Cyber-attacks have been ongoing in the tensions between Russia and Ukraine and globally organizations have been warned to build up their online defenses as the conflict tumbles into warfare.
Specifically, attacks against Ukraine’s government organizations and financial institutions have seen the prolific use of distributed denial-of-service (DDoS) attacks.
On 23 February 2021, the websites of Ukraine’s government, foreign ministry and state security service were down in what Ukraine’s Minister of Digital Transformation said what a mass DDoS attack on the state.
What a DDoS attack involves
DDoS attacks at their core take a network down. Simple, but effective, they disrupt traffic and overwhelm the bandwidth to ultimately prevent any users from accessing websites and services.
Rob Demain, CEO and founder at e2e-assure explained further: “A traditional DDoS attack overwhelms systems and stops organizations from accessing or processing information, but the attackers here are trying to paralyze Ukrainian services to disrupt them.
“As an example, disrupting the internet services in Ukraine would prevent news from getting out and make communications more difficult. At present, the focus for attacks at present seems to be Ukrainian government and banking institutions.”
Ultimately, DDoS attacks take down a service, rather than gather intelligence or encrypt files for ransom.
If you are hit by a DDoS attack your organization can expect to see a huge spike in website users on your network as waves of artificial traffic attack your websites and networks.
History of DDoS attacks
This is not the first time DDoS attacks have been used in times of conflict or geopolitical tensions.
In 2009 Kyrgyzstan was subjected to DDoS attacks from Russia and in 2017 a Chinese state-sponsored hacking group targeted Google in what the company said was one of the largest DDoS attacks in its history. DDoS attacks were also used against Hong Kong’s Umbrella Revolution in 2014.
The reason DDoS attacks are common in this context is because they are non-technical and do not require advanced hacking skills.
“There are tools widely available online, some of them are free even so all you have to do is just find the necessary tool and launch an attack,” explained network engineer, Andreas Grant, founder of Networks Hardware, who said he has had to face his fair share of DDoS attacks over the years. “Some of these attacks are even sponsored by governments, possibly the one in Ukraine, so they already have all the resources necessary. Moreover, it’s easy to target financial services and banking websites which can have a crippling effect.”
In addition, Dan Lohrmann, field CISO at Presido, points out that DDoS attacks can provide a diversion from other cyber-attacks by drawing attention away from other cyber intrusions. We know on 23 February for example new malware was discovered being used by the hacking group Sandstorm.
Protecting your organization against DDoS attacks
Many in the cyber security community, from government organizations to cyber vendors, have produced guides for organizations to take note of during this time but here are some of the key areas of focus CS Hub has discussed with its connections.
- Importantly there needs to be a plan in place for your organization to help you respond quickly and effectively, said Demain, along with many others. In addition, practice your incident response plan and run tabletop exercises.
- Ensure you have sufficient endpoint detection and response (EDR). “EDR should be deployed to all end user devices and servers and extended across your email and key cloud services. If you don’t have it already – look to acquire this capability quickly,” said Demain. “When it comes to traditional DDoS attacks, there are plenty of widely available services to choose from; our advice is to consider the impact of a DDoS on your organization and put such a service in place as soon as possible.”
- As always, 27/7 security monitoring is key. “If your SOC/security operation doesn’t operate 24/7 then contact your provider to have this set up and increase your chances of being able to react to an attack,” Demain said.
- Finally stay informed, the UK and US government agencies are constantly providing guidance – especially during the recent spike in cyber-attacks.
More guidance can be found the US Cybersecurity and Infrastructure Security Agency website and the UK’s National Cyber Security Centre website.