In April 2022, it was reported that the pro-Russian hacktivist group KILLNET carried out a series of Distributed Denial of Service (DDoS) attacks against a number of websites including the United Nations (UN), the Organization for Security and Cooperation (OSCE) an organization founded in Finland and other European locations in the Czech Republic, Estonia, Latvia, Lithuania, Germany, Poland, Romania and the United Kingdom. According to the findings of the European Union Agency for Cybersecurity (ENISA), while there are no reports that the attacks had a major impact on the targeted organizations, this indicates an active increase in targets outside of Ukraine.
KILLNET is a pro-Russian/anti-NATO threat actor group that conducts DDoS attacks against countries that actively support Ukraine in its war against Russia. The group emerged in January as a pro-Russian hacking group, initially starting out as a “DDoS as a Service” group for users to rent botnets for attacks. After the invasion of Ukraine, the group shifted its focus to more hacktivist activities in support of Russia. As the group appears to have potentially significant support, it is likely that similar attacks will continue.
- January 23, 2022 – KILLNET emerged as a pro-Russian hacker group.
- February 25, 2022 – Made a post on her Telegram titled “ANONYMOUS, YOUR TIME IS UP!” in response to pro-Ukrainian hacktivist elements.
- February 28, 2022 – The group created a “call to arms” post targeting hackers in the “Russian Federation and CIS countries.”
- Also in February 2022 – the group shared a link to the Cyber Army of Russia Telegram group and encouraged KILLNET followers to subscribe to the channel to see KILLNET attacks.
- Date Unknown – Announcing partnership with XakNet – suggesting that several pro-Russian hacktivist elements have joined forces to conduct cyber warfare operations against Ukraine and its allies. The attacks included multiple cyber attacks against pro-Ukrainian targets, including a US airport and several Ukrainian government agencies.
- April 20, 2022 – The US Cybersecurity and Infrastructure Security Agency (CISA) has listed KILLNET as one of several pro-Russian cybercrime groups that could pose a threat to critical infrastructure organizations.
CISA also included the following cybercrime groups in the list based on industry and open source reports from US, Australian, Canadian, New Zealand and UK cyber agencies:
- The Cooming Project
- MUMMY SPIDER
- SALTY SPIDER
- SCULLY SPIDER
- SMOKE SPIDER
- MAGIC SPIDER
- The Xaknet team
DDoS in cyber warfare
DDoS attacks are often touted as the weapon of choice in cyber warfare, largely due to their ability to cripple applications and networks. Earlier this year, as significant global events unfolded and tensions between Russia and Ukraine increased, our own data and analysis from across the industry showed more DDoS attacks. This activity, coupled with ongoing turbulence in the geopolitical situation, has prompted global caution about the increased likelihood of further cyberattacks in the future.
As a result, the US Cybersecurity and Infrastructure Security Agency (CISA) and its partners, the Joint Cyber Defense Collaborative (JCDC), released technical guidance in March, including examples of DDoS attacks on government and financial websites in Ukraine, to inform business leaders and digital security leaders to prepare for attacks and adapt their digital security posture.
Imperva Threat Research
Imperva Research Labs observed an increase in the volume of DDoS attacks on websites in Ukraine in the first quarter, including attacks on several financial services targets. By March 2022, DDoS attacks increased overall as the likelihood of a physical attack escalated.
DDoS attacks consistently rank highly in the ENISA threat landscape and remain one of the most critical threats to IT systems and networks, as they can overwhelm resources, degrade performance, and cause severe outages.
DDoS mitigation best practices
With the increase in DDoS attacks targeting European targets, it is crucial to implement robust DDoS mitigation measures. Just having a firewall will not be enough to stop the volume of DDoS attacks launched by KILLNET and other threat actors. To help organizations prepare for a DDoS attack and make the right DDoS protection decisions, we’ve compiled a list of DDoS mitigation best practices.
Under DDoS attack? Contact Imperva for emergency assistance.
The post Hacktivists Expanding DDoS Attacks as Part of International Cyber Warfare Strategy first appeared on Blog.
*** This is a Security Bloggers Network syndicated blog from Blog written by Bruce Lynch. Read the original post at: https://www.imperva.com/blog/hacktivists-expanding-ddos-attacks-as-part-of-international-cyber-warfare-strategy/