Detailed network security mapping and clear
lines of communication allowed Optus to avoid an emergency patching program and
quickly identify a suspected attack as a false positive.
It was the 2018’s Commonwealth Games, and the
opening ceremony was about to begin. About an hour prior to the event, the
company that provided the network for the competition, Optus, observed a sudden
traffic surge and immediately thought that they were suffering a distributed
denial of service (DDoS) attack.
A month prior to the opening ceremony held in Australia, a DDoS attack was performed , with traffic peaking at 1.7 terabytes per second.
As it turns out, Optus had several reasons to fear a DDoS attack . A couple of months before the inauguration of the Commonwealth Games, a worm tore apart from the systems of the organizing committee of the Winter Olympics in South Korea. Several files and documents were deleted.
There was a lot at stake for Optus, considering that in addition of being the network provider at the Commonwealth competition, it was one of the most prominent sponsors. According to Narelle Wakely, a security advisor of Trustwave, a firm associated with Optus, the brand name was going to be all over the games.
And, considering that they had similar resources, applications, and overall infrastructure to that of the Winter Olympics , the team was on alert. That information was provided by Wakely to APNIC 48, the conference of the Asia Pacific Network Information Centre, in Chiang Mai, Thailand, earlier in the week.
Wakely also explained that tensions between
British and Russian governments were increasing, amid the alleged poisoning
episode of former spy Sergei Skripal in UK territory.
Another potential security aspect to watch out
for at the time was the fact that two traditional enemies, the United States
and North Korea, were talking about having meetings, potentially in Singapore,
which is the host country of Optus’ parent company. It was an added risk,
according to Wakely.
However, the network provider for the games
wasn’t experiencing the traffic surges out on the network associated with
clients. Instead, research showed that the alleged threat was what is called in
several fields as a “false positive.”
To the surprise of many, Wakely informed that the unusual activity was because of a very large update on video game giant Fortnite. She ironized about the event and said that, of course, it had to take place one hour before the inauguration of the Commonwealth Games and that all gamers went home at the same moment to turn on their gaming devices.
Optus was a pioneer in many aspects, as it was
the network provider of the 2018 Commonwealth Games, the first event to have
one firm offer everything network-related, including TV broadcasts, video
streaming, online security, and results recording, among other things.
Wakely explained that everything needed to be
perfect and, especially, quick. She detailed how the company sent every bit of
information regarding results from the Gold Coast to Perth, a cross-country
journey to the data center.
A very specific and detailed map of the
network was one of the most important resources for achieving that goal. The
map was very thorough from online security and operational standpoints.
Everything was done to ensure that everybody
involved in the process could visualize and start working on
“diagrams,” as she explained it. The approach helped the firm
identify the spots in which changes were taking place from a cybersecurity
standpoint, and the effects or results of those modifications.
Additionally, at the moment of the Games’ network went live, prominent online-related affairs company Cisco published a couple of crucial vulnerabilities, and the rating associated with them was 9.8 on a 1 to 10 scale.
Common sense indicates that patching vulnerabilities like that as soon as possible, but Optus was at a crossroads. Wakely explained that they risked altering the network and its availability if they patched.
But the system they put in place, more specifically the blueprint on a page, allowed the company and its associates to work as a team and quickly spot the changes taking place at the moment in real-time from an online security standpoint.
In the end, a decision was reached to apply
the patch in three routers and not to 133 switches.
trusted cvv shop best fullz shop 2021