Hackers who launch distributed denial of service (DDoS) attacks have varying motives, such as 1) competitive advantage against a business adversary, 2) vandalism for the sake of creating chaos/misfortune, 3) data theft, 4) political hacktivism or 5) cyber espionage. Earlier this week three Dutch banks and the Dutch Taxation Authority were victimized by DDoS attacks, starting on January 30. One security researcher claimed the attacks registered 40 Gbps. That’s not a massive volumetric attack, but it would be enough to disable a website. It’s more alarming when an attack impacts a bank or a government agency, because both types of organizations possess millions of sensitive data records.
The Dutch national tax office said its website went offline briefly, for 5-10 minutes. Regardless of how long they were under DDoS attack, those afflicted Dutch organizations should also be concerned about a security breach, because while a network is compromised hackers can infect it with malware that may “sleep” for weeks or months, only to be resurrected remotely by the hackers. Even a short-duration DDoS attack is sufficient to install malware. That’s partly what makes DDoS attacks so pernicious; alone they do not constitute a security breach, but they are often done as a precursor to a breach. With the new EU GDPR regulations going into effect at the end of May, those Dutch organizations had better take a close look at their IT security systems.
Some Dutch pundits (apparently off the record) surmise that Russian hackers launched the attacks as an act of political revenge for news reports that exposed the work of Russian state-sponsored hackers. According to BleepingComputer.com, “Last week, Dutch newspaper Volkskrant and TV station NOS published a report claiming that the country's AIVD intelligence service compromised the computer of a hacker part of Russian-based cyber-espionage group Cozy Bear (also known as APT29). The report claim AIVD agents spied on the cyber-espionage unit since 2014 and observed how Russian intelligence services hacked into DNC servers during the 2016 US Presidential election.”
These days it’s possible that anyone—not just some Russian hackers—could have launched the DDoS attacks because there is an abundance of botnet code out on the Dark Web. The hackers could be state-sponsored, or not. The Dutch authorities will probably never know for certain the source of the DDoS attacks, since such attacks are notoriously difficult to trace.
This incident is just one of many that point to the need to implement a DDoS defense solution at the network edge. Corero has been a leader in DDoS protection solutions for over a decade. To learn how we can help protect your part of the Internet ecosystem, contact us.