The initial situation
With an extensive portfolio, the IT service provider awinta GmbH offers a wide range of complete solutions for pharmacies and pharmacy cooperatives, from on-site installed merchandise management systems to online shops in the awinta data centre, as well as an interlinking of both areas. awinta’s customer base includes around 7,000 pharmacies, making the company the market leader in Germany.
awinta operates its largest data centre in Frankfurt am Main, which is close to the DE-CIX internet hub, so that it can offer customers a fast internet connection. Via the online shop infrastructure, which is used by a mid-three-digit number of pharmacies, awinta currently processes order transactions each year in the double-digit million range. The number of visitors to the shops is in the three-digit million range per year.
Many online shops operated by pharmacies received an extortion letter from the hacker group Gladius in February 2016. “You have probably already noticed that we have attacked the infrastructure of your online shop” the hackers wrote. “You have 72 hours to pay a non-attack fee of EUR 1,500. Otherwise, the attacks will be extended.” Just like other competitor, several online pharmacy shops in the awinta data centre were also affected by this wave of DDoS attacks. “However, it didn’t stop there” reports Christian Netzer, Head of Network and System Administration at awinta’s Mannheim site. “In the following weeks, we had to deal with a total of ten waves of attacks, which not only led to the affected online shops being paralysed for hours at a time, but also the entire data centre.”
At that time, the awinta data centre only had basic DDoS protection. For this, a procedure referred to as “black holing” – and which is also known as zero routing – was used. In this process, all traffic to the IP address targeted by the DDoS attack is “routed into a black hole”. The problem with this approach: it cannot distinguish between “good” and “malicious” traffic, thereby rendering the DDoS attack a success. In order to be able to specifically fend off DDoS attacks against individual online shops and, at the same time, effectively shield the entire data centre, awinta was looking for an improved solution.