US airports' sites taken down in DDoS attacks by pro-Russian hackers
US airports' sites taken down in DDoS attacks by pro-Russian hackers
Bill Toulas
- October 10, 2022
- 10:15 AM
- 2
Update: Title of story modified to indicate it was the sites taken down.
The pro-Russian hacktivist group 'KillNet' is claiming large-scale distributed denial-of-service (DDoS) attacks against websites of several major airports in the U.S., making them unaccessible.
The DDoS attacks have overwhelmed the servers hosting these sites with garbage requests, making it impossible for travelers to connect and get updates about their scheduled flights or book airport services.
Notable examples of airport websites that are currently unavailable include the Hartsfield-Jackson Atlanta International Airport (ATL), one of the country's larger air traffic hubs, and the Los Angeles International Airport (LAX), which is intermittently offline or very slow to respond.
Other airports returning database connection errors include Chicago O'Hare International Airport (ORD), Orlando International Airport (MCO), Denver International Airport (DIA), Phoenix Sky Harbor International Airport (PHX), along with some in Kentucky, Mississippi, and Hawaii.
KillNet listed the domains yesterday on its Telegram channel, where members and volunteers of the hacktivist group gather to acquire new targets.
They are relying on custom software to generate fake requests and garbage traffic directed at the targets with the goal of depleting their resources and making them unavailable to legitimate users.
In this case, the DDoS attacks do not impact flights, but they still have an adverse effect on the function of a crucial economic sector, threatening to disrupt or delay associated services.
KillNet has previously targeted countries that sided with Ukraine, like Romania and Italy, while its "sub-group" Legion struck key Norwegian and Lithuanian entities for similar reasons.
As the war in Ukraine has entered a new phase, pro-Russian threat actors and hacktivists are trying to ramp up their retaliatory cyberattacks against neuralgic organizations in the western world.
The U.S., being the de-facto leader of NATO, which is Russia's main military rival, has supplied Ukraine with intelligence and equipment from early on in the war, but DDoS attacks so far seemed to be focused on EU targets, especially after the announcement of sanctions.
KillNet's targeting scope expanded to include the U.S. only last week when the DDoS group attacked government websites in Colorado, Kentucky, and Mississippi, with moderate success.
H/T Dominic Alvieri
. . . A cyberattack reportedly originating from a pro-Russian hacker group struck the websites of more than a dozen major airports in the United States Monday morning, ABC News reports.
Some of the nation's largest airports have been targeted for cyberattacks Monday by an attacker within the Russian Federation, a senior official briefed on the situation confirmed to ABC News.
Importantly, the systems targeted do not handle air traffic control, internal airline communications and coordination or transportation security.
"It's an inconvenience," the source said. The attacks have resulted in targeted "denial of public access" to public-facing web domains that report airport wait times and congestion.Individual airport websites were hit with denial of service (DoS) attacks which blocked customers from accessing information they provide such as departure times, cancellations and gate information. Affected airports included New York's LaGuardia, Los Angeles International and Hartsfield–Jackson Atlanta International.
The websites were down temporarily and are unrelated to security or air traffic control.
According ABC News, John Hultquist, head of intelligence analysis at cybersecurity firm Mandiant, said the pro-Russian hacker group Killnet was behind the attacks. Killnet has been operating during the Russian war on Ukraine and generally targets websites in Europe.
Cyberattacks reported at US airports
The attacker was within the Russian Federation, according to a senior official.
Some of the nation's largest airports have been targeted for cyberattacks Monday by an attacker within the Russian Federation, a senior official briefed on the situation confirmed to ABC News.
Importantly, the systems targeted do not handle air traffic control, internal airline communications and coordination or transportation security.
"It's an inconvenience," the source said. The attacks have resulted in targeted "denial of public access" to public-facing web domains that report airport wait times and congestion.
Over a dozen airport websites were impacted by the "denial of service" attack, John Hultquist, head of intelligence analysis at cybersecurity firm Mandiant, told ABC News. That type of attack essentially overloads sites by jamming them with artificial users.
"Killnet," a pro-Russian hacker group, is believed to be behind the attack, according to Hultquist. While similar groups have been found to be fronts for state-backed actors, Hultquist said there is no evidence the Russian government was involved in directing this attack.
The attacks were first reported around 3 a.m. ET when the Port Authority notified the Cybersecurity and Infrastructure Security Agency that the LaGuardia Airport system had been hit. LaGuardia has been restored, but other airports around the country have subsequently been targeted.
The FBI and Cybersecurity and Infrastructure Security Agency, part of the Department of Homeland Security, each said they were aware of the attacks.
The websites for Des Moines International Airport, Los Angeles International Airport (LAX) and Chicago O'Hare International Airport appeared impacted Monday morning.
Hartsfield-Jackson Atlanta International Airport reported around 10:30 a.m. ET that its site is back up and running and that "at no time were operations at the airport impacted.""Early this morning, the FlyLAX.com website was partially disrupted," LAX said in a statement to ABC News. "The service interruption was limited to portions of the public facing FlyLAX.com website only. No internal airport systems were compromised and there were no operational disruptions."
LAX said its website was back up and running a little before 1 p.m. ET.
The group "Killnet" has been active since the beginning of the war in Ukraine, targeting Ukrainian allies and recently claiming credit for taking down government websites in the U.S. They operate internationally and have been known to carry out attacks across Europe, according to cybersecurity experts.Engineers and programmers are actively working to close backdoors that allowed the attacks and shoring up more critical computer infrastructure.
Jamming attacks like the one seen Monday morning are highly visible but largely superficial and often temporary, Hultquist said.
"We are pretty clear it's a Russian cyber group that claimed responsibility," Sen. Chuck Schumer, D-N.Y., said Monday, going on to connect the attacks to the Ukrainian bombing of a bridge in Crimea over the weekend. "We are asking our authorities to confirm who did it and then take the appropriate strong action so the Russians know they cannot get away with this. Putin has a lot of nerve, after his brutal vicious war against the Ukrainian people, to now say he has the right to retaliate because they protected themselves with a bridge is outrageous."
ABC News' Alex Stone contributed to this report.
No comments:
Post a Comment