The websites of various Italian institutions are inaccessible or slowed down due to a cyber attack organized by the pro-Russian hacker group Killnet, which in recent days had already attacked the State Police. From Friday morning it is not possible to access the website of the Foreign Ministry, the Ministry of Culture and the Higher Council of the Judiciary. Starting at 7am, the sites alternated between regular operating periods and several offline hours.
On Thursday night in Killnet's Telegram group he had posted an extensive list of sites he was planning to attack. The list included sites of ministries, energy and telecommunications companies, and about twenty newspapers including Corriere della Sera, Repubblica, Ansa, Il Sole 24 Ore and la Stampa.
Late in the evening, a new, narrower list was released, from which media sites had been excluded. Among the declared objectives there are still the energy regulation authority, the Ministry of Education, Federtrasporto, as well as sites already under attack such as that of the Foreign Ministry. The Senate website was also hacked last week.
The latest issue of the Network Wars newsletter traced the origin of Killnet, linked to another group called Legion. Killnet was mentioned in a notice from CISA (the US agency for cybersecurity and critical infrastructure protection), along with other “cybercriminal groups aligned with Russia”, considered a threat to organizations managing critical infrastructure. Killnet's first public message appeared on video on March 1, a few days after the invasion of Ukraine. The video contains a strong stance in favor of Russia, along with a hostile message against Anonymous.
As on other occasions, Killnet has organized a DDoS attack, acronym for Distributed Denial of Service, which consists of a significant request for simultaneous access to a website in order to saturate the system and make the site unreachable. The resources of a network, such as servers, have in fact a precise limit of requests that they are able to support at the same time. Cybercriminals usually use a so-called botnet, a network of compromised computers under their control. Infected PCs can perform operations such as sending large amounts of data to the target of the attack thus preventing access to a specific service such as emails, connectivity, up to potentially involving all services.
In the case of the recent attacks suffered by Italian institutions, the CSIRT, the incident response team of the National Cybersecurity Agency, explained that they were conducted “using techniques that differ from the more common volumetric DDoS attacks, thus passing unnoticed to protection systems commonly used on the market against this type of attack ». A volumetric attack is launched with the aim of saturating the available bandwidth capacity by sending huge amounts of traffic commonly generated by botnets. The latest DDoS attacks are defined as “application”, which use tricks to be more effective.
There are several ways to defend against a DDoS attack. One of the possible precautions is to have a site infrastructure defined as “scalable”, that is, one that manages to distribute services to prevent a large amount of data from putting them at risk at peak times. There are technological companies on the market that take charge of all the IT traffic of a portal, purifying it of the accesses linked to the attack.
