Posted on November 5, 2022 at 6:02 AM
DDoS Attack From Killnet Threat Group Frustrated By The US Treasury
The US Treasury Department stated recently that it blocked a distributed denial of service (DDoS) attack linked to the Russian hacktivist group Killnet.
The same group claimed responsibility for hitting on over a dozen airports’ websites in the U.S. on October 10 in another network-traffic flooding incident. However, the extensive DDoS attack did not have any impact on air travel or cause any operational issues in the airports.
24 hours after the attack, the hacking syndicate claimed that they unleashed another bot attack on JPMorgan Chase, but they were unable to have any meaningful impact on the target.
The Attack Was Unsuccessful
The recent Killnet DDoS attack on US Treasury did not have any impact on the target, according to Reuters, which first reported the incident.
The hacking incident is “pretty low-level DDoS activity targeting Treasury’s critical infrastructure nodes,” says Todd Conklin, counselor to Deputy Secretary Wall Adeyemo on cybersecurity.
Killnet is rapidly gaining traction as a hacking group, although the impact of its activities cannot be compared with other notorious Russian-linked or Korean-linked hacking syndicates. The threat group is relatively new and unsophisticated.
Cybersecurity researchers who have helped to uncover the group’s activities say the hackers’ “nuisance-level-DDoS attacks” are generally ineffective. They are set up to target major agencies and organizations but do not have the necessary tools to carry out successful attacks on their targets, according to the researchers.
Amsterdam-based threat intelligence tech services provider EclecticIQ’s Threat Research team, in a blog post, said that the Killnet group seems to have only the ability to launch DDoS attacks with short-term impact. The researchers noted that the group’s attack does not have lasting damage to the victim’s network infrastructure.
Killnet Shifted To A Hacktivist Group After Russia’s Invasion Of Ukraine
The Killnet group was initially formed as a hire-for-hire group. The actors didn’t record much success in their activities. But following the invasion of Ukraine by Russia, the criminal gang shifted its focus to a pro-Russian hacktivist. Although the gang has a limited impact with its DDoS stunt, it is still considered by the multi-national joint cybersecurity advisory as a threat to critical infrastructure.
The activities of the group have not been well documented, but Killnet has claimed responsibility for some DDoS incidences in the past.
Last month, the group claimed to have been responsible for hitting on the US state government websites in Mississippi, Kentucky, Colorado, and other states. According to the group, the reason for the attack was America’s continued support for Ukraine after Russia invaded the country in February. Killnet has also claimed responsibility for other similar attacks in different regions, including in Japan, Lithuania, and Romania.
Ransom Payments To Threat Actors Increase Despite Warnings
The news of the blocked Killnet DDoS attack came as the US Treasury provided updates for its most recent Financial Trend Analysis report on the menace of ransomware. According to the report, US banks paid out a total of $1.2 billion to ransomware actors and other extortionists in 2021. The US Treasury and other agencies have continued to warn organizations on the need to stop negotiating with the threat actors over the ransom.
However, the trend continues, especially for organizations that have critical documents to protect and keep safe. In most cases, ransomware negotiations or deals are kept as a secrete between the threat actors and the victimized organization. Most affected organizations would prefer paying the ransom than risk losing their encrypted files or having them fall into the hands of other hackers. Additionally, lawsuits from the affected clients may be much higher than the ransom being paid.
A large Number Of Attacks Linked To Russia
The Bank Act filling in 2021 reported that the number of attacks and the amount paid in 2021 has exceeded that of other years. The Financial Crimes Enforcement Network of the US Treasury reported that there were 1,489 ransomware-related filings worth $1.2 billion in 2021. This is a massive 188% surge from the $416 million filed the previous year.
Based on the findings from the US Treasury, ransomware has continued to play a major threat role to US organizations, especially those handling critical infrastructure. They are also a serious threat to businesses and the public. The report also revealed that a large number of attacks recorded this year on U.S. soil are connected to Russia.