What was the cause of the issue?

TrekkSoft was targeted by a DDOS attack, which affected the availability of the system to our users. DDOS is a type of cybercrime where an unknown attacker is flooding the servers with high internet traffic, that is preventing users from accessing our system. You can read more about what DDOS attack is and how it works here.

This particular DDOS attack generated an abnormal spike (1000x higher) in HTTP requests, which overloaded our servers.

Impact

The impact was global and most of the Trekksoft services were affected for all our customers.

What did we do?

As soon as the attack was initiated around 8am CEST, our developers started working on identifying the root cause of the issue. Once the cause was identified as a DDOS attack, we started working on preventing it by blocking the source of abnormal activity, as well as improving the configuration of the firewall solution.

The mentioned solution was fully configured at roughly 1pm CEST, when we started seeing improvements and our system was again accessible as well as bookings started coming in. Performance of features was still impacted until all the issues from the attack were resolved at around 7pm CEST. After that all the services were again performing as expected, and we continued to monitor the situation closely until the next day. We subsequently confirmed that the incident was resolved.

Learnings

DDOS attacks are well thought through cyber crimes, using new methods and technologies, which renders them unpredictable and challenging to neutralize.

In the aftermath of the recent attack, we are further improving our firewall protection, as well as investigating and expanding into new 3rd party solutions designed for tackling external security threats. These extra layers of protection will further add to the resilience of our system in similar situations.