Between June 17 and June 21, 2024, Romania experienced 25 Distributed Denial of Service (DDoS) attacks targeting various websites, as reported by the National Cybersecurity Directorate (DNSC).
Russian Affiliation
These attacks were perpetrated by hacker groups affiliated with Russia.
The affected sites included public institutions and private entities in the financial, transportation, and telecommunications sectors.
The DNSC's own website was also among those attacked. According to DNSC, they had warned the targeted organizations in advance, as the attacks were announced on online chat platforms used by the attackers.
The DNSC maintained constant communication to offer support and ensure mitigation efforts were effective, resulting in no significant disruptions to the targeted sites' activities.
Mitigation Efforts and Challenges
DDoS attacks overwhelm a target by generating massive connection requests, which can cause intermittent functionality or complete shutdown of the affected platforms.
During such attacks, malicious actors use networks of compromised internet-connected devices, known as botnets. Identifying and blocking the IP addresses used in these attacks is challenging due to their diverse origins.
Given the interconnected nature of communication infrastructures, DDoS attacks can be quickly initiated remotely and may affect not only the primary targets but also collateral sites.
The DNSC specialists emphasize the importance of proactive measures for network administrators to reduce the impact of DDoS attacks, such as implementing DDoS protection services that detect and redirect abnormal traffic, and creating a disaster recovery plan to ensure efficient communication and recovery during an attack.
Preventative Measures and Recommendations
To prevent devices from being compromised and included in botnets that launch DDoS attacks, DNSC recommends several proactive solutions.
Users should employ antivirus applications and install firewalls configured to restrict traffic to and from the device.
Implementing good security practices is crucial, such as minimizing access to information on the device and managing unwanted traffic.
These steps can significantly reduce the risk of devices being used in DDoS attacks and help maintain the integrity and availability of online services in the face of such cyber threats.
