The official web site of the UK royal household was topic to a distributed denial-of-service (DDoS) assault on the morning of Sunday, Oct. 1, due to pro-Russian hacktivists.
The ensuing downtime for royal.uk started round 10 a.m. BST, and solely lasted for round 90 minutes. As of this writing, although, guests to the location are nonetheless being vetted by a Cloudflare safety test previous to loading the homepage.
Safety specialists haven’t independently verified KillNet’s attribution, although it would not be the primary time Killnet has scored an inexpensive media victory within the identify of Russian nationalism.
KillNet’s PR Stunts
“It’s consistent with their modus operandi,” explains Eli Nussbaum, managing director at Conversant Group.
“The place we frequently consider Russian cyber risk actors as launching extra harmful assaults like malware or ransomware,” he explains KillNet has constructed a repute for much less damaging DoS and DDoS assaults, significantly in opposition to private and non-private organizations situated in Ukraine and NATO member international locations. “Their actions are designed to convey consideration to their political trigger (on this case, help for Russia within the Russia/Ukraine battle), widen the battlefield, and certain shift common help inside Ukraine’s allies.”
Sunday’s assault was an ideal case-in-point, coming simply 10 days after King Charles appeared on the Palais du Luxembourg, house of the French senate, and condemned the Russian invasion of Ukraine. “Now, greater than 80 years since we fought, aspect by aspect, for the liberation of Europe, we as soon as once more face unprovoked aggression on our continent,” Charles stated in a bilingual speech.
Defending In opposition to DoS
In April, the UK Nationwide Cyber Safety Heart warned about Russian state-aligned risk actors inflicting havoc in Britain. “Whereas the cyber exercise of those teams typically focuses on DDoS assaults, web site defacements, and/or the unfold of misinformation, some have said a want to realize a extra disruptive and harmful impression in opposition to western essential nationwide infrastructure,” it defined.
The benefit with which a cybercrime outfit took down a premier authorities web site on this case solely additional highlights the necessity for organizations to guard in opposition to such teams.
Apart from common cyber protections, Nussbaum suggests, “defending in opposition to DDoS assaults requires defending Area Identify Servers and the precise workloads (protocols and sources). Additional, making certain that techniques are scalable to help amplified hundreds might mitigate the impression of an assault. Opting into DNS-based DDoS safety companies is an effective first step.”
“DDoS assaults usually aren’t as crippling as ransomware, however as a result of the royal household is so extremely seen, this exercise has actually made an announcement. Partially, that assertion could also be construed as a warning that nobody is resistant to their attain and energy,” he says.