Cyber Incident Victim: Caiway

In late August 2020, multiple European internet service providers experienced distributed denial-of-service (DDoS) attacks targeting critical infrastructure components. Between August 28 and early September, providers including Caiway (Netherlands), EDP (Belgium), Bouygues Télécom (France), K-net (France), and Delta (Netherlands) reported sustained attacks against their DNS systems. The assaults lasted up to 24 hours per incident, causing measurable service disruptions for customers during active attack periods. Attack methodologies primarily involved DNS amplification and LDAP reflection techniques, with traffic volumes reaching peaks of 300 gigabits per second according to NBIP, the Dutch Internet Providers Association. These simultaneous multinational attacks occurred alongside unrelated DDoS extortion campaigns against financial institutions reported by ZDNet, though investigators found no confirmed operational connection between these events at the time of initial reporting.

Mitigation efforts by affected ISPs successfully contained each attack within a day of onset, restoring normal operations after disruption periods. NBIP's technical analysis confirmed the attackers exploited protocol vulnerabilities in DNS and LDAP services to amplify traffic volumes against target networks. On September 4, 2020, the Dutch National Cyber Security Centre (NCSC) disclosed evidence of Bitcoin extortion demands associated with some attacks, though attribution remained unverified. The incident wave highlighted systemic vulnerabilities in ISP DNS infrastructure while demonstrating provider capacity to neutralize large-scale volumetric attacks within constrained timeframes despite temporary service degradation. No additional technical specifics regarding Caiway's individual response measures or customer impact metrics were disclosed in available reporting.