Now that’s a great way to start the day, and a little melodramatic. But it’s actually a quote from an online video posted by the Killnet Group which is a group active for a few months now, aligned to Russia, and have declared war on 10 countries including the UK, threatening to attack their Critical National Infrastructure, which includes transport (rail), airports, government departments/agencies, but also attack it’s revenue sources, so finance organisations of all sizes, wholesale and retail outlets, and any business that supports those organisations in their supply chain, so all of us really.
They set themselves us in response to the IT Army of Ukraine and draw their manpower from around the world with differing levels of competency and experience. Up to now they have primarily been attributed with attacks against airports including Gatwick, and some specifically targeted attacks against overseas police forces.
So, the question is, have effective are they likely to be and do I need to be concerned about it? Well in short, they could be anything from a nuisance, to doing some real damage and as I have said on many occasions, SMEs are a target because many sit somewhere in the supply chain, already impacted by COVID and BREXIT, which could be crippled with a relatively few well placed cyber-attacks. And of course, SMEs remain the easier target as their defences tend to be less comprehensive than perhaps they should be.
They have, so far, been mainly associated with Distributed Denial of Service (DDOS) attacks, particularly favouring a technique known as slow HTTP that requires very little bandwidth in comparison to other DDOS methods. This technique utilises a web servers need for complete packets (a packet being around 80 bytes of data which is how data is ‘chunked’ up for transmission. What this means, without being too boring, is that it uses less resources than other methods. It targets thread-based web servers by occupying every thread with slow requests that are sent at just above the time out limit, preventing genuine users from connecting.
Many of you will not have your own servers but will, instead, by using cloud-based servers and so you are heavily reliant on your cloud-based provider. Once mitigation may be to have more than one cloud-based provider and whilst this might seem an unnecessary expense, it does mean that you have a fail over plan. This would require that your primary cloud provider, could back up to a second provider. Not as hard as it sounds, and I have clients already doing this.
If you are using your own servers then careful monitoring and logging of server resource is highly recommended, having some way of identifying normal behaviour and looking for things that are out of the ordinary. There is software and devices on the market that can do that for you.
Above all you should have a business continuity and disaster recovery plan in order to keep operating during times of strife.
H2 provides affordable and flexible one-off and ongoing data protection and cyber risk protection services.
To learn more about the services we provide please click here https://www.hah2.co.uk/
Alternatively, please feel free to give us a call or email
T: 0845 5443742
M: 07702 019060