The war between Russia and Ukraine should trigger a big warning sign for anyone in charge of national cyber protection in transportation, health and stock markets; However, without knowing how effective your defense systems are at any time, it will almost certainly find themselves facing extensive damage to their organizations services if targeted by a cyber DDoS attack
The fighting between Russia and Ukraine has highlighted the new warfare. In today’s climate, wars between countries are being waged not only on the battlefield but also in the digital realm. More specifically in this case through damaging DDoS (distributed denial-of-service) cyberattacks, which cause the shutdown of computing services — specifically affecting, in these cases, major national and financial entities on both sides.
DDoS attacks are cyberattacks launched at internet servers to prevent service and disable computer systems. These attacks prevent users from accessing the services of the attacked organization — i.e., no one can enter a website and/or access normally available services or perform any online actions, such as banking, payment, trading, news and ticketing services. These damaging crashes can last from several hours to days.
A few days before Russia invaded the Ukraine, two large banks in Ukraine suffered from major DDoS attacks leading to them being shut down for several hours. This prevented stock trading and access to ATM machines. It resulted in an inability to process credit cards at supermarkets and gas stations. News sites were down. And much more. The attacks were devastating for those who were trying to operate in already stressful conditions, and obviously upsetting for those trying to understand what was happening.
Even though DDoS attacks have been part of modern conflict previously — specifically, against Georgia and Israel — what happened in February was the first time that DDoS took center stage as a major player in a violent conflict between two countries. That is how tangible the impact of the attacks was — for people who needed cash, or gas, or food from the supermarket, let alone on those requiring information on military activities in the area.
What can we learn from these cyberattacks, and how can we prepare for and defend against them in the future?
Many recent DDoS attacks are performed by a readily and easy to access, publicly available online systems which are abused to launch DDoS attacks on behalf of malicious attackers, where large number of traffic requests are sent to a target victim which are far beyond the capacity which it can handle. Preventing legitimate users from accessing the systems and leading to the complete collapse of the site.
When we think of hackers, most of us imagine a person sitting at a computer probably wearing a hoodie while vigorously constructing complex code to launch extensive attacks. This is great in a Hollywood movie, but in reality, today, unlike other cyberattacks, which require considerable technological knowledge and financial resources – i.e., you need to be a seasoned hacker and have a lot of funds, DDoS is a simpler and relatively easily launched cyberattack that is accessible to less seasoned hackers to launch. And in many cases, it has better financial incentives and, as seen now in warfare, has real-world impact too.
Recent events in Russia and Ukraine brought to light some key insights on today’s DDoS attacks. The application of DDoS attacks to traditional warfare has been recognized by state actors. Previously, DDoS attacks were most commonly used for ransom and competition purposes, they are now being used quite effectively in conjunction with traditional warfare. Other may catch on to apply this to forms of economic warfare — for example, targeting stock markets more intensively and for prolonged periods.
The events of recent weeks should trigger a big warning sign for anyone in charge of national cyber protection in transportation, health and stock markets, as well as infosec and CISO’s in banking, fintech and other online platforms which require real-time connectivity for production.
You have two critical elements to preventing a successful DDoS campaign targeting your organization. First, deploy a hybrid mitigation solution capable of mitigating DDoS attacks. Second, continually quantify your existing DDoS risk and patch those vulnerabilities in your mitigation platform.
Without knowing how effective your defense systems are at any time, any CISO or head of security operations not quantifying and patching DDoS risk, will almost certainly find themselves facing extensive damage to their organizations services if targeted by a DDoS attack.