On the 12th of February 2023, some of NATO’s websites were temporarily disrupted due to a Distributed Denial of Service (DDoS) attack. The group that claimed responsibility for carrying out these attacks is Killnet, a Russian hacktivist group.
Apparently, the group had announced its intention to carry out such an attack in its encrypted channel on messaging service Telegram. It also appears to have been soliciting donations in the form of cryptocurrency to fund its activities.
According to the report by Computer Weekly, NATO secretary general Jens Stoltenberg assured reporters that the alliance had put together additional defence measures.
He also said, “The majority of Nato [sic] websites are functioning as normal. Some Nato websites are still experiencing availability issues, but our technical teams are working to restore full access.”
Since it appears that NATO’s classified networks were not affected, it’s likely that the attack was to disrupt the search and rescue mission in Syria and Turkey. That’s because reports suggest the networks affected are used by NATO’s strategic airlift capabilities (SAC).
SAC found that, during one of its search and rescue missions in south-eastern Turkey, it was unable to communicate with one of the C-17s in flight due to the disruption in service. Fortunately, it managed to stay in contact throughout even though communications were down.
A Well-Timed Cyber Attack
This is not Killnet’s first attack. It has been responsible for other DDoS attacks, with healthcare taking a lot of damage.
It is interesting to note that the DDoS attack on the NATO websites took place on a Sunday. Weekend and holiday attacks have become a trend, with cybercriminals relying on the skeleton security crew and lack of staff to hide the breach for longer.
DigitalXRAID discussed this phenomenon in a recent article about its 24/7 SOC service. From delivery companies (Yodel) to insurance companies (AON), no one is safe from weekend-timed attacks.
The reason why cybercriminals attack over the weekend or during holidays is, as I said earlier, due to the lack of personnel.
The later an attack is detected, the more time the threat actors have to go deeper into the network. They can gather more information and, potentially use the information found to carry out more attacks.
For that reason, quick detection is imperative. Note that the NATO websites attack was detected really quickly and they still had some availability issues. If they hadn’t detected the attack quickly enough, the recovery time could potentially have been longer.
Ongoing Detection for Better Protection
According to DigitalXRAID, having a 24/7 Security Operations Centre (SOC) can make all the difference when threat actors attack. Your SOC would constantly monitor for any suspicious activity, catching cyberattacks before they become cyber incidents.
However, the problem is that most companies can’t afford to hire an in-house SOC team. In fact, if (ISC)2 is to be believed, the cybersecurity profession needs to grow by 3.4 million people in order to close the workforce gap.
In that case, it might be worth outsourcing your cybersecurity to experts who have the expertise and resources to give you better security from cyber threats.
Companies like DigitalXRAID could help keep your business safe from online threats, whether it is your ongoing services or cloud migration.
Have a think. See if you want to invest in ongoing cybersecurity for your business.