Telco walks back claims of DoS attack, when its network went down on the weekend.
Australian telecommunications provider, Telstra has walked back claims a severe outage on Sunday was due to a Denial of Service (DoS). In a Twitter message, the telco wrote: “The massive messaging storm that presented as a Denial of Service cyber-attack has been investigated by our security teams and we now believe that it was not malicious, but a Domain Name Server issue. We’re really sorry for getting in the way of your weekend plans.”
One of Australia’s largest telecommunications provider, Telstra at first believed it had suffered a cyber-attack, bringing down its services for the east coast of Australia.
The telco posted on Twitter at 11 a.m. on Sunday the team was “looking into an issue impacting some home Internet connections including nbn.
An hour later, Telstra identified the issue as a “Domain Name Servers (DNS) used to route its customers’ traffic online had experienced a cyber-attack, known as a Denial of Service (DoS)”.
The telco assured customers’ information “wasn’t at risk” and it was doing all it “can to get you back online”.
“We’re blocking the malicious traffic attacking some of our services,” Telstra wrote. “We are confident we have blocked all of this malicious traffic and are working to get you back up and running again. Thanks for sticking with us.”
Telstra wrote it would keep customers posted and apologised for messing with their “Sunday plans”.
The telco takes cyber security seriously and has submitted to the Australian Government’s 2020 Cyber Security Strategy.
Its recommendations were:
- Jointly assessing the cyber-threat environment: Improved threat intelligence sharing through specific initiatives including co-locating government and industry practitioners and expertise to better address high impact cybercrime techniques targeting consumers.
- Government-industry partnering (strategic): Establish formalised communication channels, reporting and forums with regular cadence between government and industry decision-makers to better inform operational and legislative priorities.
- Government-industry partnering (operational): Improved governance and operational initiatives to strengthen the effectiveness of the Joint Cyber Security Centres (JCSCs) in collaborating with industry, including appointing a designated point of contact for Critical National Infrastructure (CNI) organisations and reviewing the classification of information to reduce barriers to information sharing.
- Policy co-operation: Maintain transparency on offensive cyber capabilities and build closer cooperation with the private sector on international policy development and engagement. Government to develop and lead a national level cross-sector crisis response exercise with key industry sectors to inform policy. Building enterprise and skills, influencing behavioural change: Government to use levers such as tax, immigration and business policies, and academic accreditation, to ensure robust cyber security talent pipelines. Consolidate efforts to raise awareness and influence consumers in developing strong cyber security behaviours.
“As one of Australia’s most important CNI providers, we recognise that the integrity and availability of Telstra’s networks underpins the social and economic wellbeing of the nation,” wrote Telstra. “It is for this reason that Telstra continues to apply a national security lens to our operations and the cyber security of our networks.”
Telstra also submitted its observation that there was an observing an increase in online espionage, disruption, and theft campaigns against industry targets in the Asia-Pacific and Australia.
“As the sophistication of cyber threats continues to evolve and the Internet-connected IT surface expands exponentially, it’s vital we understand not just how, but why our adversaries conduct malicious activities,” wrote Telstra. “Developing this level of understanding through our threat visibility and trusted networks allows Telstra to more effectively predict malicious activity and mitigate cyber risk.”
The telco believes Australian organisations hold a wealth of information desirable to threat actors. This includes data on the identity, location and behaviours of our customers, sensitive information about networks and facilities, and valuable intellectual property on future technology and innovation.
We suggest three threat areas for increased focus over the near-medium term:
- Network-level threats
- High-volume cybercrime
- Emerging strategic cyber threats.