WCB #3-DDoS attack on Serbian Government

WCB #3-DDoS attack on Serbian Government

·

5 min read

Weekly Recap

This week in cybersecurity saw a whole host of interesting stories. Some of these stories include:

  • Spy note malware spying on Android users - This enables hackers to modify and infect Android smartphones

  • Meta pursuing Pegasus spyware suit - Israel's NSO Group is accused of exploiting a bug in WhatsApp to implement spy software

  • Tik Tok CEO being questioned over data harvesting - EU officials are concerned by the aggressive data harvesting and surveillance Tik Tok has carried out in the U.S. and want to ensure Tik Tok will comply with their obligations.

The story I found most interesting, however, is the Serbian government being the victim of a DDoS attack.

With the recent conflict between Russia and Ukraine, cyber warfare has increased at a rapid pace but it has been increasing over the past decade for some time now. The main offenders of these attacks tend to be China, North Korea, Russia and Iran. The motivation for these attacks can range anywhere from gathering intelligence information to sheer disruption. Serbia happens to be allied with two of these nations, Russia and China. Being allied with these two countries can bring attention in many forms such as unwanted cyber threats to the country. Serbia is currently dealing with a regional issue involving the people of Kosovo. According to Stefan Vladisavljev of John Hopkins, Serbia will not recognize Kosovo as an independent country since it would be seen as a violation of sovereignty and territorial integrity. Due to these bilateral issues between Serbia and Kosovo, one could surmise that these attacks came from Kosovo but that has not been suggested nor confirmed. More on this issue can be found here.

Summary of Attack

What is a DDoS attack you may ask?

Simply put, a Distributed Denial of Service (DDoS) attack is an attempt by an external threat to overwhelm a target which may be a website, application or server with malicious traffic. Some common types of DDoS attacks are Volumetric, Protocol and Application. You can view these attacks in detail here.

In the case of Serbia's recent issue, a volumetric attack was carried out since the attackers were aiming to overload the websites with massive volumes of malicious traffic. This cyber attack lasted for approximately 48 hours and five major attacks were attempted on the Serbian government's IT systems. To mitigate this threat, enhanced security measures were implemented. These measures, however, caused a slowdown in the performance of these sites, reminiscent of what a DDoS attack can cause, but it did stave off serious damage, according to reports.

Although the exact methods to defend against these assaults were not stated, I believe the information security team in Serbia sought to:

  • Identify the source of the attack by enabling firewall logging of accepted and denied traffic

  • Configure their firewalls accordingly to block inbound traffic from these IP addresses.

They then, in my opinion, continued monitoring the network traffic after the incident.

Why I found this story interesting

The source of these attacks has not been identified, but in my opinion, it would seem that Kosovo is rebelling against the Serbian government. Although DDoS attacks are not the most sophisticated attacks, they do disrupt services that are important to the Serbian government. DDoS attacks also seem to be the method of choice by hackers to affect nation-states or large entities. Some examples of this can be seen in Estonia in 2007 when they were hit by a DDoS attack that affected financial institutions and other systems and in 2015 when Github was attacked by a DDoS attack that originated in China. These stories and more can be seen here.

What makes this story interesting, however, is the fact that the hacker group Anonymous states they were responsible for a recent attack on Serbia that resulted in the emails of Serbian government officials being hacked. Members of the group, according to Albanian Daily News and Fox News, referred to President Vucic of Serbia as "Putin's puppet". More on this story can be found here and here. Was it Kosovo...or was it Anonymous ..or could there be a third suspect responsible for the attack? Until more information is revealed, the answer to the question is anybody's guess.

Hacker, Question Mark, Hoodie, Attack

Possible Implications

  • Inability to access the official IT infrastructure website and potentially, other government official websites

  • High but irregular network traffic

  • Loss of productivity

  • Loss of revenue & trust

Possible Solutions

  • Reduce Attack Surface Area

  • Understanding the network traffic

  • Monitor network traffic for unusual activity

  • Scale up bandwidth

  • Enroll in DDoS protection services

Conclusion

This was a fascinating story to dive deeper into. I learned more about the country and its ongoing geopolitical issues and even discovered that the infamous hacker group "Anonymous" may be a key player in these events. Having to face cyber attacks regionally and then from a hacker group that has its members spread to every inch of the globe can be a tall order for a country to face. Despite this, I believe the information security team at the Serbian government did a great job in protecting sensitive data and fending off these recent attacks. I do wonder how long they can manage to fend off these attacks and what they will implement to bolster their defenses.

Resources

Marketing, C. (2022, November 14). Why ddos attacks are so damaging: Corero Network Security blog. Corero. Retrieved January 14, 2023, from https://www.corero.com/the-damaging-impacts-of-ddos-attacks/

Anderson, P. (1982). Shield. Amazon. Retrieved January 14, 2023, from https://aws.amazon.com/shield/ddos-attack-protection/

Understanding and responding to distributed denial-of-service attacks. (n.d.). Retrieved January 14, 2023, from https://www.cisa.gov/sites/default/files/publications/understanding-and-responding-to-ddos-attacks_508c.pdf

Blink, S. (n.d.). Serbian government under cyber attack amid heightened tensions in Balkans. Heuristic Application Security Management Platform. Retrieved January 14, 2023, from https://www.secureblink.com/cyber-security-news/serbian-government-under-cyber-attack-amid-heightened-tensions-in-balkans?trk=organization_guest_main-feed-card_feed-article-content

Vladisavljev, P. author B. S., & Vladisavljev, S. (2022, November 8). Why China is Serbia's new main ally in the Kosovo Independence Dispute - the SAIS review of international affairs. The SAIS Review of International Affairs - The SAIS Review of International Affairs. Retrieved January 15, 2023, from https://saisreview.sais.jhu.edu/china-serbia-kosovo-independence-dispute/

Aitken, P. (2023, January 5). Anonymous claims Serbia is 'Putin's puppet,' Russia looks to expand war in Europe and 'distract the west'. Fox News. Retrieved January 15, 2023, from https://www.foxnews.com/world/anonymous-claims-serbia-putins-puppet-russia-expand-war-europe-distract-west

Kote, K. (2023, January 9). Hundreds of Serbian govt officials' emails hacked. ALBANIA DAILY NEWS. Retrieved January 15, 2023, from https://albaniandailynews.com/news/hundreds-of-serbian-govt-officials-emails-hacked