A series of distributed denial of service (DDoS) attacks today briefly took down the websites of over a dozen U.S. airports, including those for Atlanta and Los Angeles International Airports. The attacks followed a recent Telegram post by the pro-Kremlin hacker group Killnet listing 46 websites to be targeted.
Still, as NBC News noted, some of the targets on the list seemed like the result of translation errors – rather than targeting Chicago’s O’Hare Airport website, for example, the hackers listed the Chicago Department of Aviation site, flychicago.com.
It’s worth noting that while the attacks drew attention and may have frustrated some people seeking travel information, no airport or airline operations were affected.
See the DDoS Protection Service Providers
An Ongoing Pattern of Attacks
Killnet has been launching similar DDoS attacks for months, targeting everything from Romanian government websites to Lithuania’s Secure Data Transfer Network.
In April 2022, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) named Killnet as one of eight key Russian-aligned cybercrime groups that pose a threat to critical infrastructure, noting that in March 2022, the group had claimed credit for a DDoS attack on the website for Connecticut’s Bradley International Airport in response to U.S. support for Ukraine.
“U.S., Australian, Canadian, New Zealand, and UK cyber authorities urge critical infrastructure organizations to prepare for and mitigate potential cyber threats by immediately (1) updating software, (2) enforcing MFA, (3) securing and monitoring RDP and other potentially risky services, and (4) providing end-user awareness and training,” the agency wrote.
How CISOs Should Respond
Andrew Bayers, head of threat intelligence at Resilience, told eSecurity Planet that the potential impact of attacks like these shouldn’t be underestimated, particularly for organizations that rely on Internet connectivity for key operations.
“The threat of DDoS attacks continues to evolve as a threat that can have grave impacts to business operations as companies migrate more resources to the cloud, migrate workforces to remote and/or hybrid environments, and lean on IoT connectivity to conduct operations,” Bayers said.
Attacks like these, Bayers noted, can also serve as a diversionary tactic for sophisticated threat actors. “As IT professionals scramble to free up resources and mitigate a DDoS, attackers lurking in wait can then conduct other attacks such as infiltration operations of a network that may have otherwise been caught,” he said.
In response, Bayers said, CISOs need to take the threat of DDoS seriously as part of a defense-in-depth approach to cyber hygiene. “If your business relies on Internet connectivity to operate, then commodity DDoS protection is a must,” he said.
More broadly, Inversion6 CISO Craig Burland said attacks like these should serve as a reminder of the
importance of ongoing vigilance in cybersecurity operations. “A focus on cybersecurity isn’t
only for when the auditor is coming or after a breach,” he said. “It’s a 24x7x365 responsibility
that we must all own and embrace. We don’t take days off from things like workplace safety or
legal due diligence. Cybersecurity is no different especially as we collectively face organizations
like Killnet.”
Read next: Best Incident Response Tools and Software
