The TX Group and all of its services reach up to 80% of the Swiss population on a daily basis, making it an interesting target for bad actors who are after big companies, to steal their data, impair their infrastructure, and/or ask for ransom. Andreas Schneider, CISO at TX Group, and Mostafa Abdelmoez, Head of Security Engineering at TX Markets talked to us about the cyber attacks of 2020 and the rollout of a security project at the Group level.
Cyber Attacks Successfully Repelled
Cyber attacks can happen both on a small scale and also on a large scale, which is exactly what the TX Group experienced for an entire month in November 2020. Fortunately the attacks did not have any severe consequences, like loss of data, since the Group was prepared. And, when it comes to security, it is an integral part of the business, and its highest priority is to keep the company, its employees and customers digitally safe.
The TX Group digital infrastructure and services were under a Distributed Denial-of-Service (DDoS) attack. These types of attacks attempt to disrupt the normal traffic of a service or network, by overwhelming it and therefore “hopefully” preventing the system from functioning properly.
The attacks lasted approximately one month, during which the TX Security Guild was able to coordinate defenses and share knowledge and solutions. During the attack, human intervention was kept at a minimum, since the appropriate defenses were triggered automatically and proportionally to the attack. This was due to a solid security system and the fact that prior to the attacks, a project had been launched to reinforce and complement the already existing defenses against DDoS attacks. The Security Guild called this project “Left Shield”.
Project "Left Shield"
The project was launched mid-November and lasted until the end of January. The driving force behind the project was the TX Security Guild.
Guilds are domain specific cross-collaborational groups, allowing all Marketplaces to learn from each other's experiences. This specific guild consists of the security champions in the whole TX Group. It acts as a knowledge hub, a meeting place, and a decision board - as far as security is concerned. In addition to the Security Guild, other stakeholders were also involved in the project, such as Chief Technology Officers (CTO) and Site Reliability Engineers (SRE).
Timing Is Everything
Obviously, even before the project was officially launched, a defensive plan was already in place that had protected the Group against similar attacks in the past. However, some of those plans were partially inconsistent between the different TX Group and TX Markets companies. A unification of the defence layers was needed that focused on scalability and automation and was about being proactive rather than reactive.
Keep Cool and Fight Attacks
Prior to “Left Shield”, mitigating DDoS attacks usually required a lot of human interaction. Not to mention, the attacks could have affected the availability of the services. Although risks were always closely monitored and employees were available on call, the new initiative presented the opportunity to avoid uncertainties from the start. Bad actors are usually very organised and will take advantage of slower human response times, which can affect the availability of the services and damage a business.This is why creating automated solutions is vital, as human mistakes are minimised, while time and costs are saved.
“Left Shield” was planned and implemented in about one month, protecting over 200 domains.
The best way to fight attacks is to prevent them. This is why TX Markets gradually rolled out a massive intrusion detection and prevention system, where features were activated incrementally. By doing this, both traffic and costs were retained and DDoS attacks (in addition to various types of other attacks) across all markets were mitigated. The strategy aims to stop attacks before they reach the following layer of defense, which might create additional costs.
Left Shield Implementation at TX Markets
Being under attack is always a challenge. However, the attacks of November 2020 were particularly challenging, since each website and marketplace had seen a general rise in traffic due to the Covid-19 pandemic. As traffic increased the attacks proportionally increased as well, making it important to adapt quickly, so that the platforms and services remained secure.
As speed was of the essence, it was clear that project Left Shield had to address various hurdles from the start, including: the legacy infrastructure and the fact that each company within the TX Group has its own separate infrastructure. That is why, the security system had to be sustainable for every company, it had to scale automatically and require the least amount of human interaction possible, and account for different tech stacks and legacy systems.
The project was big enough as it was, so adding intense cyber attacks for a prolonged period of time forced everyone involved to roll it out even faster. For some marketplaces, the rollout was possible in only three days! Thanks to this team effort and coordination within the Security Guild, the cyber attacks of November 2020 were fended off without damaging the company or its data.
We thank Andreas Schneider, Chief Information Security Officer (CISO) at TX Group and Mostafa Abdelmoez, Head of Security Engineering at TX Markets for providing us with an insight into a stressful time and interesting project.