The Data Behind 2024's Cyber Threats
+420-602-558-144 I'm under attack Log in Sign Up

BGP hijacks - Malicious or Mistakes?

26 April 2018

A few days ago several cybersecurity resources reported details of an entirely malicious traffic redirection that combined DNS, and BGP hijacking. The primary goal of this attack was to steal money from different cryptocurrency wallets and services. Moreover, it was successful, since Amazon did not detect it in time. Today, on April 26, another significant incident happened that seems to be also unnoticed by the majority of players.

An AS267286, registered almost two years ago, stayed invisible until the event we are going to cover below when it announced 28 prefixes to the outer world. Among those 28 separate announcements sixteen were /8 prefixes (6,25% of IPv4 address space). This initial announcement was accepted by ASNs that belong to China Telecom (AS4134AS4809), which in its turn propagated it to Tier1 carriers and thus helped to spread it all over the world.

A spread of /8 prefixes on their own does not always affect end-user services or applications. To redirect traffic using /8 prefix, several conditions are necessary:

  • The receiving AS has only partial view: it is connected to IX(es) and accepts all routes from that source, but accepts only default routes from upstream providers.
  • The /8 is distributed through IX, while legitimate more specific routes are not present there.

With high probability, we can state that those /8 prefixes were distributed at São Paulo IX, the biggest IX in Brazil. Furthermore, several other networks were affected, of the size ranging from /24 and up to /16, belonging to several companies, including Equinix and Incapsula. There were already 5 waves with the same set of prefixes:

These particular announcements and their consequences show us that the quality of networks in several developing and growing regions is often sacrificed in favor of their growth speed. It also indicates the absence of proper filters between the China Telecom network and its connections with customers. Thus the absence of filters between peers (in this case between China Telecom and Tier1 carriers) made this anomaly global.

Is that just someone’s mistake or again a malicious BGP hijack? It is hard to tell without details from affected networks and services within. What we can say for sure for now - this is 100% illegitimate.

Get your Report

Full name *
Work email *
Job Title *
Company name *

I acknowledge and agree to the terms and conditions set forth in Qrator Labs’ Privacy Policy.

Survey

Share your experience and expectations regarding DDoS protection. Your answers will help us tailor solutions to meet your cybersecurity needs.

Tell us about your company’s infrastructure and critical systems. This will help us understand the scope of protection you require.

Help us learn about how decisions are made in your company. This information will guide us in offering the most relevant solutions.

Let us know what drives your choices when it comes to DDoS protection. Your input will help us focus on what matters most to you.

1/4. Questions about Awareness and Needs Questions about Infrastructure Questions about Decision-Making Questions about Motivation
Have you encountered DDoS attacks before?
What is your company's average internet traffic volume?
Mb
Who in your company makes decisions about cybersecurity solutions?
What is most important to you when choosing an Anti-DDoS solution? (select multiple options)
What key risks do you want to minimize with DDoS protection?
Does your company have a solution to protect against DDoS attacks?
Which systems are critical for your business to protect? (select multiple options)
When do you plan to consider a solution for DDoS protection?
What is your company’s primary type of activity?
What level of DDoS protection do you consider sufficient?
Team size:
Thank you for completing the survey!
Your participation will help us produce better market analytics.
To main page
Thank you for staying with us!
If the document does not load, please click the "Download" button. Help us better understand the market and prepare better analytics, take the survey.
To main page
Qrator Labs uses cookies to improve your experience, deliver personalized content and analyze our traffic. By clicking “Accept All” you agree to the storing of cookies on your device to enhance website navigation and analyze usage, assisting in our marketing efforts and improving user experience. You may modify your cookies settings at any time, as explained in our Cookie notice.

Cookies Preference Center

Strictly Necessary Cookies

Always Active

These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information. Detailed information about this category of cookies can be found in the Cookie Policy.
Performance/Analytics Cookies
These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site and will not be able to monitor its performance. Detailed information about this category of cookies can be found in the Cookie Policy.
Targeting/Marketing Cookies
These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising. You may opt out of Targeting/Marketing cookies through the "Cookie settings" button. Detailed information about this category of cookies can be found in the Cookie Policy.
Functionality Cookies
These cookies enable the Website to provide enhanced functionality and personalization. Company sets some functionality cookies, while third party providers whose services Qrator Labs added to the website set the rest of these cookies. If you do not allow functionality cookies, then services relying on functionality cookies may not function properly.
Your subscription successfully activated
To main page