DDoS Archive

KIEV, Ukraine — Michail Fiodorov thought he had everything under control. Months before Ukranians were set to go to the polls to elect their next president, the 28-year-old campaign manager had his staff trained, robust security practices in place, and servers he’d sourced in the U.S. to prevent hackers from taking them down.

But all that preparation was erased within minutes of launching the website for his boss, comedian turned surprise front-runner Volodymyr Zelensky. Before Zelensky could even tweet a link to the site, a cyberattack overwhelmed the website’s servers with 5 million simultaneous requests, knocking all operations offline.

Nearly three months later, and with Sunday’s election looming, Zelensky leads in almost all the polls, despite what Fiodorov says has been a near-constant bombardment of cyberattacks and disinformation.

“From the first day of the campaign, we have been under attack,” Fiodorov told VICE News this week.

The type of attack that knocked Zelensky’s website offline — known as a distributed denial-of-service, or DDOS, attack — is relatively rudimentary, but the scale of this one was so big and would have cost so much that the hackers must have had significant resources. Fiodorov wouldn’t name names, but experts said there was only one credible perpetrator: Moscow.

Since Russia’s annexation of Crimea in 2014, Moscow has used Ukraine as a laboratory for its increasingly aggressive cyber-army, attacking the country’s electrical grids and disrupting its businesses, costing billions of dollars worldwide. And as Ukrainians head to the polls this weekend, their country’s electoral systems are being bombarded at rates not seen elsewhere, officials from Ukraine, Europe and the U.S. told VICE News. More concerning, they said, is that hackers are now trying to penetrate the country’s critical national infrastructure in an effort to sow chaos and confusion around Sunday’s election.

“Some critical infrastructure has been attacked in recent weeks,” said Roman Boyarchuk, the head of Ukraine’s Cyber Protection Centre. He wouldn’t say which systems were under attack, but he offered a cryptic warning ahead of the vote: “The very worst situation is that we don’t know that they have access.”

Ukrainian officials like Boyarchuk aren’t the only ones worried about what happens here over the next few days. European and U.S. officials are also paying close attention, fearing Ukraine may be a prelude to this May’s European Parliament elections and the U.S. presidential election in 2020.

“Everyone sees Ukraine as the testing ground for what is going to hit the West next from Russia,” Laura Galante, a cybersecurity analyst at the Atlantic Council, told VICE News.


Except for the few shivering supporters handing out leaflets for presidential contender and former Prime Minister Yulia Tymoshenko, Kiev on Wednesday bore few visible signs of a pending election. But just outside the city center in Ukraine’s Central Electoral Commission (CEC), a tall, imposing building that looks like a Soviet-era skyscraper turned on its side, hundreds of employees were working around-the-clock to ensure the integrity of the electoral process.

Victor Zhora, who leads a team helping protect the CEC’s network, sat at his desk worrying that hackers will attack the systems that will deliver the early results of Sunday’s vote.

“The threat of cyberattacks is big, and we need only look back to 2014 when Ukraine was the first country to suffer cyberattacks on its election systems,” Zhora, co-founder of cybersecurity firm Infosafe, told VICE News. “Thank God we have an election system which gathers official results with the use of paper ballots.”

He’s right to be worried: Experts began to notice the spike in attacks last December, when waves of phishing emails were sent to employees of government agencies, enticing them to click on Christmas greeting cards, shopping invitations, and software updates — the same method used to trick Hilary Clinton’s campaign manager, John Podesta, into giving up his email credentials. Last week, the Ukrainian cyber police reported that an email designed to look like it was coming from Interior Minister Arsen Avakov in support of a specific candidate was created in Russia on March 21.

It’s unclear how many of these attacks have been successful, but if even a single one succeeded in tricking their victims into downloading malware, it could have huge consequences for the election.

“If someone’s phishing attack was successful in December and they got access to the network, then three and a half months is enough time to be able to get to the point to be able to launch a larger attack or monitor what is going on inside networks,” Oleh Derevianko, a cybersecurity expert whose company is helping defend Ukraine’s election infrastructure, told VICE News.

The election-results systems overseen by the CEC are a particular area of concern. Earlier this month, the Ukraine cyber police said they had observed attempts by Russian hackers to “test” the CEC website and obtain information about its internal network. In February, incumbent President Petro Poroshenko blamed Russia for a distributed denial of service attack on the CEC server, while the Secret Service of Ukraine (SBU) reported that Russian hackers were attempting to uncover information about the communications network used for reporting election results, including how long it would take to recover from an attack.

Zhora knows how porous Ukraine’s election systems can be, but he says the CEC has made sure that each stage of this process has been reviewed and hardened to the point where he’s confident that it is close to impossible for hackers to infiltrate. Now, ironically, he fears that shoring up his end of things may ultimately lead hackers to go after bigger targets instead.

“We can predict a situation where an attack could be conducted on the infrastructure of the whole country, instead of attacking this election system, just to bring chaos,” Zhora said.

And that is exactly what appears to be happening. In February, the attack volume rose 30 percent compared to January, Boyarchuk said. Every week since December, up to 8,000 targeted phishing emails are sent. Last month alone, Boyarchuk’s team faced 25,000 brute force attacks — which bombard systems with username/password combinations to try to guess the right one to gain access to Ukraine’s networks. Another 30,000 attacks sought to harvest potentially valuable information. On top of that, Ukrainian officials have recorded up to 50 high-intensity DDoS attacks — similar to the one that knocked Zelensky’s campaign website offline.

As the election approaches, the volume of attacks has actually started to decrease, he said, which only worried him more.

“The regular, or what I call background-type of attack, are decreasing because they have enough preliminary information to work with, they are now trying some APT-type attacks,” Boyarchuk said. (APT refers to advanced persistent threats, a term used to describe sophisticated nation-state–affiliated hacking groups like Fancy Bear and Sandworm.)

Just the presence of these sophisticated hacking groups will scare Ukrainians who have seen large parts of their country crippled in recent years.

In 2015, and again in 2016, the Russian hacking group known as Sandworm infiltrated electricity companies and caused blackouts that impacted hundreds of thousands of citizens.

In June 2017, the NotPetya attack, which the White House blamed on Moscow, caused widespread damage to business across Ukraine — before hitting targets worldwide. And the malware behind the NotPetya attack last year may be lingering in the country’s networks.

“We cannot be sure 100 percent that everything was cleaned up completely. This is one of our worries: that bad actors left some hidden backdoors on systems in order to use it another time,” Boyarchuk said.


Russia, analysts said, no longer seems to care if people know it is conducting these attacks.

“They are far less concerned about making interventions covert,” Keir Giles, a Russia expert, told VICE News. “They are perfectly content with implausible deniability and doing things which everybody knows is actually coming from Moscow.”

In fact, that devil-may-care attitude is part of the design. The aim may not be to get one candidate or another into power — none of Ukraine’s leading candidates offer an overtly friendly position toward Russia — but to try to undermine the democratic process by sowing chaos.

“The main goal is to destabilize Ukraine, to discredit, to make chaos,” Valentyn Nalyvaichenko, a presidential candidate and a former head of the Security Service of Ukraine (SBU), told VICE News.

The second goal, then, may be to rattle the West ahead of high-stakes elections in Europe and America.

In May, EU elections will take place in at least 27 countries across the continent, and there are already indications that Russia is aiming to interfere in the outcome. Last week FireEye released a report that showed hackers affiliated with Fancy Bear and Sandworm have already tried to hack into systems belonging to governments across Europe.

Merle Maigre, who heads up government relations with Estonian cybersecurity company Cybexer, is paying close attention to Ukraine precisely for that reason.

Working with the EU, Cybexer conducted a three-day training exercise for Ukranian officials earlier this month to help prepare them for possible attacks from Russia.

“I think Ukraine is a test bed, and it is important therefore to show an awareness of what’s happening in Kiev to be able to prepare ourselves for what could happen in Paris, Brussels, London or Berlin,” Maigre told VICE News.

Maigre’s not alone. Western countries have been pouring resources into Ukraine to help the country protect its elections and gain critical insight. NATO, the U.S., the EU and organizations like the International Foundation for Electoral Systems have all played a vitally important role in bolstering Ukraine’s cyber defenses in recent years. In May 2018, the U.S. State Department pledged $10 million in cybersecurity aid to Ukraine.

A U.S. official based in Kiev said Washington is not just worried about Ukraine’s election running smoothly but also concerned how it will impact its own elections.

“I think we see Ukraine as a front line in active hybrid war, and we are always concerned that anything tested here might be used elsewhere,” the official, who was not authorized to speak publicly, told VICE News. “It is no secret that there are people interested in exploiting cyber vulnerabilities in Ukraine. We prefer they don’t get experience here that they can use on us.”

As the election nears, Boyarchuk said, officials from the U.S. and EU are stationed in Kiev, “actively helping” Ukrainian officials by monitoring attacks, sharing information about new threats and updating databases listing indicators of compromise.

But both the EU and the U.S. have been shy about how actively involved they are in supporting Ukraine’s intelligence agencies ahead of the elections (one source at the U.S. Embassy in Kiev denied that U.S. officials were currently monitoring Ukrainian networks), and organizations like NATO have mostly kept a low profile, wary of giving Russia another excuse to increase its aggression toward Europe.

“NATO doesn’t want to be seen to be meddling with the electoral process in Ukraine, for reasons you can easily understand,” Antonio Missirolli, NATO assistant secretary-general, told VICE News at NATO headquarters in Brussels in February. “[But] of course, we are concerned about the possibility that that could happen on the landscape — especially in Ukraine.”

For all the money and resources poured into Ukraine in the last five years to boost its cyber defenses, officials worry it’s a drop in the bucket compared to an adversary like Russia. The head of the Foreign Intelligence Service of Ukraine (FISU), Yegor Bozhok, recently claimed that the Kremlin has allocated $350 million to its intelligence services to finance interference in Ukraine’s elections.

In his offices in a modern, glass-fronted building in the northwest part of Kiev, Derevianko worried over the things that have been missed.

“There is definitely more attention, but I can’t say there is enough attention,” Derevianko, said. “There is certainly more of an understanding of the dangers and the risks, but the state authorities are still quite slow in implementing the protective measures.”

Source: https://news.vice.com/en_us/article/bjqe8m/inside-the-massive-cyber-war-between-russia-and-ukraine

A man has been charged over cyber-attacks which targeted the websites of two police forces.

Liam Reece Watts, 19, of Stratford Road in Chorley, Lancashire, faces two counts of unauthorised acts with intent to impair operation of or prevent access to a computer.

The charges relate to deliberate denial of service (DDoS) attacks on the Greater Manchester and Cheshire forces.

He is due to appear at Chester Magistrates’ Court later.

DDoS attacks involve flooding a target’s service with extremely high volumes of traffic in an effort to overwhelm them.

Source: https://www.bbc.com/news/uk-england-lancashire-47708237

Service availability is a key component of the user experience. Customers expect services to be constantly available and fast-responding, and any downtime can result in disappointed users, abandoned shopping carts, and lost customers.

Consequently, DDoS attacks are increasing in complexity, size and duration. Radware’s 2018 Global Application and Network Security Report found that over the course of a year, sophisticated DDoS attacks, such as burst attacks, increased by 15%, HTTPS floods grew by 20%, and over 64% of customers were hit by application-layer (L7) DDoS attacks.

Some Attacks are a Two-Way Street

As DDoS attacks become more complex, organizations require more elaborate protections to mitigate such attacks. However, in order to guarantee complete protection, many types of attacks – particularly the more sophisticated ones – require visibility into both inbound and outbound channels.

Some examples of such attacks include:

Out of State Protocol Attacks: Some DDoS attacks exploit weaknesses in protocol communication processes, such as TCP’s three-way handshake sequence, to create ‘out-of-state’ connection requests, thereby drawing-out connection requests in order to exhaust server resources. While some attacks of this type, such as a SYN flood, can be stopped by examining the inbound channel only, others require visibility into the outbound channel, as well.

An example of this is an ACK flood, whereby attackers continuously send forged TCP ACK packets towards the victim host. The target host then tries to associate the ACK reply to an existing TCP connection, and if none such exists, it will drop the packet. However, this process consumes server resources, and large numbers of such requests can deplete system resources. In order to correctly identify and mitigate such attacks, defenses need visibility to both inbound SYN and outbound SYN/ACK replies, so that they can verify whether the ACK packet is associated with any legitimate connection request.

Reflection/Amplification Attacks: Such attacks exploit asymmetric responses between the connection requests and replies of certain protocols or applications. Again, some types of such attacks require visibility into both the inbound and outbound traffic channels.

An example of such attack is a large-file outbound pipe saturation attack. In such attacks, the attackers identify a very large file on the target network, and send a connection request to fetch it. The connection request itself can be only a few bytes in size, but the ensuing reply could be extremely large. Large amounts of such requests can clog-up the outbound pipe.

Another example are memcached amplification attacks. Although such attacks are most frequently used to overwhelm a third-party target via reflection, they can also be used to saturate the outbound channel of the targeted network.

Scanning Attacks: Large-scale network scanning attempts are not just a security risk, but also frequently bear the hallmark of a DDoS attack, flooding the network with malicious traffic. Such scan attempts are based on sending large numbers of connection requests to host ports, and seeing which ports answer back (thereby indicating that they are open). However, this also leads to high volumes of error responses by closed ports. Mitigation of such attacks requires visibility into return traffic in order to identify the error response rate relative to actual traffic, in order for defenses to conclude that an attack is taking place.

Server Cracking: Similar to scanning attacks, server cracking attacks involve sending large amounts of requests in order to brute-force system passwords. Similarly, this leads to a high error reply rate, which requires visibility into both the inbound and outbound channels in order to identify the attack.

Stateful Application-Layer DDoS Attacks: Certain types of application-layer (L7) DDoS attacks exploit known protocol weaknesses or order to create large amounts of spoofed requests which exhaust server resources. Mitigating such attacks requires state-aware bi-directional visibility in order to identify attack patterns, so that the relevant attack signature can be applied to block it. Examples of such attacks are low-and-slow and application-layer (L7) SYN floods, which draw-out HTTP and TCP connections in order to continuously consume server resources.

Two-Way Attacks Require Bi-Directional Defenses

As online service availability becomes ever-more important, hackers are coming up with more sophisticated attacks than ever in order to overwhelm defenses. Many such attack vectors – frequently the more sophisticated and potent ones – either target or take advantages of the outbound communication channel.

Therefore, in order for organizations to fully protect themselves, they must deploy protections that allow bi-directional inspection of traffic in order to identify and neutralize such threats.

Source: https://securityboulevard.com/2019/03/ddos-protection-requires-looking-both-ways/

Recent years have seen a boom in tech innovation.

From newly connected cities and organisations built on the backbone of the Internet of Things (IoT) and artificially-intelligent chatbots that tackle customer service issues to cloud storage and computing that allows companies to avoid data access delays and puts information directly into the hands of employees that need it, the benefits of such innovations are being reaped everyday.

However, as technology enables the world to become more open and connected, the embracing of global digital transformation has created new cybersecurity risks and expanding cyber-attack surfaces.

Password theft

In January 2019, a database containing over 773 million unique email addresses and 21 million unique passwords resulting in more than 2 billion email/password pairs was discovered on the dark web.

Cyber security experts reviewing the database claim that this collection, dubbed Collection #1, is the largest data breach on the internet. As the moniker may reveal, Collection #1 was only the beginning for 2019’s cybersecurity woes.

In the weeks after its discovery, cybersecurity journalists discovered seven additional collections totalling 500GB of data for sale.

Experts say that the depth and breadth of data leaks will continue to increase as businesses and individuals continue to leverage next-gen technology.

“The explosion of companies deploying IoT solutions, for example, is creating vulnerabilities,” explained Kevin Mitnick, one of the world’s most infamous white-hat hackers who will be taking to the Dark Stage at a cyber security event in Dubai next month. “While IoT enabled devices can make businesses more efficient, each device is also a new endpoint ripe for hacking.

“And it isn’t limited to the device itself, or even the network. There are botnets that use hordes of compromised IoT devices to overwhelm targets in DDoS attacks.”

Brick-and-mortar establishments are leveraging digitalisation to streamline their sales, creating point-of-service pages and other customer-facing forms online. Where the end-user sees a new wave of retail convenience, cybercriminals simply see a refreshed revenue stream.

“Formjacking” preys on e-commerce sites and forms that require financial information to be entered. Malicious code injected into the site by a cybercriminal collects any information entered into the form, including card details, email addresses and names.


While it is not a new form of cybercrime, security outfit Symantec reported 4,818 unique websites were compromised with formjacking code every month in 2018, totalling 3.7 million attacks. A full third of those attacks were blocked in November and December.

Social engineering — manipulating human behaviour — is still key in the cybercriminal’s toolkit. However, the advent of Artificial Intelligence is making deceiving consumers just a little bit easier. AI-driven chatbots are already used to streamline customer service instances, answering frequently asked questions and directing customers to readily available information.

According to research firm Gartner, 85 per cent of customer interactions will be handled without a human agent by 2020. With the latest innovations in machine learning, however, chatbots can now be exploited by hackers to trick customers into giving away sensitive information or clicking on malicious links.

Cybercriminals only need to make a chatbot look like it is from a reputable organisation to fool users who are not on their guard.

As companies move their data and, increasingly, their services to the cloud, it is clear that data access has removed barriers for employees. No longer do employees have to track down information they need to complete a task, and the risk of that data becoming lost has decreased significantly.

However, as cloud computing has reduced barriers for employees, it has done the same for cybercriminals. Cloud resources are increasingly easy targets for cybercriminals, with more than 70 million records stolen or leaked from poorly configured S3 public cloud storage buckets in 2018 alone.

Attackers are continuously evolving. Protecting your business and data is no longer a case of simply installing solutions and making the required updates.

Source: https://gulfnews.com/technology/cyber-threats-are-reaching-for-the-cloud-and-more-1.62860371

Cyber-attacks could cost the UK economy over £1bn every year according to new data by research firm Netscout.

The research shows that in 2018, businesses experienced a downtime average of 67 minutes per attack, and each successful attack costed over £140,000, which worked out at an average cost of £2,140 per minute.

“Our research reveals that the average enterprise has 22 security tools in place – and – anecdotally we know that some have far more,” said Darren Anstee, CTO, Security at Netscout.

“Businesses have invested in new tools and technologies to deal with new threats, but this hasn’t resulted in a reduction in risk.

“A complex security stack can lead to an inconsistent picture of what is really going on, slowing down operational processes and reducing the effectiveness of security personnel, whilst creating gaps for attackers to exploit.

“As a result, companies are waking up to the fact that they need a well-integrated security stack and a consistent view across their virtual, physical and cloud resources.”

The findings also revealed that the threefold YoY increase in the number of DDoS attacks against SaaS services, from 13% to 41%.

“In leaning on outsourced security professionals, businesses are identifying the short-falls of their internal processes and capabilities and are moving to address risk in the only way they can.” added Anstee.

“There is nothing wrong with this strategy, as long as businesses are clear that they still own the underlying risk.”

Netscout found that 61% of respondents stating that security concerns are creating a barrier to cloud adoption.

For Service Providers, cloud-based services were increasingly targeted by DDoS attacks, up from 25% in 2016 to 47% in 2018.

The report also revealed that in 2018, 60% of service providers witnessed attacks traversing their networks that were targeting governments, up from 37% last year, and the size of the attacks exploded to a record-breaking 1.7Tbps, with the targets and techniques continuously evolving.

In addition to that, in 2018, the average global cost of one hour of downtime associated with internet service outages caused by DDoS attacks was $221,836.80.

Germany had the highest downtime costs, at $351,995, while Japan paid the least for an hour of network downtime at $123,026.

Source: https://data-economy.com/the-cost-of-ddos-cyber-attacks-on-the-uk-economy-may-exceed-1bn-per-annum-report/