Threat Watch

Australian Telcom Provider Telstra Mistakes DNS Issue for DDoS Attack

On Sunday, a number of customers utilizing the Australian telecom provider Telstra’s services experienced service outages. Telstra quickly communicated with customers through their Twitter account informing them that several of their servers where experiencing a denial of service attack. They reassured their customers that there were no indications that any other activity appeared to be taking place which would put any of their data at risk of compromise. Telstra began returning service to customers after “blocking the malicious traffic.” After some investigation by Telstra’s security team, it was revealed that the cause of the outage was not a Distributed Denial of Service (DDoS) attack, but instead it was caused by a Domain Name Server (DNS) issue. After identifying the issue, Telstra was able to quickly remediate the problem and return service to their customers.

ANALYST NOTES

When responding to an issue, it is very easy to get tunnel vision and focus on one possibility. It is important to consider all possibilities while working towards a solution. Constant reporting of various cyber-attacks happening every day around the world can draw people into the mindset of every issue being caused by a cyber-attack. Luckily in this instance, even though Telstra initially misidentified the issue as a DDoS attack, their quick remediation and proper identification of the problem show that they focused efforts efficiently and did not fall into the trap of getting tunnel vision. From the initial report of the outage by Telstra to the return of full service and the identification of the DNS issue, less than four hours had elapsed. More information on this incident can be found at: https://www.theguardian.com/technology/2020/aug/02/hackers-cause-telstra-outages-in-australias-eastern-states-with-malicious-cyber-attack