Weekly Recap
This week in cybersecurity saw a whole host of interesting stories. Some of these stories include:
Spy note malware spying on Android users - This enables hackers to modify and infect Android smartphones
Meta pursuing Pegasus spyware suit - Israel's NSO Group is accused of exploiting a bug in WhatsApp to implement spy software
Tik Tok CEO being questioned over data harvesting - EU officials are concerned by the aggressive data harvesting and surveillance Tik Tok has carried out in the U.S. and want to ensure Tik Tok will comply with their obligations.
The story I found most interesting, however, is the Serbian government being the victim of a DDoS attack.
With the recent conflict between Russia and Ukraine, cyber warfare has increased at a rapid pace but it has been increasing over the past decade for some time now. The main offenders of these attacks tend to be China, North Korea, Russia and Iran. The motivation for these attacks can range anywhere from gathering intelligence information to sheer disruption. Serbia happens to be allied with two of these nations, Russia and China. Being allied with these two countries can bring attention in many forms such as unwanted cyber threats to the country. Serbia is currently dealing with a regional issue involving the people of Kosovo. According to Stefan Vladisavljev of John Hopkins, Serbia will not recognize Kosovo as an independent country since it would be seen as a violation of sovereignty and territorial integrity. Due to these bilateral issues between Serbia and Kosovo, one could surmise that these attacks came from Kosovo but that has not been suggested nor confirmed. More on this issue can be found here.
Summary of Attack
What is a DDoS attack you may ask?
Simply put, a Distributed Denial of Service (DDoS) attack is an attempt by an external threat to overwhelm a target which may be a website, application or server with malicious traffic. Some common types of DDoS attacks are Volumetric, Protocol and Application. You can view these attacks in detail here.
In the case of Serbia's recent issue, a volumetric attack was carried out since the attackers were aiming to overload the websites with massive volumes of malicious traffic. This cyber attack lasted for approximately 48 hours and five major attacks were attempted on the Serbian government's IT systems. To mitigate this threat, enhanced security measures were implemented. These measures, however, caused a slowdown in the performance of these sites, reminiscent of what a DDoS attack can cause, but it did stave off serious damage, according to reports.
Although the exact methods to defend against these assaults were not stated, I believe the information security team in Serbia sought to:
Identify the source of the attack by enabling firewall logging of accepted and denied traffic
Configure their firewalls accordingly to block inbound traffic from these IP addresses.
They then, in my opinion, continued monitoring the network traffic after the incident.
Why I found this story interesting
The source of these attacks has not been identified, but in my opinion, it would seem that Kosovo is rebelling against the Serbian government. Although DDoS attacks are not the most sophisticated attacks, they do disrupt services that are important to the Serbian government. DDoS attacks also seem to be the method of choice by hackers to affect nation-states or large entities. Some examples of this can be seen in Estonia in 2007 when they were hit by a DDoS attack that affected financial institutions and other systems and in 2015 when Github was attacked by a DDoS attack that originated in China. These stories and more can be seen here.
What makes this story interesting, however, is the fact that the hacker group Anonymous states they were responsible for a recent attack on Serbia that resulted in the emails of Serbian government officials being hacked. Members of the group, according to Albanian Daily News and Fox News, referred to President Vucic of Serbia as "Putin's puppet". More on this story can be found here and here. Was it Kosovo...or was it Anonymous ..or could there be a third suspect responsible for the attack? Until more information is revealed, the answer to the question is anybody's guess.
Possible Implications
Inability to access the official IT infrastructure website and potentially, other government official websites
High but irregular network traffic
Loss of productivity
Loss of revenue & trust
Possible Solutions
Reduce Attack Surface Area
Understanding the network traffic
Monitor network traffic for unusual activity
Scale up bandwidth
Enroll in DDoS protection services
Conclusion
This was a fascinating story to dive deeper into. I learned more about the country and its ongoing geopolitical issues and even discovered that the infamous hacker group "Anonymous" may be a key player in these events. Having to face cyber attacks regionally and then from a hacker group that has its members spread to every inch of the globe can be a tall order for a country to face. Despite this, I believe the information security team at the Serbian government did a great job in protecting sensitive data and fending off these recent attacks. I do wonder how long they can manage to fend off these attacks and what they will implement to bolster their defenses.
Resources
Marketing, C. (2022, November 14). Why ddos attacks are so damaging: Corero Network Security blog. Corero. Retrieved January 14, 2023, from https://www.corero.com/the-damaging-impacts-of-ddos-attacks/
Anderson, P. (1982). Shield. Amazon. Retrieved January 14, 2023, from https://aws.amazon.com/shield/ddos-attack-protection/
Understanding and responding to distributed denial-of-service attacks. (n.d.). Retrieved January 14, 2023, from https://www.cisa.gov/sites/default/files/publications/understanding-and-responding-to-ddos-attacks_508c.pdf
Blink, S. (n.d.). Serbian government under cyber attack amid heightened tensions in Balkans. Heuristic Application Security Management Platform. Retrieved January 14, 2023, from https://www.secureblink.com/cyber-security-news/serbian-government-under-cyber-attack-amid-heightened-tensions-in-balkans?trk=organization_guest_main-feed-card_feed-article-content
Vladisavljev, P. author B. S., & Vladisavljev, S. (2022, November 8). Why China is Serbia's new main ally in the Kosovo Independence Dispute - the SAIS review of international affairs. The SAIS Review of International Affairs - The SAIS Review of International Affairs. Retrieved January 15, 2023, from https://saisreview.sais.jhu.edu/china-serbia-kosovo-independence-dispute/
Aitken, P. (2023, January 5). Anonymous claims Serbia is 'Putin's puppet,' Russia looks to expand war in Europe and 'distract the west'. Fox News. Retrieved January 15, 2023, from https://www.foxnews.com/world/anonymous-claims-serbia-putins-puppet-russia-expand-war-europe-distract-west
Kote, K. (2023, January 9). Hundreds of Serbian govt officials' emails hacked. ALBANIA DAILY NEWS. Retrieved January 15, 2023, from https://albaniandailynews.com/news/hundreds-of-serbian-govt-officials-emails-hacked