Security News

A massive distributed denial-of-service attack forced Israeli officials Monday to temporarily take down several government websites and to declare a state of online emergency to assess the damage and begin investigating who was behind the incident. In a tweet, the Israel National Cyber Directorate said it had detected the DDoS attack against a communications provider and that several websites had been taken down, though all have since resumed normal activity.

A number of websites belonging to the Israeli government were felled in a distributed denial-of-service attack on Monday, rendering the portals inaccessible for a short period of time. "In the past few hours, a DDoS attack against a communications provider was identified," the Israel National Cyber Directorate said in a tweet.

Rostec, a Russian state-owned aerospace and defense conglomerate, said its website was taken down today following what it described as a "Cyberattack." Rostec claims the website was brought back online quickly and attributed the attack to Ukrainian "Radicals."

DDoS attacks expand as cybercriminals target cloud providers and ransomware victims. Cybercriminals expanded the types of organizations at the receiving end of DDoS attacks.

In a Wednesday threat advisory, Cisco Talos described a campaign it's observed in which a threat actor was offering a supposed distributed denial-of-service tool on Telegram that's purportedly meant to pummel Russian websites. The crisis has brought both new threats and an influx of actors "Of varying skill," Cisco said.

Miscreants have launched massive, amplified distributed denial-of-service attacks by exploiting a vulnerability in Mitel collaboration systems. "This particular attack vector differs from most UDP reflection/amplification attack methodologies in that the exposed system test facility can be abused to launch a sustained DDoS attack of up to 14 hours in duration by means of a single spoofed attack initiation packet, resulting in a record-setting packet amplification ratio of 4,294,967,296:1," the task force added.

The attack vector - dubbed TP240PhoneHome - has been weaponized to launch significant DDoS attacks targeting broadband access ISPs, financial institutions, logistics companies, gaming firms, and other organizations. "Attackers were actively leveraging these systems to launch reflection/amplification DDoS attacks of more than 53 million packets per second."

A new reflection/amplification DDoS method is being used in attacks that provides a record-breaking amplification ratio of almost 4.3 billion to 1. As detailed in a report that Akamai shared with Bleeping Computer before publication, a new attack vector relies on the abuse of insecure devices that serve as DDoS reflectors/amplifiers.

Cybersecurity company Imperva on Friday said it recently mitigated a ransom distributed denial-of-service attack targeting an unnamed website that peaked at 2.5 million requests per second. "While ransom DDoS attacks are not new, they appear to be evolving and becoming more interesting with time and with each new phase," Nelli Klepfish, security analyst at Imperva, said.

As the ongoing Russia-Ukraine conflict continues to escalate, the Russian government on Thursday released a massive list containing 17,576 IP addresses and 166 domains that it said are behind a series of distributed denial-of-service attacks aimed at its domestic infrastructure. As part of its recommendations to counter the DDoS attacks, the agency is urging organizations to ringfence network devices, enable logging, change passwords associated with key infrastructure elements, turn off automatic software updates, disable third-party plugins on websites, enforce data backups, and watch out phishing attacks.