Distributed denial-of-service (DDoS) attacks by pro-Russian hacking groups have caused alarm in the US and Denmark after several incidents affected websites of hospitals and government offices in both countries. On Tuesday, Denmark announced that it was raising its cyber risk alert level due to weeks of attacks on banks and the country's defense ministry. The Centre for Cyber Security in Denmark said the DDoS incidents, which involve routing a deluge of page requests at target websites, are increasing in power and severity while also growing in overall numbers. Following the announcement, the website for the country's Centre for Cyber Security was knocked offline. Since Russia began its invasion of Ukraine 11 months ago, hacking groups like Killnet and NoName057 have targeted an array of government institutions, businesses and organizations across Europe and the US. On Monday, Killnet directed DDoS traffic against the websites of dozens of US hospitals, prompting the US Department of Health and Human Services to publish an alert warning healthcare institutions about the group's tactics. It is likely that pro-Russian ransomware groups or operators, such as those from the defunct Conti group, will heed Killnet's call and provide support. This likely will result in entities Killnet targeted also being hit with ransomware or DDoS attacks as a means of extortion, a tactic several ransomware groups have used. The DDoS incidents took place days after US President Joe Biden announced that the US would be sending 31 Abrams tanks to Ukrainian forces. Last week, several financial organizations, airports and government offices in Germany were targeted in a similar way after their announcement of additional military support for Ukraine. Cyberattacks on hospitals and medical centers are some of the most dangerous - these attacks have the ability to knock systems offline in their entirety and keep patients from receiving the care that they require. While DDoS attacks typically do not cause major or lasting damage, they can cause service outages that span several hours or even days. Akamai published a report on Tuesday that found DDoS incidents in Europe increased 73% in 2022, with more campaigns now involving extortion tactics. They warned that DDoS attacks are now increasingly being used as cover for actual intrusions involving ransomware and data theft. Groups like Killnet are able to muster so much DDoS traffic in part because they exploit vulnerable devices online. Killnet typically target routers from MikroTek that are either misconfigured or vulnerable, and the group also takes advantage of the proliferation of IoT devices across the world. In December, the Justice Department announced the seizure of 48 domains used by the leading DDoS-for-hire services - websites that allow users to pay hackers to flood targets with page requests.
This Cyber News was published on therecord.media. Publication date: Tue, 31 Jan 2023 22:06:02 +0000