Regular web users unwittingly launch DDoS attacks on Ukraine
A malicious script hijacks browsers
Web users are being unwittingly recruited for distributed denial of service (DDoS) attacks against multiple websites belonging to the Ukrainian government and local non-profits.
As reported by BleepingComputer, an unknown threat actor has managed to compromise a number of WordPress websites, and embed a unique JavaScript code, which sends an HTTP GET request to a total of ten websites.
When someone visits one of these sites, their browser is forced to execute the code. The objective of the campaign is to overload the websites with fake traffic and take them offline.
We're looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn't take more than 60 seconds of your time. Thank you for taking part.
Abusing civilians
The people whose endpoints are being used for this attack almost certainly don’t know they are part of an attack. Besides slowing down their browsing a little, there’s no indication of the browser essentially being hijacked.
Bleeping Computer further explains that every request to the websites utilizes a random query string, so that the request doesn’t get served through Cloudflare or a similar CDN. Instead, it’s directly received by the target server.
Ukrainian websites aren’t the only victims of the attack, though. BleepingComputer found that the same script is being used to mount attacks against roughly 70 Russian websites too. The difference is that, in this case, the individuals are aware they are partaking in a DDoS campaign.
The war between Russia and Ukraine has spilled from the physical realm into cyberspace. Earlier this week, one of Ukraine’s Internet Service Providers (ISP), Ukrtelecom, reported suffering a “major” cyberattack, which brought internet connectivity in the country down to almost a tenth of its pre-war levels.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
The ISP later announced that the attack had been thwarted, but connectivity for civilians is likely to remain patchy, as the ISP wants to ensure that the government and military have stable access, before restoring it for the rest of the citizens.
Via BleepingComputer
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.