In April 2022 it was reported that pro-Russian hacktivist group, KILLNET, carried out a series of Distributed Denial of Service (DDoS) attacks against a number of websites including the United Nations (UN), The Organization for Security and Cooperation (OSCE) an organization founded in Finland, and other European sites in Czechia, Estonia, Latvia, Lithuania, German, Poland, Romania and the UK. According to the findings by The European Union Agency for Cybersecurity (ENISA), while there are no reports of the attacks having had a major impact on the targeted organizations, this indicates an active increase of targets outside Ukraine.
KILLNET is a pro-Russian/anti-NATO threat actor group carrying out DDoS attacks against countries actively assisting Ukraine in its war against Russia. The group emerged as a pro-Russian hacker group in January initially starting as a “DDoS as a Service” group for users to rent botnets to carry out attacks. Following the invasion of Ukraine the group shifted their focus to more hacktivist-style activity in support of Russia. As the group appears to have potentially significant support, it is likely that similar attacks will continue.
CISA also included the following cybercrime groups on the list which was based on industry and open-source reporting, by US, Australian, Canadian, New Zealand, and UK cyber authorities:
DDoS attacks are often lauded as a weapon of choice in cyber warfare mainly due to their capacity for crippling applications and networks. In the early part of this year as significant global events unfolded and tensions mounted between Russia and Ukraine, our own data and analysis from across the industry showed more DDoS attacks. This activity, along with sustained turbulence in the geo-political situation, has prompted worldwide caution around the heightened possibility of more cyber attacks going forward.
As a result, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and its partners Joint Cyber Defense Collaborative (JCDC), issued technical guidance, including examples on its website of DDoS attacks on government and financial websites in Ukraine in March to inform business leaders and those responsible for digital security to prepare for attacks and adapt their digital security posture.
Imperva Research Labs observed a spike in the volume of DDoS attacks targeting sites in Ukraine in Q1, which included attacks on several financial services targets. By March 2022, DDoS attacks increased overall as the likelihood of a physical incursion escalated.
DDoS attacks consistently rank high in the ENISA threat landscape and remain one of the most critical threats to IT systems and networks with their capacity to overwhelm resources, impact performance and cause severe outages.
With the increase in DDoS attacks on European targets it is critical to put robust DDoS mitigations in place. Having only a firewall will not be enough to stop the volumes of the DDoS attacks launched by KILLNET and other threat actors. To help organizations prepare for a DDoS attack and make the right DDoS Protection choices we have put together a list of DDoS Mitigation Best Practices.
Under DDoS Attack? Contact Imperva for emergency help.
The post Hacktivists Expanding DDoS Attacks as Part of International Cyber Warfare Strategy appeared first on Blog.