Source: CyberNews
Summary
On June 19, the pro-Russian hacking collective known as KillNet claimed it had compromised the inter-network infrastructure of the European Investment Bank (EIB). The claim follows an announcement by KillNet that it, along with pro-Russian hacking groups REvil and Anonymous Sudan, had established a ‘Darknet Parliament’. In its first session, the Parliament decided that it would impose ‘sanctions’ on European banking transfer systems.
The EIB confirmed via Twitter that it was experiencing a cyberattack that affected the availability of its website:
Analysis
KillNet’s claim of compromising EIB’s internet network infrastructure is likely an exaggeration as KillNet is only known to be capable of launching DDoS attacks, not deploying destructive malware within networks.
Although DDoS attacks are initially effective at knocking their targets offline, they usually aren’t sustainable for long periods of time, and targets typically recover as soon as proper mitigations are put in place. KillNet DDoS attacks are usually more of a nuisance than an actual threat, and mainly serve to intimidate targets for supporting Ukraine’s war efforts or as retaliation for imposing sanctions on Russia.
Major banks and financial institutions would typically be well protected from KillNet-style DDoS attacks, however, smaller credit unions and private lenders with less robust cybersecurity resources may not be.
Mitigation
Field Effect recommends that organizations running proxies and DNS resolvers ensure that they cannot be accessed externally, and thus only serve the users within the network. This ensures threat actors have less infrastructure from which to launch their DDoS attacks.
Having a firewall will usually not stop the high volume of traffic generated during a DDoS attack the scale of those conducted by Anonymous Sudan. To properly mitigate organizations should contact their ISP about specific DDoS prevention options.
References