DDoS Attack Against Ukraine Government Attributed To Russia


Distributed Denial of Service (DDoS) attacks aren’t the most nuanced of cyber attacks, but they certainly can be devastating in their effectiveness. A DDoS attack works by bombarding a target server with massive amounts of fraudulent traffic in an effort to overwhelm it and render it inaccessible to legitimate traffic. DDoS attacks can last anywhere from a few minutes to days, weeks, or even months, and can direct many gigabytes of fake traffic at victims in the process.

Because of their brutal effectiveness, DDoS attacks have been utilized by groups including hacktivists, professional cyber extortionists, and even international nation-funded groups. Those without the proper DDoS mitigation tools can fall prey to attacks which can prove extremely damaging.

The rise of DDoS

One explanation for the rise in DDoS attacks is that cheap, internet-connected computers and connected devices are increasingly available, thereby making attacks easier to perform. Many DDoS attacks leverage what is referred to as a botnet, a group of connected devices that can be utilized by attackers who infect them with malware, and then remote control them like Manchurian Candidates to attack targets. 

In many cases, the rightful owners of these computers or connected devices do not have any idea that their machine is being used in this way. One of the most famous (or infamous) botnet-based DDoS attacks took place in 2016 when the Mirai botnet was used to attack a number of high profile targets. The size of the Mirai botnet is estimated as being between 800,000 and 2.5 million infected devices, many of them seemingly innocuous connected devices like home routers, personal surveillance cameras, and air-quality monitors.

Another reason for the increase in DDoS attacks is the reliance on internet-facing systems in the modern world. Particularly during the coronavirus pandemic and ensuring lockdowns, users around the world have been leaning more heavily than ever on connectivity for everything from entertainment to remote access to workplace systems. Add to this the growing focus on connected infrastructure within so-called Smart City environments, and it’s clear that connectivity is an increasingly large part of our lives. That, in turn, makes it a target for cyber attackers who seek to cause as much disruption as possible.

State-sponsored attackers

As noted, this can extend far beyond individual malicious actors, with state-sponsored attackers increasingly getting in on the action. These politically motivated attacks are a growing part of modern cyberwarfare, with countries targeting other nation states to cause damage for a variety of reasons. 

Early in 2021, the National Security and Defense Council (NSDC) of Ukraine accused actors located in Russia of performing DDoS attacks targeting Ukrainian government websites in February. These websites were predominant in the defense and security sectors, and the attacks were reportedly large enough that they could have severe negative ramifications. According to researchers, part of the attack involved malware being planted on vulnerable government servers in the Ukraine so that the devices could be harnessed as part of further DDoS attacks.

DDoS are only one weapon in the arsenal of politically motivated cyberattackers. Unlike cyberespionage tools used for exfiltrating information, DDoS attacks in this domain are typically used more to cause victims punitive damage or to show disapproval of the actions of a victim. The fact that they are low-cost and effective weapons that do not require a great deal of expertise means that they can be easily utilized against targets as guerilla warfare tactics to cause harm.

There is a long list of similarly politically motivated DDoS attacks, dating back to the 1990s when very early DDoS attacks were made against NATO computers in the former Yugoslavia during the conflicts of that decade. Since then, their usage in modern cyberwarfare has only grown — with these tools being particularly widely used by actors in places like Russia and China.

Protect yourself, whatever your size

Not everyone is in charge of running governmental services, of course. Nonetheless, the usage of DDoS tools by national actors is a reminder of just how mainstream DDoS has become, and how potentially destructive attacks can be.

Organizations large and small should make sure that they have access to the proper DDoS mitigation tools to help protect them against similar incidents which are capable of knocking websites and services offline. Fortunately, such tools do exist. 

Cyber security experts are able to assist with mitigating DDoS attacks through the monitoring of traffic to intelligently filter unusual, potentially malicious traffic from legitimate requests. They are able to do this in real-time, blocking bad requests, but continuing to allow good ones through to their desired destination. DDoS mitigation tools can also help process DDoS attacks by using scalable network capacity to be able to cope with massive bandwidth attacks without being brought down in the process.

Whatever your scale, investing in the right tools to protect you from DDoS attacks is among the smartest moves you can make.


Please enter your comment!
Please enter your name here