Security News
Experts say the attacks demonstrate the risk that fairly unsophisticated attacks pose even to well-defended enterprises and that other countries should take notice and prepare. Starting before the annual OpIsrael hacktivist assault on Israeli enterprises from April 6 to 9, Israel experienced recent attacks by Russian entities like Killnet and Anonymous Sudan, a cybersecurity bugbear for Israel this year.
With over one billion websites worldwide, HTTP/HTTPS application-layer attacks have increased by 487% since 2019, with the most significant surge in the second half of 2022, according to NETSCOUT. The dynamic nature of the DDoS threat landscape. "DDoS attacks threaten organizations worldwide and challenge their ability to deliver critical services," said Richard Hummel, threat intelligence lead, NETSCOUT. "With multi-terabit-per-second attacks now commonplace, and bad actors' arsenals continuing to grow in sophistication and complexity, organizations need a strategy that can quickly adapt to the dynamic nature of the DDoS threat landscape."
Hyper-volumetric DDoS attacks in the first quarter of 2023 have shifted from relying on compromised IoT devices to leveraging breached Virtual Private Servers. In general, Cloudflare reports steady DDoS activity in the first quarter of the year, with a notable 60% YoY increase in the ransom DDoS attacks, representing 16% of all recorded/reported DDoS attacks.
The pro-Russia hacker group NoName057(16) reportedly claimed it was behind Denial of Service attacks against the Finnish parliament's website on Tuesday, the day the country joined NATO. The country's Technical Research Centre of Finland was also hacked, according to Finnish news site, YLE. NoName057(16) is the same group that took responsibility for a distributed denial of service attack, taking down the website for the country's parliament last August, and who also attacked Ukraine, the U.S., Poland and other European countries. In a new study, Unveiling the New Threat Landscape, NetScout said that the U.S. national security sector experienced a 16,815% increase in DDoS attacks in the second half of 2022, many related to Killnet.
The NCA says all of its fake so-called "Booter" or "Stresser" sites which have so far been accessed by several thousand people-have been created to look like they offer the tools and services that enable cyber criminals to execute these attacks. "However, after users register, rather than being given access to cyber crime tools, their data is collated by investigators," reads an NCA advisory on the program.
Cloudflare research showed a "Massive spike" in application layer DDoS attacks in Q1 2022, while network layer attacks also jumped substantially. The DDoS attacks themselves are getting bigger, says Klaus Darilion, head of operations of the anycast service RcodeZero DNS, because the internet itself is getting bigger and attackers have more bandwidth to play with.
A microcosm of this upward trend involved exploits targeting public information sites and tied to political events, including the war in Ukraine and the midterm elections in the U.S. In response to the rise in politically motivated DDoS attacks, Google is offering a free service called Project Shield to government sites, news and independent journalists, sites related to elections and voting, and sites that cover human rights. The company reported a 400% rise in DDoS attacks on its customers during last year's election season in the U.S. In the second half of 2022, Project Shield saw over 25,000 such attacks against customers, many of them 100,000 queries per second in size.
The fake crimeware-as-a-service offerings that the NCA pretends to operate are so-called booters, also known as stressers, also known as DDoSsers, where DDoS is short for distributed denial of service. In contrast, DDoS attacks are usually much less sophisticated, making them easier for technically inexperienced crooks to take part in, but much more natural-looking, making them harder even for technically experienced defenders to stop.
In what's a case of setting a thief to catch a thief, the U.K. National Crime Agency revealed that it has created a network of fake DDoS-for-hire websites to infiltrate the online criminal underground. "All of the NCA-run sites, which have so far been accessed by around several thousand people, have been created to look like they offer the tools and services that enable cyber criminals to execute these attacks," the law enforcement agency said.
The U.K.'s National Crime Agency revealed today that they created multiple fake DDoS-for-hire service websites to identify cybercriminals who utilize these platforms to attack organizations. NCA says several thousands of people accessed its fake sites, which had a realistic appearance as a genuine booter service.