DDoS Attacks on US Airport Websites and Escalating Cyberattacks

AmericanBusinessAcademy October 14, 2022 1 0

5 Emerging Tech Vendors Tackling Cyber Threats in Retail & Hospitality

Pro-Russian hacking group Killnet has claimed credit score for a sequence of distributed denial-of-service (DDoS) attacks executed against US airport websites on October 10. Several web sites for airports throughout the US have been affected, together with Los Angeles International Airport (LAX), Chicago O’Hare (ORD), and Atlanta Hartsfield-Jackson International. While the assaults did take down web sites for a while, it seems that airport operations weren’t affected. But these DDoS assaults, and the motivation behind them, elevate questions on rising cyber threats to crucial infrastructure.

These DDoS assaults aren’t the primary time Killnet has made headlines. Just weeks earlier than, the hacktivist group claimed credit for cyberattacks towards the Colorado, Kentucky, and Mississippi state authorities web sites. The Cybersecurity & Infrastructure Security Agency (CISA) launched an alert in April (up to date in May) on Russian state-sponsored and legal cyber threats dealing with the crucial infrastructure sector. The alert featured quite a few risk actors focusing on crucial infrastructure, together with Killnet.

Airports have been capable of restore perform to their web sites comparatively shortly following the DDoS assaults, however it is very important word the vulnerabilities attackers have been capable of exploit. “FlyLAX.com, for example, operates utilizing the Nginx server, which is particularly vulnerable to attacks given its open-source nature. Open-source code is easy for hackers to exploit, and it is slow to be patched,” Richard Gardner, CEO of know-how firm Modulus, explains. He recommends transferring away from open-source servers and code to assist forestall cyberattacks.

DDoS assaults like this don’t trigger injury to underlying methods, however that doesn’t imply they are often simply dismissed. Attacks like these “…erode the confidence in our cybersecurity protection for critical infrastructure services we rely on,” Matt Hayden, vice chairman of cyber consumer engagement at IT firm General Dynamics Information Technology (GDIT) and former assistant secretary for cyber, infrastructure, threat, and resilience coverage on the US Department of Homeland Security, factors out.

In mild of Russia’s ongoing struggle in Ukraine, pro-Russian risk actors are prone to proceed focusing on international locations that help Ukraine. CISA warned that “…Russia’s invasion of Ukraine could expose organizations both within and beyond the region to increased malicious cyber activity” in its April alert.

Killnet rallied supporters by posting its supposed targets on messaging service Telegram. These DDoS assaults have been profitable in inflicting disruption and garnering important quantities of media consideration, and different risk actors might be taken with attaining that very same success.

“Even if Killnet remains focused on DDoS attacks to shake American confidence in its institutions, because this was an ideological attack, it is likely that there will be others who are inspired to pick up the mantle and escalate,” Gardner says.

DDoS assaults are on the rise in 2022. Web efficiency and safety firm Cloudflare reported that it has seen some of the largest ever DDoS attacks within the second quarter of this 12 months. In Q2, application-layer DDoS assaults have been up 72% year-over-year, and network-layer DDoS assaults have been up 109% year-over-year.

Victims of DDoS assaults could escape extra critical injury, comparable to leaked knowledge, however their vulnerability to cyber threats is now public information. “After being hit with a DDoS, it is important to identify the type of attack that occurred and the source(s) of the attack. This should be used to evaluate architecture or application security changes that can be used to mitigate or stop future attacks,” says Sally Vincent, senior risk analysis engineer at IT safety firm LogRhythm. “Organizations hit by a KillNet DDoS attack should evaluate their entire attack surface in case KillNet switches tactics or uses DDoS to cover up other attacks.”

Using an onslaught of requests to overwhelm and crash web sites, DDoS assaults are a comparatively rudimentary software for risk actors. Critical infrastructure can also be an interesting goal for assaults that do extra lasting injury than DDoS campaigns. “My grave concern is that these DDoS attacks serve as a smokescreen for [a] long-term intrusion campaign,” Tom Kellermann, CISM, senior vice chairman of cyber technique at safety know-how firm Contrast Security, cautions.

Critical infrastructure is actually inclined to cyberattacks. “With distributed assets and a mix of legacy and modern equipment, real-world operations have been incredibly difficult to secure, making them prime targets for ransomware and nation state attacks,” says Roman Arutyunov, co-founder and vice chairman of merchandise for zero-trust safety firm Xage.

Killnet’s newest assaults are a chance to look at crucial infrastructure cybersecurity and put together for doubtlessly extra damaging assaults that would result in widespread service disruptions affecting crucial companies like energy, gas, provide chain, and healthcare.

Adopting cybersecurity finest practices, like zero trust and vulnerability scanning, might help potential targets defend themselves from DDoS assaults. Vincent additionally recommends risk intelligence monitoring. Targets could also be introduced forward of assaults; Killnet named the airport web site targets on Telegram and known as for help.

“Given their [Killnet’s] motivations, I’d suspect that they will likely continue to target critical infrastructure in NATO countries, and we’ll need to be ready for it,” Arutyunov concludes.