The Times Australia
Small Business News

.
The Times Real Estate

.

Pro-Russian Hacker Group Targeting Sites in Ukraine and Supporting Countries with DDoS Attacks


The group performs politically motivated attacks on websites belonging to governments, utilities, telecommunications, and transportation companies

Avast, a global leader in digital security and privacy, has been tracking the activity of a pro-Russian hacker group called NoName057(16) since June 1, 2022. The group reacts to evolving political situations, targeting pro-Ukrainian companies and institutions in Ukraine and neighbouring countries, like Estonia, Lithuania, Norway, and Poland. According to Avast’s research, the group has a 40% success rate, and companies with well-protected infrastructure can withstand attack attempts. The research also found that 20% of the successes claimed by the group may not be their doing. 

NoName057(16)’s targets

NoName057(16) exclusively carry out DDoS attacks. At the beginning of June, the group targeted Ukrainian news servers. Then, they focused on websites within Ukraine belonging to cities, local governments, utility companies, armament manufacturers, transportation companies, and postal offices. 

By mid-June, the attacks became more politically motivated. Baltic states (Lithuania, Latvia, and Estonia) are significantly targeted. Following a ban on the transit of goods subject to EU sanctions through their territory to Kaliningrad, the group targeted Lithuanian transportation companies, local railway, and bus transportation companies. On July 1, 2022, the transportation of goods destined to reach miners employed by the Russian government-owned coal mining company, Arktikugol, was stopped by Norwegian authorities. In response, the group retaliated by attacking Norwegian transportation companies (Kystverket, Helitrans, Boreal), the Norwegian postal service (Posten), and Norwegian financial institutions (Sbanken, Gjensidige). In early August, after Finland announced their intention of joining NATO, NoName057(16) went after Finnish government institutions, like the Parliament of Finland (Eduskunta), State Council, and Finish police. 

40% success rate

NoName057(16) actively boast about their successful DDoS attacks to their more than 14K followers on Telegram. Their channel was created on March 11, 2022. The group only reports successful DDoS attacks.  

“Although the group’s reported number of successful attacks seems large, statistical information indicates the contrary,” explains Martin Chlumecky, malware researcher at Avast.

“The group’s success rate is 40%. We compared the list of targets the C&C server sends to the Bobik bots to what the group posts to their Telegram channel. Websites hosted on well-secured servers can withstand the attacks. Around 20% of the attacks the group claims to be responsible for did not match the targets listed in their configuration files.” 

Bobik bots act as soldiers

The group controls unprotected PCs around the world infected with malware called Bobik, which act as bots. Bobik first emerged in 2020 and was used as a remote access tool in the past. The malware is distributed by a dropper called Redline Stealer, which botnet-as-a-service cybercriminals pay for to spread their malware of choice. Avast has protected a few hundred PCs from Bobik. Avast researcher Martin Chlumecky, however, estimates there are several thousand Bobik bots in the wild, considering the effectiveness and frequency of attacks. 

The group sends commands to its bots via a C&C server located in Romania. Formerly, the group had two additional servers in Romania and Russia, but these are no longer active. The bots receive lists of targets to DDoS, in the form of XML configuration files, which are updated three times a day. They attempt to overload login pages, password recovery sites, and site searches. The attacks last a few hours to a few days. 

Impact of the attacks

The group's most successful attacks leave sites down for several hours to a few days. To handle the attacks, smaller and local site operators often resort to blocking queries from outside their country. In extreme cases, some site owners targeted by the group unregistered their domains. 

“The power of the DDoS attacks performed by NoName057(16) is debatable, to say the least. At one time, they can effectively strike about thirteen URL addresses at once, judging by configuration history, including subdomains,” continues Martin Chlumecky. “Furthermore, one XML configuration often includes a defined domain as a set of subdomains, so Bobik effectively attacks five different domains within one configuration. Consequently, they cannot focus on more domains for capacity and efficiency reasons.” 

The DDoS attacks carried out were more difficult to handle for some site operators of prominent and significant domains, such as banks, governments, and international companies. After a successful attack, Avast researchers noticed larger companies implementing enterprise solutions, such as Cloudflare or BitNinja, which can filter incoming traffic and detect DDoS attacks in most cases. On the other hand, most large, international companies expect heavier traffic and run their web servers in the Cloud with anti-DDoS solutions, making them more resilient to attacks. For example, the group was unsuccessful in taking down sites belonging to Danish bank, Danske Bank (attacked June 19 - 21, 2022), and Lithuanian bank, SEB (attacked July 12 - 13, 2022 and July 20 - 21, 2022). 

NoName057(16)’s more successful attacks affected companies with simple, informational sites, including just an about, mission, and a contact page, for example. The servers of sites like these are not typically designed to be heavily loaded and often do not implement anti-DDoS techniques, making them an easy target. 

How businesses and consumers can protect themselves

Businesses can protect their sites from DDoS attacks with specialized software and cloud protection.  

Consumers can prevent their devices from being used as part of a botnet by using reliable antivirus software, like Avast One, which detects and blocks malware like Bobik. Further steps consumers can take to protect their devices include avoiding clicking on suspicious links or attachments in emails and updating software on a regular basis to patch vulnerabilities. It is very difficult to recognize if a device is being used to facilitate a DDoS attack, but an indication could be high network traffic going to an unknown destination. 

More information about the group, Bobik malware, and the DDoS attacks can be found on the Avast Decoded blog: https://decoded.avast.io/martinchlumecky/bobik/

SME Business News

Albanese government looking to acquire Rex Airlines if buyer can’t be found

The Albanese government will on Wednesday announce it is willing, as a last resort, to purchase the collapsed Rex Airlines, in its latest bid to prop up aviation services to regional and remo...

The Legal Battle Against IP Theft: What Businesses Need to Know

So you've formulated that million-dollar idea and you're ready to take your business to the next level. You were so excited to publicize your supposedly next big thing that you went on TikTok...

Top 20 SEO and Guest Post Services in Wyoming Helping Brands Expand Their Reach

Today’s business needs to have strong online visibility to grow and reach more customers. Guest post services and SEO services make it easier for the brand to rank higher on their search engine...

Everything You Need to Know About PLR Digital Products to Resell for Maximum Passive Income

In the ever-evolving digital product world, the concept of Private Label Rights (PLR) has emerged as a lucrative opportunity for entrepreneurs who aim to generate passive income. PLR digital prod...

Property Times

Why You Need an Expert Electrician for Your Business’s Electrical Upgrades and Repairs

When it comes to maintaining and upgrading your business’s electrical systems, it’s essential to call in a professional. Electrical work in any commercial setting requires the expertise of a qualified electrician in Newcastle. Whether you're planni...

Why Is It Crucial to Have a Building Inspection Done Before Buying a New Home?

Purchasing a new property is a big financial decision that can impact your future for years. Whether you are a first-time buyer or an investor, good or bad, it is essential to ensure the property is in good condition. A building inspection is an af...

Floor Tiling: Choosing the Right Tiles for Every Room

Choosing floor tiles is more than just grabbing the first design that catches your eye at the showroom. You need to think about how the floor tiling option will fit into your space, how durable it is, and whether it’s safe for that particular area...

Yes, Australia needs new homes – but they must be built to withstand disasters in a warmer world

Australia’s housing crisis has created a push for fast-tracked construction. Federal, state and territory governments have set a target of 1.2 million new homes[1] over five years. Increasing housing supply is essential. However, the homes must ...

Food & Dining

7 Tips to Brew Perfect Mullein Tea Every Time

Brewing the perfect cup of mullein tea can often feel elusive, especially with all the conflicting advice available online. You might struggle with weak flavour, overpowering bitterness, or even the challenge of floating leaves in your cup.  Fortu...

Fresh Ideas for Celebrating the Year of the Snake

The Lunar New Year is here, and with it comes the Year of the Snake—a time for fresh beginnings, family connections, and, of course, delicious food. As celebrations kick off, Australian families are turning to summer’s bounty of fresh produce to ...

Drop of Sunshine | The perfect gift for that special someone this Valentine’s day

Drop of Sunshine: A Toast to Women, Our Connections & The Stories That Bring Us Together Treasury Wine Estates (TWE), one of the world’s leading wine companies, has launched a new line of premium wines,  Drop of Sunshine, in partnership wit...

Delicious and Healthy Vitamix Recipes for Optimal Nutrition

🍏🥦 Enjoy tasty Vitamix recipes packed with nutrients for optimum health. Healthy eating 🥕🍓 made fun & delicious! 💪🍹 #Nutrition #VitamixRecipes Healthy Eating and Optimal NutritionRenowned for its versatility and unparalleled blending capabilitie...

The Times Features

Why You Need an Expert Electrician for Your Business’s Electrical Upgrades and Repairs

When it comes to maintaining and upgrading your business’s electrical systems, it’s essential to call in a professional. Electrical work in any commercial setting requires the ex...

Why Is It Crucial to Have a Building Inspection Done Before Buying a New Home?

Purchasing a new property is a big financial decision that can impact your future for years. Whether you are a first-time buyer or an investor, good or bad, it is essential to en...

Online Application for Sick Leave Certificate: Understanding When and How to Secure One

A sick leave certificate is an official document issued by a healthcare professional to verify an individual's inability to attend work due to illness. It typically includes the ...

A No-Fuss Guide to an Effective Beauty Routine

Taking care of the skin and appearance need not be complicated; it need not even consume your hours of time. Smart and simple approaches can give one that glow and fresh look witho...

Safe & Effective Tattoo Removal in Auckland – What You Need to Know

If you're looking for tattoo removal in Auckland, modern laser technology offers the safest and most effective way to fade or completely remove unwanted ink. Whether it's an outd...

Fleece-Lined Tights vs. Regular Tights: What’s the Difference?

When temperatures drop, choosing the right pair of tights can make a significant difference in comfort, warmth, and durability. Whether you wear tights for fashion, work, or outdoo...

Business Times

Albanese government looking to acquire Rex Airlines if buyer can’…

The Albanese government will on Wednesday announce it is willing, as a last resort, to purchase the collapsed Rex Airline...

The Legal Battle Against IP Theft: What Businesses Need to Know

So you've formulated that million-dollar idea and you're ready to take your business to the next level. You were so excit...

Top 20 SEO and Guest Post Services in Wyoming Helping Brands Expa…

Today’s business needs to have strong online visibility to grow and reach more customers. Guest post services and SEO servi...

LayBy Shopping