Threat Level Description

IthacaLabs has maintained the Threat Level (High) adding a new observation:

An attack is highly likely. Addressing the broad nature of the threat in order to reach an acceptable risk level, requires additional and sustainable protective security measures combined with specific business and geographical vulnerabilities and judgments.

Description

We have identified that ongoing large-scale DDoS attacks, originating from Russian Hacktivists, targeting Europe’s internet infrastructure, EU institutions, organizations and political parties, have been intensified during the European Election season.

The Russian Hacktivists, by performing these large-scale DDoS attacks, disrupted normal traffic to targeted servers, services and/or networks, resulting in the loss of the organizations’ and political parties’ both time and money while their resources and services were inaccessible.

On June 6, a pro-Russian hacker group, “CyberArmyofRussia”, announced the launch of cyberattacks on Europe’s internet infrastructure. Thus, the attacks of Russian origin intensified. It was observed that airports, ministries, transportation companies, various election-related sites as well as several political parties’ web sites were targeted in the Netherlands. Distributed DDoS attacks originating from the “CyberArmyofRussia” group were also observed targeting Ireland’s infrastructures.

Furthermore, Russia-aligned “NoName057(16)” group was launching large-scale DDoS attacks on Europe’s internet infrastructure. The group is notorious for orchestrating Project DDoSia, a campaign that conducts massive DDoS attacks against NATO countries. The group aimed to disrupt the current European election season. Also, “NoName057(16)” allegedly carried out a DDoS attack on Santa Bárbara Sistemas, a Spanish defense contractor based in Madrid.

Note that since the beginning of the Ukraine-Russia war, cyber-attacks originating from Russia have become the new normal for EU institutions and organizations.

CVE(s)

OC-2024-0003

Affected Systems

Europe’s internet infrastructure, EU institutions, organizations and political parties.

Recommendation(s)

The guidelines below will help you protect against DDoS attacks and its associated security threats:

• Create a DDoS Response plan.
• Determine what functionality and quality of service is acceptable to legitimate users of online services, how to maintain such functionality, and what functionality can be lived without during denial-of-service attacks.
• Protect organization domain names by using registrar locking and confirming domain registration details (e.g. contact details) are correct.
• Partition critical online services (e.g. email services) from other online services that are more likely to be targeted (e.g. web hosting services).
• Temporarily transfer online services to cloud-based hosting hosted by a major cloud service provider (preferably from multiple major cloud service providers to obtain redundancy) with high bandwidth and content delivery networks that cache non-dynamic websites. If using a content delivery network, avoid disclosing the IP address of the origin web server, and use a firewall to ensure that only the content delivery network can access this web server.
• Use on premise DDoS solution as part of the defense in depth approach: On-premise DDoS defense solutions installed immediately in front of application and database servers are required to provide a granular response to flooding-type attacks, as well as to detect and deflect the increasingly frequent application-layer DDoS attacks.
• Maintain continued vigilance.

References:

• https://www.bleepingcomputer.com/news/security/ddos-attacks-target-eu-political-parties-as-elections-begin/amp/
• https://readwrite.com/russian-hackers-ddos-attacks-europe-noname057-ukraine/
• https://socradar.io/cybersecurity-challenges-for-the-european-parliament-election/