- Several important government websites such as the Italian Senate, the House of Lords, and the Ministry of Defense were attacked by cyberattacks, and the websites were inaccessible for at least 1 hour;
- Italian CERT issued an early warning that the attack used a new DDoS technique of “slow HTTP”, which is difficult to resist with traditional defense measures and requires targeted treatment;
- The pro-Russian hacking group Killnet claimed responsibility for the attack.
Italy’s Computer Security Incident Response Team (CSIRT, similar to the national CERT) has warned of a number of recent DDoS attacks targeting important Italian government websites.
DDoS (Distributed Denial of Service) is a common cyber-attack designed to exhaust the available resources on a server so that it cannot respond to normal user requests and the website it is hosting on cannot be accessed properly.
Several important government websites in Italy are down
Italy’s Ansa news agency reported that on May 11, local time, several important government websites such as the Italian Senate, the House of Lords, and the Ministry of Defense were attacked by a network. The websites were inaccessible for at least an hour. Websites of the Institute of Health, the Italian Automobile Club and others.
The pro-Russian hacking group Killnet claimed responsibility for the attack. Previously, they had also launched similar attacks on Romanian portals and Bradley International Airport in the United States.
In response to news reports of a DDoS attack in Italy, the Killnet gang posted on its Telegram channel that further attacks are likely in the future.
A member of the Killnet representative declared on Telegram, “Our ‘corps’ are conducting military cyber exercises in your country, aimed at training and improving attack skills. This is similar to what your country is doing – Italians and Spaniards are also learning in Ukraine. Fight. Our ‘Legion’ is destroying your servers!”
“Please note that the current stage is just training. Stop yelling and posting about the attack on the Senate. I can guarantee that our cyber forces will soon complete their training within Italian territory and continue to operate. Offense. It’s all going to come hard, come fast.”
Current defenses struggle against slow HTTP tactics
The CSIRT explained in the announcement that malicious hackers used so-called “slow HTTP” technology in their attacks on the country’s government, ministries, parliament and even the military’s websites.
This technique sends an HTTP request to the web server one at a time, but either sets an extremely slow transfer rate for the request or deliberately sends an incomplete request, causing the server to wait for the next request.
The server first detects incoming traffic and then allocates resources dedicated to waiting for the remaining data. When there are too many such requests, the server becomes overwhelmed and can no longer accept any other connections, ultimately rendering the site unreachable.
“This attack is more effective when using POST requests because these requests send large amounts of data to the web server at the same time,” the CSIRT said.
The CSIRT called “slow HTTP” a relatively rare type of DDoS attack, and warned existing defenses would be ineffective if system administrators didn’t take action.
“For the several DDoS attacks against domestic and international targets discovered since May 11, we found that they are different from the conventional Type 1 capacity exhaustion attacks. Due to the limited bandwidth actually occupied, it is impossible to exploit the commonly used DDoS attacks on the market. protection system against it.”
——CSIRT
The CSIRT has shared possible ways to mitigate such attacks in an announcement.
Conclusion
Today, businesses of all sizes across all industries face the growing threat of ransomware attacks. Storage systems may seem to have little to do with an organization’s cybersecurity posture and policies, but it just might be the best defense. Some features and components of virtual machine backup, such as easy-to-manage, cost-effective, and storage-friendly, make it essential to protect sensitive data from ransomware attacks, helping to create unbreakable cloud storage for enterprise data centers and effectively prevent ransomware attack. Most common used VM backup solution includes VMware Backup, Xenserver Backup, oVirt Backup and so on.
