the day. The ISPs went to fix the problem with Webafrica, for example, stating that traffic had returned to normal at 22:20, and the attack had been mitigated further by the work of engineers at 00:10.
Unfortunately a new wave of DDoS attacks have taken place this morning, once again bringing the internet to a standstill for many South Africans as international sites fail to load.
28 October 2019, MyBroadband
Afrihost, Axxess, and Webafrica informed subscribers on Monday morning that they may experience intermittent connectivity.
Webafrica stated in its network status notice, published just after 08:00, that another distributed denial of service (DDoS) attack affecting its network has been discovered and is being investigated.
The network status notices from Afrihost and Axxess indicate that it is not only end-user connectivity that is affected, but network performance in its hosting environments as well.
This latest attack comes after a massive DDoS attack measuring over 100Gbps brought the three Internet service providers to their knees on Sunday.
Liquid Telecom told MyBroadband that the original attack, which started around 15:39 on Sunday afternoon, was aimed at one of its clients. The company declined to name the client.
At 22:40 last night, Liquid Telecom told MyBroadband that the attack had been mitigated. It continued to monitor the incoming traffic, as attackers can sometimes mutate their attack and continue their barrage.
Webafrica reported that there was another attack around midnight, but that it was mitigated within 10 minutes. Eight hours later, a new assault had started.
“The attack, which relates to a specific customer, is re-occurring sporadically and our Cyber Response team is actively responding to each attack whilst also proactively managing the situation,” Liquid Telecom told MyBroadband.
Afrihost, Axxess, and Webafrica all use an upstream service provider called Echo Service Provider. Webafrica migrated to Echo earlier this year.
On Sunday night, Afrihost CEO Gian Visser said that the DDoS attack did not appear to be specific to Echo or Afrihost.
Added notes by EMFSA