Posted on April 8, 2023 at 8:48 AM
Pro-Russia hacktivist groups launch DDoS campaigns targeting Finland and Israel
Pro-Russia hacktivist groups have launched coordinated distributed denial-of-service (DDoS) attacks against other countries. Two Russian hacking groups recently launched attacks targeting Finland and Israel this week, signaling more exploits in the future.
Pro-Russia hacktivist groups launch DDoS campaigns
The attacks that were conducted recently were attributed to the NoName057 (16) hacking group that claimed to be behind a DDoS attack against the website of the Finnish parliament after the country joined NATO. The Finnish Technical Research Center of Finland was also the victim of a hacking attack.
The hacking group also claimed responsibility for another DDoS attack that took down the website of the Finnish parliament in August last year. NoName057 has also been attributed to attacks against Ukraine, the US, Poland, and European countries. Earlier this year, there were reports that the GitHub account of NoName057 (16) was taken down after the group was linked to an attempt to breach the websites of Czech presidential election candidates.
Another pro-Russia hacktivist group, KillNet, was linked to a major exploit against Check Point. The group also targeted universities and medical centers in Israel. The group behind the attack was known as “Anonymous Sudan,” but experts believe the group has close ties to KillNet.
“The messages that come from these groups are mostly in Russian and English. It’s a bit like how the FBI does profiling: they look for similar MOs and tools and backtrack to sources. In the case of DDoS attacks, you are looking at lots of different devices worldwide from different regions of the world that are all at once trying to access a certain website,” said the CTO and co-founder of Armis security firm, Nadir Izrael.
KillNet group linked to major attacks globally
The KillNet hacking group has been linked to major attacks globally. The group has relentlessly targeted US organizations this year and the last. A recent study dubbed “Unveiling the New Threat Landscape” noted that the US national security industry reported a 16,815% increase in DDoS attacks in the second half of last year, with most of these attacks attributed to the KillNet group.
There was a significant increase in attacks after US President Joe Biden made his remarks during the G7 summit held in June 2022. Another wave of attacks happened after Biden and French President Emmanuel Macron reiterated their support for Ukraine towards the end of 2022.
The increased cyberattacks in the US healthcare system have already cost $10 million. This is significant given that the average data breach cost globally in 2021 was $4.35 million.
According to the NetScout’s ATLAS sensor network, the exploits conducted against websites by the KillNet hacking group and other hackers in the last half of 2022 triggered a 487% increase in HTTP/HTTPS application-layer DDoS attacks since 2019.
The firm said DDoS attacks threaten organizations globally and challenge their ability to offer services. Given the recent rise in DDoS attacks and the growing arsenal and sophistication of hackers, organizations need to formulate a strategy that will adapt to the dynamic nature of the DDoS ecosystem.
According to the company, direct-path and traditional reflection attacks have grown by 18% in the last three years. NetScout said that in 2022, 1.35 million bots generated by malware like Meris, Mirai, and Dvinis triggered 350,000 security alerts, with 60,000 of these alerts issued by security providers.
The telecommunications sector reported a 79% increase in DDoS attacks since 2020. The growth of these attacks is attributed to the rollout of 5G networks. Moreover, DNS query flood attacks have increased three times since 2019. The average daily count for attacks in 2022 was around 850, a 67% increase from 2021.
NetScout said the attacks mainly targeted national security and the commercial banking industry in North America, Europe, Africa, and the Middle East. Moreover, there was a high likelihood that these attacks were related to the ongoing conflict between Ukraine and Russia.
Despite DDoS attacks being on the rise, organizations have often found themselves unable to protect against exploits because hackers can exploit multiple vulnerabilities. Therefore, DDoS protection service providers must conduct larger campaigns on more complex institutions. A firewall solution can also be used for protection.
The defensive measures that organizations can take include detecting and issuing patches for operating systems and application-level vulnerabilities. Organizations should also invest in specialized training in ethical hacking and defensive measures because of the shortcomings in cybersecurity talent.