In the era of digital advancements, organizations aim to transition towards the digital fabric that empowers hyperconnected ecosystems. However, a notable peril to organizations worldwide has arisen in the form of Distributed Denial of Service (DDoS) attacks. Since January 2023, these attacks reached new scale, frequency, and sophistication. The insights in this blog post delves into the notable DDoS attacks that took place in 2023, shedding light on the evolving threat landscape and emphasizing the importance of robust cybersecurity measures to counter these.
A single Indian organisation suffered 2,146 cyber-attacks on average per week in the last six months, compared to 1,239 attacks per organisation globally, according to Check Point’s ‘Threat Intelligence Report 2023’.
Today the attacker’s motivation is not easy to decipher as it could be including financial gains, activism, geo-political conflicts, and could even be co-owned through competition.
Advent of COVID-19 brought about a significant increase in DDoS attacks worldwide with accelerated deployments of digital platforms, services and remote work from home environments.
A significant surge in DDoS attacks is also seen with the geo-political conflicts such as Russia’s war against Ukraine and its NATO allies, especially on the healthcare, power & utilities, and logistical & supply chains sectors. This surge in DDoS attacks targeting the critical infrastructure of the opponents can destabilize the normal lives of its common people and impact their whole economy.
DDoS attacks can have medium to long term consequences on businesses and institutions. Firstly such attacks can cripple a company's online presence and services, leading to prolonged periods of downtime resulting in lost revenue, damaged customer trust, and tarnished reputation. Secondly such attacks divert IT resources and personnel away from critical operations, hampering productivity and efficiency.
Thirdly but most importantly, the victim organization may face legal and regulatory repercussions if customer data or sensitive information is compromised during an attack. And finally financial impact of mitigating such attacks and implementing robust security measures can also strain budgets.
Overall, DDoS attacks have the potential to inflict severe financial, operational, and reputational damage on Brand value.
Keep reading further to know the latest attacks and options available with IT Leaders and Business stakeholders to safeguard their enterprise.
Multiple hacktivist groups including ‘Ganonsec’, ‘Jambi Cyber Team’, 'Hacktivist Indonesia', and many more have threatened to begin cyber-attack campaigns against websites and ICT infrastructure in India during the G20 Summit. The campaign named #opIndia claims to target Indian websites on 9th and 10th of September. The groups have solicited other hacker groups' support worldwide for this campaign.
Attack Type: DDOS / Hacktivism
Source: Tata Communications CTI
Anonymous Sudan, a group of hackers, has taken credit for several distributed denial of service (DDoS) attacks against Asian & European targets . However, there is evidence that the group may be a faction of Killnet, a Russian hacktivist group. In essence, Anonymous Sudan is a decentralized network of individuals with similar interests. Its targets include French, Dutch, Australian, German, Swedish and Indian entities. They share check-host.net links on its Telegram channel as proof of their successful DDoS attacks. Anonymous Sudan has also been recently involved in stealing and selling data. On March 19, 2023, Anonymous Sudan claimed to have gained unauthorised access to the Air France website and attempted to sell the stolen data.
Tata Communications' Cyber Threat Intelligence (CTI) noted that the Distributed Denial of Service (DDoS) attacks remain the group's primary mode of attack, we also noticed a shift in their tactics. For instance, in the case of Air France and a few Indian e-commerce entities, they reportedly stole data and may have attempted to sell it. This suggests that the group is evolving its attack methods beyond DDoS attacks.
Our IOC Retrospective Threat Hunting has revealed that specific Indicator (220.127.116.11) is performing SSl VPN Brutte Force login attacks against multple entities, indicating that the group may be attempting to use brute force methods to exfiltrate data. Further analysis on Open-Source Intelligence (OSINT) also reveals that similar findings were reported at Abuse IP DB. Therefore, we recommend blocking the mentioned IP address as a preventive measure against potential attacks.
Attack Type: DDOS
Region: India, Australia, France, Germany, Netherlands and Sweden
Several hacker groups, including Anonymous Sudan, Eagle Cyber Crew (Malaysia), and Mysterious Team Bangladesh (MT), have threatened to launch cyber attacks against India and other countries. These groups have called on other hacker groups around the world to join them in this campaign. MT has already used the Raven Storm tool to launch DDoS attacks against several Indian state government domains and sub-domains.
More than 25 hacktivist groups have joined together as part of operation India campaign(#opindia) targeting Indian infrastructure, specifically banks, government entities, and other infrastructure through Distributed Denial of Service (DDoS) and website defacement attacks. They are also threatening to target more Indian infrastructure and has engaged in data exfiltration in some cases. Organizations and government entities need to stay vigilant and implement effective mitigation strategies, such as rate limiting, to protect themselves from DDoS and DOS attacks.
Multiple threat actor groups have claimed responsibility for multiple attacks on Indian infrastructure, specifically targeting banks, government entities, and other infrastructure. Tata Communications' Cyber Threat Intelligence (CTI) team has been closely monitoring these threat actor activities and issuing timely advisories.
Tata Communications' Cyber Threat Intelligence (CTI) noted that the group comprises multiple threat actors, including #ECC, #EgalecyberCrew, #AnonGhost, #Team_insane_pk, #A-E-S, #1915Team, #MR.BDKR28, #MysteriosTeamBangladesh #TeamInsanePK #HacktivistIndonesia #GanosecTeam, #GhostSec, #BlackPirateTeam, #GhostClanOfficial, #T.Y.GTeam, #1919Team, and many more.
Tata Communications' CTI team has observed that these groups are threatening to target Indian infrastructure and have been launching attacks since the beginning of month. In a post on the threat actor's dark web forum, "Operation India" warned India about international hackers targeting the country.
Upon analyzing the activity of the service and Telegram channel, we have uncovered various methodologies used by a group to conduct DDoS or DOS attacks. These attacks can cause severe disruptions to online services and networks, which can result in significant financial losses and damage to an organization's reputation.
One common attack method is HTTP Floods, where the attackers generate a massive volume of HTTP GET or POST requests to overload the target web server. To mitigate this type of attack, it's crucial to track abnormal traffic on the server and implement progressive challenges that can help reduce the sudden surge of traffic.
Another type of attack is DNS Amplification, which involves turning small DNS queries into a much larger payload, leading to the takedown of the DNS server responsible for domain name resolution. To prevent this, organizations can implement rate limiting or block attacking DNS servers and open DNS recursive relay servers.
UDP Flood is another type of attack, where the attackers connect random ports with a large number of users using UDP protocol, causing disruption to online services. To mitigate this type of attack, organizations can implement rate limiting of the ICMP responses.
SYN Flood is another attack method that exploits the common TCP three-way handshake to cause disruption to the target network. To mitigate this type of attack, organizations can use an IPS service to detect and block abnormal SYN attacks.
Finally, NTP Amplification attacks exploit publicly available Network Time Protocol servers to generate large-scale attacks. To prevent such attacks, organizations can disable NTP server responses to requests from outside the network, enable rate limiting, and restrict access to trusted clients.
Attack Type: Cyber crime
On the July 4, 2023 attack impacted the central computer system of the Nagoya Port Unified Terminal System (NUTS), that operates the port’s five cargo terminals, causing widespread disruptions.
With 21 piers and 290 berths, the Port of Nagoya, Japan, handles an average of 165 million tons of cargo annually, representing about 10% of the country’s total trade volume.
Attack Type: DDoS Attack
Source: CPO Magazine
Over 25 hacktivist groups have united under the banner of Operation India Campaign or #OpIndia to target Indian infrastructure. They are targeting banks, government entities and other Indian institutions through distributed denial of service (DDoS) and website defacement attacks.
In a two-month-long campaign last year, India was targeted by the malicious group, DragonForce. However, the group distanced itself from the campaign in June 2022 and the same campaign continued under OpIndia. In February 2023, Team_insane_pk revived the OpIndia campaign. In March 2023, Mysterious Team Bangladesh – another hacktivist organisation – launched a subsequent campaign called “Operation Payback.”
The group disclosed data from past security breaches and distributed stolen PDFs, SQL, TXT and image files from multiple institutions. Several Indian entities were also targeted by Eagle Cyber Crew with a systemic DDoS attack that took place on March 27, 2023.
Attack Type: DDoS, cyber espionage
The UAE Cybersecurity Council warns public and private sectors to remain vigilant against cyberattacks and advises the activation of the Emirates' emergency response system and the sharing of data with authorities. Meanwhile, the CTI team at Tata Communications detected Anonymous Sudan's threat to attack various UAE government departments, emphasizing the need for immediate action to enhance cybersecurity measures and protect sensitive data.
Tata Communications Cyber Threat Intelligence (CTI) advisories detected Anonymous Sudan issuing a warning about an impending attack on the UAE. Shortly after, a threat actor posted on their Darkweb channel indicating their intention to target various government departments in the UAE, including but not limited to the Ministry of Interior, Dubai Police, Abu Dhabi Police, Ministry of Health and Prevention, Ministry of Education, Dubai Municipality, Abu Dhabi, Ministry of Foreign Affairs and International Cooperation, Federal Authority for Identity and Citizenship, Dubai Electricity and Water Authority, Abu Dhabi Distribution Company, Federal Tax Authority, Abu Dhabi National Oil Company, UAE Government portal, and Dubai Airports. This highlights the urgent need for these government departments to enhance their cybersecurity measures and take immediate steps to protect their systems and sensitive data.
On April 8, a coordinated cyberattack was launched in India against six major airports and healthcare institutions by a hacker group named Anonymous Sudan. The recent cyberattack on multiple airports across the world raised concerns about the level of preparedness necessary to deal with such threats.
Attack Type: DDoS, cyber espionage
Source: CISO Economic Times: Dated Apr 13, 2023 at 03:59 PM IST
India’s largest encyclopedia, was targeted by a severe Distributed Denial of Service (DDoS) attack. The attack, which occurred earlier this in June 2023, caused disruption and rendered the platform inaccessible to its users. However, the resilient team behind Bharatpedia has worked tirelessly to resolve the issue and restore the platform to full functionality.
Attack Type: DDoS, cyber espionage
Source: Mumbai Mirror
Do you have a DDoS strategy in place? A DDoS mitigation solution strategy is designed to protect organizations from the impact of distributed denial of service (DDoS) attacks by detecting and mitigating malicious traffic. You may apply multiple techniques to identify and filter out attack traffic, allowing legitimate traffic to reach its intended destination. Some common DDoS mitigation solutions used by enterprises are:
It's important for enterprises to evaluate their specific needs and consider factors such as network architecture, traffic volume, and budget when selecting a DDoS mitigation solution. Implementing a comprehensive DDoS protection strategy can help organizations ensure the availability and integrity of their critical online services, safeguard their reputation, and protect against financial losses resulting from DDoS attacks.
Speak to a Tata Communication Cyber Security Expert Now!