Telenor Norway foils major DDoS attack

Telenor Logo

In the 21s century where technology plays such a huge role in our everyday lives cyberattacks have also become a problem and hackers try to compromise systems by injecting various ransomware in order to drain money from owners. Most of these attacks are very hard to prevent and sometimes results in loss of data.

On October 12, Telenor Norway has also become one of such companies that suffered a major DDoS attack. Approximately 400 Gbps of traffic was directed to the company. The attack lasted 3 hours but none of the major services were affected.

Perpetrators demanded a ransom of 20 Bitcoins which is roughly NOK 2 million and the deadline was set to 19 October. But the company passed this deadline without paying any money.

Petter-Borre Furberg who is the company’s CEO noted that they have a perfect system that deals with such kinds of attacks without major complications.

During the attack websites and emails were temporarily unavailable, but major services such as SMS and voice calls as well as mobile data were left intact and continued working, which was due to hard effort from the company’s tech support.

A huge problem for companies

We should note that since August this year a lot of companies suffered DDoS attacks from the criminal group known as Lazarus Bear Armada. This is not a problem with just telecom companies. The more these large corporations get attacked the more platforms dependent on their service are thrown into chaos.

Telenor is the service provider for thousands of private customers as well as businesses. Based on reports from several industry experts, the DDOS attack was primarily dangerous for companies storing large amounts of customer data and funds. According to local experts, Norwegian mobile casinos were in the red zone the most. This is mostly due to the regulatory unclarity in the country and the subsequent lack of resources for proper protection.

The local population has a demand for iGaming services, but the country forbids it. Therefore, through telecom providers, Norwegian citizens usually register on foreign platforms. Should an attack put their information in jeopardy, there are little to no legal methods they can address to be reimbursed. So this fact shows the vulnerability of companies when they are facing attacks.

How do DDoS attacks work in general?

A DDoS attack is a distributed attack that puts a strain on the server and causes the system to fail. Under these conditions, users cannot access a website or web service, and project owners may lose profits.

The reason for the system failure is not always a DDoS attack. Server resources are limited and if everything works according to the plan, there may be failures in an anomalous jump. If you launched a promotion or advertising campaign on your website the day before, which caused a sharp spike in attendance, you may have problems accessing the site.

The modern Internet operates on a seven-tier network model OSI. The model determines the levels of interaction of systems, each level is responsible for certain functions.

A DDoS attack can occur on any of the seven levels, but more often than not it is:

  • Low-level attack – at network and transport levels (third and fourth level of the OSI model). At these levels, “holes” in-network protocols are used to attack.
  • A high-level attack is an attack on the session and applied levels (fifth and seventh levels on the OSI model). Such attacks are similar to user behavior. In this case, fine server tuning or paid DDoS protection can help.

It is worth noting that DDoS attacks are varied. Software developers fix security issues by releasing updates, but attackers come up with a new way every year to cause the system to fail.

A well-organized attack consists of multiple server requests from around the world. But where do the attackers have such resources?

By 2020, the most dangerous type of attack is considered to be a botnet attack.

A botnet is a combined network of devices that has offline software installed. Attackers masquerading as programs, emails, files, and other content distribute malware that is hidden on the victim’s device and can be launched at any time. The intervention is discreet: users are unaware of the presence of malware.

Thus, any device that has access to the Internet (mobile phone or washing machine with wi-fi) can become a participant in the DDoS attack.

When you attack a server, it is impossible to identify its initiator: requests come from all over the world, from different devices. The attacker usually goes unpunished.


So far it is only experts in the company who can prevent DDoS attacks with minimal losses. Therefore it is always a good idea to invest more money in hiring professionals who effectively deal with such kinds of threats.