DDoS attacks protection

Founded in 2005, Dailymotion is the 3rd largest online video streaming service in the world that connects over 250 million users. Dailymotion is available worldwide in 18 languages and 35 localized versions featuring local home pages and local content. Video streaming delivery needs a fast and stable connection through the Internet to the end users, otherwise the quality of video streaming would degrade.

When video codec needs to frequently adapt to an unstable Internet connection, it causes playback freezes, jumps in time and long buffering times. When the Internet transit is unstable, route changes can often occur and some may affect the RTT (Round Trip Time) dynamics, which has a direct negative effect on the quality of a video. To monitor all possible BGP anomalies in real time, Dailymotion opted for the Qrator.Radar global Internet monitoring service, due to a high level of performance and the ability of the system to detect a larger number of routing events.

Dailymotion NOC (Network Operations Center) looks after all possible issues that could impact the quality of video delivery over the Internet. It collects information about the prefixes affected by leaks, as well as bogon networks (IP address announcements which normally should not be listed in Internet routing tables) and other routing incidents. Qrator.Radar provides the data which helps to analyze the network online in real-time, to correlate user issues with routing incidents, and to take immediate corrective actions to provide the best video experience to the end users.

"Data transfer stability and optimal routing are key factors for a nominal video delivery process. Network lags, jitter (variation in the traffic latency due to network congestion), time drifts, or internet routing changes — all of these are potential issues which may cause a degradation of our service”, says Christian De Balorre, Head of Dailymotion IP network engineering. "Qrator.Radar is one of the Qrator Labs' core products which we have been developing continuously. Qrator.Radar helps owners of standalone systems identify the anomalies affecting the quality of network services in real-time and respond quickly to incidents, ensuring better network performance. Dailymotion adheres to the highest standards to ensure the continuous availability of its network resources.

Our global Internet monitoring system will help Dailymotion to provide even much better service to their customers and improve their NOC efficiency," says Artem Gavrichenkov, CTO of Qrator Labs.

The moment we chose Qrator Labs as the DDoS-mitigation provider, we were already protected. With our previous solution we felt unprotected because of their slow reaction time to attacks and their scrubbing quality, or poor attack recognition, which generated too many false positives. Communication with their technical support was slow and often ineffective, we could not get answers to our questions.

Eventually, we realized this had to stop, so we began to search for a more appropriate solution. We had already heard of Qrator Labs, and its founder Alexander Lyamin, so we decided to consider the Qrator mitigation network. After our initial tests and market analysis, it was clear that the offer from Qrator had the best price/quality ratio.

Lazada is the fastest growing marketplace in South-East Asia and it must always be available for both customers and merchants. “Availability” here means not only that the website itself is accessible, but that it is reached as quickly and seamlessly as possible.

Paths of escalation during attacks are critical; sometimes there is no other way than to call the CTO… however, we never did.

Based on 16 months of experience with Qrator Labs DDoS mitigation service we can state that proficiency of their technical support differentiates the company from any other providers on the market. The combination of this high quality with their speed in processing technical questions, issues and requests makes the Qrator Labs network operation center and their tech support team one of the best in IT security. Since attacks and incidents are unpredictable, it is vital that when they happen, communication remains precise, fast and professional in order to satisfy the customer.

We do not need to mention the quality of Qrator’s scrubbing and attack mitigation since its high quality is taken for granted—a company with our size and technical requirements cannot afford to settle for providers that are not fully open and do not have our total confidence.

We experience on average one minor attack every one to two weeks. Every two to three months, we experience serious reinforced attempts to DDoS-attack our system. Once or twice in a year, we see extreme incidents, even targeting entire network, to which we must respond immediately and aggressively to cure together with Qrator Labs engineers. Sooner or later, attacks become routine, something that happens and we know that, but we would see the details in the next day’s report.

We measured the latency of our network and the speed with which our average user sees a page delivered in the region we operate, and Qrator Labs is improving those parameters slightly. There’s not much room for improvement though, and a positive change by several milliseconds is a lot in this case.

After one year of working together we asked Qrator Network to protect our DNS too. We had some specific feature requests that Qrator Labs quickly implemented, within weeks, which is fantastic. It can be difficult of require such customized solutions but when the feature is delivered exactly as hoped - it feels great.

Working with such a company represents an exciting opportunity for us.

Türk Telekom, with over 180 years of history, is the first integrated telecommunications operator in Turkey.

Türk Telekom Group Companies provide services in all 81 cities of Turkey with over 34 thousand employees onboard, bringing the vision of introducing new technologies to Turkey and accelerating Turkey's transformation into an information society. For national operators of such a level as Türk Telekom, it is crucial to detect network anomalies that can significantly impact the availability and quality of their services at the global routing level.

For global traffic monitoring and anomalies detection purposes, Türk Telekom was looking for a specialized tool working at a level of inter-domain routing. Qrator Radar could meet all the customer's precise requirements as the world's biggest Internet monitoring service with more than 800 ISPs worldwide, providing data on all networks available within routing tables.

Qrator Radar helps Türk Telekom detect global connectivity incidents such as Route Leaks, BGP Hijacks.

The opportunity to get notifications on BGP anomalies in real-time allows the immediate reaction to the incident, mitigating possible adverse outcomes for business and ensuring better networking overall.

“ With the help of websitepulse.com tools, from 3 locations within mainland China (the first column) data centers we made 5 measurements to the specific destinations (second row). We discarded 1 best and 1 worst results, averaging 3 results left*.

The whole point of this case is about the professional quantitative approach in benchmarking new products and services, as well as comparing services regarding specific requirements and use cases. The methodology could be improved continuously, as well as questioned, however, since this is not something of Qrator Labs production we have decided to take these measurements into our 2017 annual report on the state of cybersecurity.

Such tests illustrate the correct and practical approach for obtaining benchmark metrics in the form of business-specific performance indicators. Such activity in benchmarking cloud services shows that the level of technical proficiency at the company, running those tests, is high. Not believing marketing materials and conducting own research is a good thing, as we have said multiple times earlier and the main reason for open-sourcing our set of the RIPE Atlas tools to simplify such activities for interested parties.

Being able to formalize such parameters you want to test and reason them is very important and not comfortable in most situations. Measuring incorrect parameters would not help you understand what product or service is better suits your business case. Mainland China is also a highly specific case for measuring, because of the well-known Great Firewall and how it influences standard packet transmission and processing.

* Given methodology and results originate from our customer and should be considered with precaution.

Company background

Backspace Technologies is a market leading wholesale VOICE and APN solutions provider in South Africa. With a key focus on resellers, Backspace offers market leading solutions providing the following benefits: wholesale voice at competitive market rates, LTE based hardware, fully managed cloud PABX including options for 3CX Mobile App, Call Recording, APN last mile connectivity and more.

Backspace was born out of the need to create opportunities for up and coming as well as establish businesses in South Africa. Company’s products are created to work as both a bolt on and as a standalone telecommunication offering to existing or new customers.

Backspace supports businesses in development of the telecommunication sector in South Africa and provides infrastructure for resellers to support and bill their customers accurately and efficiently.

Challenges 

When it comes to VoIP and APN connections, it is incredibly important to provide customers with advanced connected networks that are fully managed and redundant across multiple network providers and geographical locations. 

If the Internet transit is unstable, routing anomalies may occur affecting network latency (RTT), causing equipment failures, traffic losses, network unavailability due to invalid route filtering and even cyberattacks.

Solution

In 2020 Backspace came to Qrator Labs in need of real-time BGP anomalies detection and better network performance and settled on Qrator.Radar, a global network anomalies monitoring system and the world's largest traffic data collector.

The Backspace IT team needed to track all global network anomalies happening within their network caused both by errors in the network equipment configuration and cybercriminals attacks. Utilizing Qrator.Radar as a professional monitoring tool functioning at the cross-domain routing level, Backspace has the opportunity to detect external network anomalies and recognize their conditions and consequences in real-time. Routing data provided by Qrator.Radar helps to find where routing changes would affect performance and take proactive steps ensuring a highly available network service and optimal digital experience for customers.

BGP route monitoring and routing data from major global ISPs make it easy to see peering changes, route leaks, BGP hijacks which can lead to potential DoS incidents and deterioration of service quality.

“Telecommunication services, including VoIP, APN connection are likely to get affected by route fluctuations and network disturbances that can adversely impact the user experience. It is essential for us to provide our customers with the highest level of connection so we are always searching for potential issues that may degrade the communication quality and Qrator.Radar helps us keep a finger on the pulse of the Internet routing. It captures several thousand routing incidents worldwide every day and extracts major ones for our autonomous system. It provides us with the possibility  to track BGP changes, diagnose route flaps, peering issues occurring in our network and understand reachability of our Autonomous System for faster BGP troubleshooting,” said Willem van Zyl of Backspace Technologies.

Olymp Trade trusts professionals the fight against cyber attacks

The financial company Olymp Trade emerged in 2014, and in such short time managed to occupy an exceptional place in the market. The usage statistics of the online platform is impressive: the number of simultaneously trading sellers reacher 20,000. Moreover, within a month 100,000 new traders make about 15 million transactions.

Such financial activity on the Internet cannot stay unnoticed, and therefore the issue of the possible cyber attacks remains hugely urgent.

Engineers of Olymp Trade note that intruders attempts to hack the system have repeatedly been observed. However, significant negative consequences on the system and critical losses can be avoided through a combination of technical and administrative measures. For example, by a separation and additional protection of funds circulating in the system: «just like that» you would not be able to withdraw the money. Any withdrawal attempt should receive information from the account holder. Thus any suspicious activity would be instantly suppressed.

Crucial moment

Some time ago, Olymp Trade first encountered a persistent DDoS attack - the largest in company history. Hackers planned to disable the system and start demanding money. Employees received various letters with direct threats and extortion.

«It is fair to admit that we did not immediately realize that the abnormal activity is hiding a real threat,» said Olymp Trade representative. «By carrying out extensive advertising activity, we already faced a severe increase in requests that put a significant load on the platform, and at first believed that our system does not withstand a large number of new and relevant users. It seemed to us that this traffic was valid until the experts began to disassemble it by logs.

Attempted attacks aimed L2 and L7 on several vectors, starting with trial strikes on our service and ending with a long night series of continuous requests. Our 24-hours technical support service immediately reported a significant deterioration of service and instability of the platform: at night we raised the team of our technicians and, having evaluated the problem, started switching to the Qrator filtration network.»

Sometime after connecting, learning and setting up the network, all the garbage traffic was filtered out, and the work was normalized.

Mobile hacking

For customer’s convenience, some mobile applications do not require captcha input, and intruders try to use that for their sake. Olymp Trade periodically encounters attempts to compromise the end devices and applications - for example, in the case of brute forcing passwords. The company is aware of such efforts of exploitation and actively fights them. To protect customers new algorithms for the account protection are introduced, WAF is adopted to prevent the risk of hacking the trading application.

At the same time, some possible attack vectors are weakly controlled. Infected by the virus Android device that redirects SMS to the malefactor, desktop keyloggers are the nowadays reality. It is difficult to reverse the situation because this vulnerability exists on the side of the end user. We should pay tribute to the Olymp Trade technical support specialists, who always warn traders about possible non-market risks and try to find the best options for ensuring their security.

No pasarán!

Olymp Trade notes that not all attack types could be efficiently mitigated on own forces - often it is economically exhausting.

After connecting to the Qrator Labs mitigation network, the company’s services entered the usual mode of operation. However, this does not mean that the attacks ceased forever: for several weeks, strong cyber attacks were observed. However, even after hackers switched the attack vector, the Qrator network quickly adapted to the changes and efficiently neutralized new mass queries. Work of support technicians and developers should also be noted, who promptly joined the process of analyzing further attacks.

Olymp Trade considered DDoS-mitigation services from several contractors, but, in the end, made the Qrator Labs decision. Among the main reasons - a positive teamwork experience, high professionalism and a complete understanding of the internal technical structure of the financial company.

«The effectiveness of the Qrator Labs solution is high», summed up the Olymp Trade representative.

In May 2021, the cryptocurrency market experienced one of its worst days since March 2020. The total market capitalization collapsed by more than $ 500 billion, and the bitcoin rate dropped to $ 30,000 for the first time since the end of January. This rate drop caused a new surge in DDoS attacks.

DDoS attack botnets are also used to mine cryptocurrencies. When cryptocurrencies rates get high attackers redirect botnets powers to mining, which becomes much more profitable. While the decrease in cryptocurrencies rates botnets are monetized in a different way – by arranging commercial DDoS attacks. So, against the backdrop of a cryptocurrencies’ sharp collapse on May 25, 2021, Cindicator and its product Stoic, a crypto trading artificial intelligence bot, were exposed to two large-scale DDoS attacks, arranged within 2 hours interval.

The duration of each incident hardly exceeded 15 minutes of continuous malicious traffic. In the first episode, the DDoS bandwidth reached 160 Gbps. It was a low-level flood that was successfully filtered by the Qrator Labs network. During the second more serious episode, the attack bandwidth reached 487 Gbps and 47 MPPS, affecting the application layer: the attackers generated more than 8 thousand requests per second to the attacked web application. The filtering system blocked about 4 thousand bots.

The high potential of the Cindicator project in the scope of rapid cryptocurrencies development makes it very noticeable in the competitive trading market that gives rise of frequently organized DDoS attacks.

“The safety of Stoic users is our top priority. Connecting to the Qrator Labs network has helped Cindicator to mitigate infrastructural risks and in the meantime avoid the reputational ones, which is highly important when working with a large number of users. We cannot afford even a single minute of downtime. Our platform must run like clockwork 24/7, and cooperation with Qrator Labs helps us reach this continuous availability. The filtering network mitigates DDoS attacks of any complexity in a completely invisible mode, which makes it possible to focus on our business tasks to create a holistic and in-demand traders ecosystem,” comments Vlad Kazakov, Head of Products at Cindicator.