Representative offices: 

Request callback
btn

HOW NOT TO BECOME AN "UNWITTING ACCOMPLICE" OF RUSSIAN CYBER ATTACKS ON UKRAINIAN SYSTEMS (PART 3)

News

Take active steps to protect your organization from becoming a puppet in the hands of Russian cyber intruders


What good does revealing the information in the previous two articles in our series do? It clearly shows that many organizations worldwide may have services that are contributing to attacks on Ukrainian digital infrastructure. While these are not intentional as they are legitimate systems that have been manipulated into becoming DDoS weapons, IT professionals should look at their systems and act, using all their tools, not just DDoS protection systems.


Steps to address this issue can include:

  • Turning off any non-essential services that might generate potential attacks
  • Investigating unusual traffic flows from their organizations around these protocols which could be used in amplification and reflection attacks, specifically UDP services (e.g., traditional protocols like DNS, NTP etc. and less common protocols like ARD, CLDAP etc.)
  • Turn on available access controls on firewalls and networking equipment to prevent systems from being weaponized
  • Ensure all systems are patched and up to date to combat known CVEs
  • Review guidelines from multiple sources: CISA, vendors, and other security resources to keep up to date on the evolving situation, and then take steps to ensure systems are secure
  • Check that procedures are in place in the case of cyberattacks. It is especially important when DDoS attacks have often been used as smokescreens to distract for other attacks


Specialized DDoS protection systems also provide an enhanced level of protection, specifically enabling techniques to mitigate these attacks, such as actionable (large-scale) threat lists pulling from multiple threat databases, traffic anomaly inspection, finding traffic baseline violations, using artificial intelligence (AI) and machine learning (ML), and more.

It is important to note that organizations should cross reference multiple observability and reporting capabilities to get a comprehensive picture of the network status to ensure the previously mentioned anomalous behaviors are thwarted.


Larger and More Frequent DDoS Attacks Illustrate Action Should be Taken Now

The examples above illustrate that DDoS amplification and reflection attacks continue to be fast, cheap and easy to perform. Evidence from the A10 DDoS Attack Mitigation: A Threat Intelligence Report, points to a new record for the largest reported attack when Microsoft reported in Jan 2022 a3.47 Tbps and 340 million packets per secondbreaking last year’s record. This brings home the scale these coordinated attacks can be. It also shows that attacks can potentially be much larger. Microsoft mitigated these attacks by being prepared, both to detect and mitigate these attacks.

Increasingly, organizations are falling into the prepared and unprepared categories. Unprepared organizations are the ones more likely to make the headlines or contribute to the spread of problems. Increased public reporting and visibility will lead to more awareness of cyber threats and will help the IT and security communities better plan to mitigate threats and limit disruption. As an example, the 2016 Mirai DDoS attacks increased awareness and caused defenses to be shored up, resulting in some of the successful mitigations we see today.


Summary: Be One of the Prepared with the Right Protection in Place

By implementing the above steps to protect systems, organizations can rest assured that they will not become a destructive puppet in the hands of Russian criminal actors seeking to disrupt Internet services and other critical infrastructure in Ukraine. As illustrated from A10 Networks, threat research, there are certain organization types and regions have been targeted. Due to this changing threat landscape, it is also advisable for organizations in sensitive sectors worldwide, whether government, military or critical commercial infrastructure to reassess their services to ensure adequate defenses are in place to avoid being an unwitting participant of malicious activity.


iIT Distribution is an official distributor of advanced solutions from A10 Networks in Ukraine, Georgia, Kazakhstan and Uzbekistan. We are grateful to A10 company for broadcasting anti-tamper position by implementing measures to suppress Russian attacks on Ukrainian systems!

For our part, iITD will continue to help its customers in the selection and implementation of security products of this vendor.

Back

Mobile Marketing
+