October: European Cyber Security Month

An annual initiative by the European Union to raise awareness of digital security. The importance of digital resilience is something we recently experienced first-hand. Databalance was hit by a large-scale and complex DDoS attack, aimed at our infrastructure and driven by financial motives.

Thanks to our existing security measures — including our connection to the National Scrubbing Centre (NaWas) — we were able to respond quickly. However, this alone was not sufficient to fully mitigate the impact.

We would like to share our experience of this DDoS attack, as any organisation with an internet connection can become a potential target.

Our Existing Protection: the National Scrubbing Centre (NaWas)

As you would expect from us, we had already implemented active, preventive and reactive measures to safeguard our services — including protection against DDoS attacks through our connection to the NaWas. Almost all Dutch internet providers are connected to this service.

The NaWas detects and blocks DDoS attacks, ensuring the availability of our services even during an attack. Legitimate traffic is allowed through, while malicious traffic is “scrubbed” out. This cleaning process is based on filters and configurations that we continuously adjusted during the attack.

Switching to Cloudflare

The DDoS attack, however, was so large and complex that we decided during the incident to migrate our DDoS mitigation to Cloudflare’s Magic Transit service. This is a similar service to NaWas but designed to handle larger and more sophisticated attacks.

Cloudflare identifies and mitigates DDoS traffic faster and more accurately thanks to the scale of its infrastructure and the use of artificial intelligence (AI).

Our team of specialists implemented Cloudflare’s solution within a very short timeframe — during the attack itself — and we immediately saw improvements in service availability.

Even now, we continue to observe DDoS activity against our network, although at a much lower intensity. To safeguard the continuity of our services for our customers, we have decided to maintain Cloudflare protection as an additional security measure.

Cooperation with the NCSC and the Police

Because the attack was financially motivated (extortion), we immediately contacted the National Cyber Security Centre (NCSC) and the Dutch National Police. Naturally, we also filed an official report.

The NCSC provided guidance on how to communicate with the attacker. Although we never intended to pay, it was necessary to give that impression temporarily in order to reduce the intensity of the attacks.

Communication with Customers and Partners

The DDoS attacks caused several interruptions to our services — some brief, and others more prolonged depending on the affected systems. Throughout the incident, we kept our partners and customers informed about developments and next steps.

On our public status page, we could not be as transparent as we would have liked, since the attackers could also access the information there. For that reason, we chose to provide multiple updates via email instead.

Learning and Preparing

In principle, any organisation with a direct internet connection can become a target. In line with the purpose of European Cyber Security Month, we are sharing our experience and insights so that others can prepare for potential cyber threats.

Would you like to learn more or discuss how to strengthen your organisation’s digital resilience?
Please contact your account manager — we’ll be happy to schedule a meeting with you.

Vorig bericht
Nieuwsoverzicht
Volgend bericht
Vorig bericht
Volgend bericht
Sign up for our newsletter

Back to top

Managed IT for sustainable growth.
Databalance
Databalance