It all began on the 4 of May, when hundreds of Belgian state institutions, hospitals, universities and schools faced some problems with internet connection. At that time only Belnet IT engineers knew the sheer volume of malicious traffic which was used to attack the state-funded Internet service provider.
According to Belnet’s status page, one of the massive DDoS attacks took place, disabling thousands of people from doing their jobs across the whole country: for almost a day Belnet tried to get back online, securing its infrastructure from new DDoS waves. On top of that the waves continued to come even the day after, resulting in some connectivity problems, however Belnet remained operational.
Criminals who were behind this attack should have been quite expert in this field, because their tactics differed from one wave to another. "The fact that the perpetrators of the attack constantly changed tactics made it even more difficult to neutralize it," said Dirk Haex, technical director at Belnet.
Such an attack could be done using a botnet of computers and IoT devices. Actually there is no secret that such botnets can be bought (or rather rented) in the Darknet to perform disruptive DDoS attacks. The criminals behind this are yet to be found — the case is now under control of Belgium's central authority for cybersecurity, the Center for Cybersecurity of Belgium (CCB).
It is stated that the attackers only disrupted Belnet’s services and there was neither data breach nor data loss during or after the attack.
The attack disabled the official portal for filing tax returns of the Ministry of Finance, and IT systems used by schools and universities for distance learning. The Belgian Ministry of Justice also reported malfunctions in its systems, but did not provide any details. The COVID-19 vaccine reservation portal hosted by Belnet was unavailable. Parliamentary and other government events were disrupted, for example, some meetings could not take place because they could not be broadcast to remote participants. According to the Belgian House of Representatives, only the Finance and International Relations Committee was able to hold one meeting — the rest had to be canceled due to the attack.
In the meanwhile the most disturbing outcome was dozens of hospitals and COVID treatment facilities stopping their activities because all the devices connected to the Internet became non-operational. We do not know whether it affected someone’s medical state this time, but there is no guarantee it won’t happen again when somebody’s life might be at stake.