This article is more than 1 year old
FBI: Russian hacktivists achieve only 'limited' DDoS success
OK, so you've got a botnet. That don't impress me much
Pro-Russia hacktivists' recent spate of network-flooding bot traffic aimed at US critical infrastructure targets, while annoying, have had "limited success," according to the FBI.
Historically, hacktivists time their distributed denial of service (DDoS) attacks to coincide with high-profile real-world events. And true to form, network flooding has followed the Kremlin's illegal invasion of neighboring Ukraine.
While the FBI alert doesn't name said hacktivists in its latest cyber squad notification [PDF] for private industry, the Feds may be talking about Killnet, a "relatively unsophisticated" gang whose "nuisance-level DDoS attacks" don't live up to its rhetoric, according to security researchers.
This is the group of pro-Kremlin miscreants that claimed responsibility for knocking more than a dozen US airports' websites offline on October 10. However, the large-scale DDoS attack didn't disrupt air travel or cause any operational harm to the airports.
A day later, the same criminals claimed they unleashed another bot army on JPMorgan Chase, but saw similarly feeble results.
And then last week, a US Treasury Department official said the agency thwarted a "pretty low-level" DDoS attack targeting the department's critical infrastructure nodes, also attributed to Killnet.
In case the pattern hasn't become clear, the FBI summarizes it thus:
These attacks are generally opportunistic in nature and, with DDoS mitigation steps, have minimal operational impact on victims; however, hacktivists will often publicize and exaggerate the severity of the attacks on social media. As a result, the psychological impact of DDoS attacks is often greater than the disruption of service.
The group may have had more success in Eastern Europe, claiming more than 200 victim websites in Estonia plus Lithuanian energy company Ignitis Group's website and e-services as DDoS casualties.
These types of security events don't require much technical know-how, and there's a range of open-source DDoS tools that hacktivists can use to flood target organizations' networks with junk traffic. Both of these things make DDoS attacks relatively easy — and, thus, attractive — for miscreants looking to pull off publicity stunts, but they're seldom annoying with the right setup.
- US Treasury thwarts DDoS attack from Russian Killnet group
- Pro-Putin goons claim responsibility for blowing US airport websites offline
- Eastern European org hit by second record-smashing DDoS attack
- Five Eyes nations fear wave of Russian attacks against critical infrastructure
However, even if they don't directly affect operations, DDoSes do hurt business by preventing legitimate customers from accessing a company's website. So to help avoid these junk-traffic floods, the FBI suggests enrolling in a denial of service protection service that detects and redirects abnormal traffic flows.
Organizations should also partner with local ISPs prior to a DDoS event and create a disaster recovery plan to minimize downtime and ensure efficient communication and mitigation in the case of an attack, according to the FBI.
Kaspersky: 'smart' DDoS attacks on the rise
Before writing off DDoS attacks entirely as the unimpressive work of hacktivists, however, a third-quarter DDoS report by Kaspersky cited a "significant rise in smart attacks" globally — these are the more sophisticated security events conducted by professional criminals.
In Q3, the number of all types of DDoS attacks increased compared to previous reporting periods. While the overall number jumped 47.87 percent compared to Q3 2021, the number of smart DDoS attacks doubled, according to the security firm. It's worth noting these include both pro-Russia and pro-Ukraine politically motivated attacks.
Additionally, the DDoS attacks on HTTPS for the first time this quarter exceeded those on TCP, despite the latter being easier to conduct and still the most common type of network floods.
While Q3 didn't set any new records in terms of attack duration (that dubious honor goes to the previous three months, with the longest attack on record) on average attacks lasted about eight hours and the longest lasted nearly four days.
"Compared to the previous quarter, this seems rather modest, but the numbers are still huge: in Q3 of last year, the duration of DDoS attacks was measured in minutes, not hours," according to the report. "In this regard, the situation remains challenging." ®