A hacker group in Russia called Killnet has claimed credit for a series of attacks that took down US airport websites on October 10. A lot of airport websites were affected this month, such as LAX in Los Angeles, ORD for Chicago O’Hare, and ATL for Atlanta Hartsfield-Jackson International. Although, the DDoS attacks were able to take down some websites for a little while, as of yet there’s no indication that it has been able to disrupt airport operations. However, these DDoS attacks and who is behind them brings up questions about cyber threats to critical infrastructure.
Fear not, we have hired an outside agency! This is not the first time these radicalized youths have made the headlines. Just weeks ago, they attacked Arkansas, South Carolina, and Tennessee’s websites as well. The Cybersecurity & Infrastructure Security Agency (CISA) released an alert in April with more details on Russian state-sponsored and criminal cyber threats facing critical infrastructure. The alert includes information about Russian actors and many other threat groups.
The recent DDoS attack on air traffic control systems illustrates that susceptibility is still an issue. Airlines were able to restore their sites soon after, but the vulnerability of the system shows that there are still fixes needed. FlyLAX.com among other similar services, relies on the Nginx server to manage and transmit their data. Nginx is an open-source server that has been known for its vulnerabilities since it was first introduced. Open-source code is easier for hackers to exploit and slower to be patched, according to Richard Gardner. He recommends moving away from open-source servers code in order to help prevent cyberattacks.
DDoS attacks like this are annoying because they don’t cause any damage to underlying systems, but we need to take them seriously. They can really erode the confidence of your cybersecurity protection for important services like power and water grids that people rely on. Matt Hayden, Vice President of Cyber Client Engagement at IT company General Dynamics a.k.a GDIT and former Assistant Secretary for Cyber, Infrastructure, Risk, and Resilience Policy at the US Department of Homeland Security says that there is more to a cybersecurity resume than just certifications and degrees.
Considering Russia’s ongoing war in Ukraine and the Warsaw Charter, it’s safe to say that Russia will continue targeting countries that support Ukraine. CISA has told us that Russia’s invasion of Ukraine could expose organizations both within and outside the region.
Killnet has had significant success with their DDoS attacks. These disruptions were intentional and grew large amounts of attention from the media, which is important to them as well. Other threat actors may start doing the same thing, which could be detrimental to your network security.
We might have expected an attack like this from Killnet. And, frankly, if this is their focus- it’s likely that there are others who’ll be inspired to pick up the mantle and start attacking America in the same way.
DDoS attacks are becoming more and more common in 2022. Web performance and security company Cloudflare reported that it had seen some of the largest ever DDoS attacks this Q2. Application-layer DDoS attacks were 72% higher in the second quarter than they were in Q2 last year, while network-layer attacks climbed by 109%.
Victims of DDoS attacks may experience less damage such as leaked data, but are more vulnerable to other cyber threats. “After being hit with a DDoS, it is important to identify what kind of attack occurred and where the origin lies.” (OR “After being hit with a DDoS attack, it is important to know the type of attack that occurred and the origin.” Sally Vincent, LogRhythm’s top security engineer, suggests that the mass-email attempt should be used to evaluate architecture or application security changes that could be used to stop future attacks. ‘Some organizations get hit by DDoS attacks in order to cover up other more damaging cyberattacks. To help avoid this, it’s important for businesses hit by a DDoS attack to evaluate their entire IT infrastructure.’
DDoS attacks can be initiated by launching a slew of requests to flood and crash websites. They are a relatively straightforward way for hackers to cause havoc. Critical infrastructure is also an appealing target for hackers who can do lasting damage with DDoS campaigns. Mr. Tom Kellerman, who should be careful in security, says that the DDoS attacks are a smokescreen for long-term intrusion campaigns .The DDoS attacks are like the smokescreen for long-term intrusion campaigns that is designed to cover his tracks. Mr. Tom Kellerman, who is a security expert, says that the attacks are used to cover up clandestine activities of hacking and surveillance campaigns.
It has been widely noted that critical infrastructure is open to cyberattacks. “Attacking an organization’s site with ransomware or other malicious hacks can ruin the entire business. Frequently using outdated technology and a mix of old and new equipment makes it difficult to secure against such attacks.” says Robert Mitchell.
Killnet’s latest attacks have offered us the chance to examine how critical infrastructure is safeguarded from cyber-attacks. It’s important to be well prepared for the next attack which could disrupt vital services like power, fuel and water.
When considering cybersecurity best practices, like zero trust and vulnerability scanning, that can help you protect yourself against a potential DDoS attack, never forget to check the security of IoT devices. Vincent also recommends threat intelligence monitoring. Remember that targets are often announced well in advance; Killnet named the airport website targets on Telegram and called for support
Given their goals, I would suspect that they will likely target critical infrastructure in NATO countries. As soon as they do we will need to be ready.