How did WannaCry traffic take down Telkom’s app, call centre, and website?
Several of Telkom’s customer service systems – including its USSD menu, smartphone app, and call centre – were offline on 16 May. The operator acknowledged the outage at 08:30 on its Facebook page, stating it was experiencing system access problems, and that a number of customer services were affected. It confirmed its outages were a result of the WannaCry ransomware attack which infected computers running Windows that had not been patched with the latest updates.
However, the downtime was not because its systems were infected or encrypted, but due to the increased traffic WannaCry caused on its network, said Telkom. “Throughout the attack, our priority was the protection of our customer’s data and assets,” said Telkom spokesperson Jacqui O’Sullivan. “We were meticulous in the control of our defence systems and we purposefully throttled some areas where we believed the risk was high.”
The sustained nature of the attacks resulted in high network traffic as Telkom’s firewalls worked to repel the attacks.” “This very robust defence strategy did result in the degradation of the performance of some of our service platforms at different times throughout the day.” No Telkom assets were infected or encrypted, and neither was any data it maintains for managed service customers.
Questions raised over explanation
Telkom’s explanation raised many questions about how traffic from non-Telkom systems which were infected by WannaCry took down its customer service platforms. MyBroadband asked Telkom how big the traffic spike was, where the traffic originated from, and why it affected Telkom’s customer-facing systems.
Telkom declined to comment on the matter. Microsoft told MyBroadband that the attributes Telkom described in terms of traffic spikes were not the attributes it saw in WannaCry. It suggested that Telkom may have been the victim of another attack that hit its network at the same time as it saw an increase in WannaCry infections in South Africa.
“To protect the integrity of our systems and networks, as well as the security processes defending them, we will not be sharing any additional information pertaining to this ransomware,” said Telkom. It said its processes and systems, while facing extreme pressure, withstood and rebuffed the WannaCry attack. “This is a testament to the consistency of our information security updates and the seriousness with which all our divisions approach this critical element of our business.”
Telkom said although the WannaCry attack was stopped, it does not mean the threat is over.
It said unpatched devices may continue to generate excessive network traffic and could be vulnerable to a potential second wave of the virus.
It advised all Windows users to install the necessary patches from Microsoft.
- ^ New EternalRocks malware is “WannaCry version 2.0” (mybroadband.co.za)