Last weekend, hackers attacked the websites of the German military and the Ministry of Defense, rendering them temporarily unavailable. Chancellor Olaf Scholz’s office was also targeted, Der Spiegel news magazine reported. A spokesperson for the Bundestag, the lower house of the German parliament, told the magazine that the incident was an “unsuccessful attempt at an attack that did not cause any damage here.”
The cyberattack was claimed by the pro-Russian “Killnet” group, which specializes in “overload attacks” — technically called DDoS (pronounced “dee-dohs”). These attacks involve a website being flooded with simultaneous and coordinated webpage requests from multiple computers, making it difficult for the website to handle all of them. This then makes the website extremely slow or completely inaccessible to legitimate users.
The weekend attack wasn’t the notorious group’s first. Last month, it launched DDoS attacks on institutions in Romania, the United States, Estonia, Poland, and the Czech Republic, according to the Romanian Intelligence Service (SRI). Several NATO-linked websites were also attacked.
Although these attacks were seemingly harmless, cyberattacks can have really devastating effects. So, how to tell between apparently harmless cyberattacks and those that could cause a lot of pain?
How does DDoS work?
A DDoS (distributed denial of service) attack can be quite damaging for businesses, institutions or providers whose income or service depends on users visiting their websites.
They are called “distributed” because they use multiple remote computers to launch denial-of-service attacks.
These attacks are surprisingly simple. There are many tools available that anyone can download and use, thanks to their easy interfaces. Software like LOIC (Low Orbit Ion Cannon), XOIC, HULK (HTTP Unbearable Load King) or Saphyra are some of the tools that hackers use for denial of access attacks.
But when only one person runs one of these tools it’s just a DoS attack, without the “distributed” part, and it’s usually not enough to cause any problems. Servers can easily handle them when they come from just one source; the problem is when there are hundreds or thousands of sources.
To do that, hackers send malware or malicious software, mostly via email, to many people. This is known as phishing. When they download them, their computers turn into robots or bots that respond to orders from the attacker. And when there are hundreds or thousands of these bots, the computers turn into a botnet, which acts as something of a personal zombie army. Now, whenever the hackers please, they can give an order to the botnet and launch a simultaneous and massive DDoS attack. That’s the one that can wreak havoc on a website, depending on the magnitude of the attack.
A DDoS attack is akin to knocking so many times on someone’s door that they get annoyed and stop responding. But it doesn’t breach the house or steal anything from it, that is, it doesn’t cause any data theft, but it does prevent others from reaching the house.
So, a DDoS attack is not in itself a way for hackers to cause a devastating impact, like shutting down a power grid or stealing a billion dollars.
Davastating billion-dollar cyberattacks
Movie-like cyberattacks are very elaborate and require multiple tools like phishing, keyloggers, and malware as well as strategies like social engineering, which involves psychologically tricking someone into doing something, identifying a mole, or even closely studying a company or institution over a long period of time.
But what better way to know more about this than with an example that looks like something out of a Netflix show.
The so-called Carbanak APT cyberattack or “The Great Bank Robbery” was first detected in late 2013 when more than 100 banks and financial institutions were breached and robbed by an unknown group of hackers. Moscow-based cybersecurity company Kaspersky reported that the perpetrators may have stolen as much as $1 billion in total.
So how did the hackers pull off such a massive heist?
According to Kaspersky, the hackers first resorted to so-called spear-phishing, meaning that they sent tailor-made customized emails to bank personnel that looked like legitimate banking communications. These emails had either infected Word documents as attachments or a link that if downloaded or clicked would eventually result in the execution of a malicious program known as Carbanak.
Carbanak is a type of backdoor tool that allows remote hackers to use and look into an infected computer. With one computer infected, the hackers could then easily contaminate more machines inside the organization.
The malware also used a keylogger, which records and sends all the keystrokes to the hackers. So, the hackers just had to wait for an administrator to type in the passwords and other sensitive information, giving them access to the bank’s infrastructure and network. When an administrator did type in the details, the criminals got the details they needed to pull off the heist.
But costly hacks like this require more than just computer programs. Once inside the banks’ IT systems, the hackers waited for months silently spying on the employees, analyzing the procedures and learning about how the banks worked so they could later mimic them.
When they were ready, the cybercriminals used payment processing services like the SWIFT network to transfer money into their fake accounts. Then they managed to remotely control ATMs and make them throw out cash at precise locations and times so their money mules could pick up the money.
This was a very sophisticated, coordinated and carefully planned and executed operation, as opposed to the relatively simple flooding of a website with requests in order to crash it.
Edited by: Ashutosh Pandey