DDoS Attacks Against Governments Are on the Rise

World Map picture of continents with spheres indicating where attacks have happened.

Although distributed denial-of-service (DDoS) attacks against local, regional, and national governments are not uncommon during peacetime, a marked increase in hacking related to the Russian invasion of Ukraine has dominated news cycles and may create the illusion that this activity only happens in times of war. It’s important to understand these threats were present long before the invasion and will be around long after.

DDoS attacks flood websites with illegitimate traffic, thus preventing valid users from accessing critical services. They’re often designed to disrupt systems and operations and block access to sites used by ordinary citizens, military personnel, or government agencies.

With visibility drawn from more than 230 countries and territories, 600-plus industry verticals, and more than 31,000 autonomous system numbers (ASNs), at NETSCOUT we’ve recorded 6,797,959 DDoS attacks in the latter half of 2022, a 13 percent increase from the first half of the year, and many of these targeted government agencies and services around the world.

Multiple Fronts and Changing Techniques

Cybercriminals are increasingly turning to multivector DDoS attacks, which combine multiple techniques such as DNS amplification, TCP direct-path, and application layer attacks concurrently. These comprise about half of all global DDoS attacks. In the second half of 2022 alone, we saw approximately 250,000 that utilized more than 11 vectors.

In addition to multivector attacks, adversaries use adaptive DDoS, whereby reconnaissance and probing are performed before the attack to see what works and what doesn’t. Cybercriminals then use this information to target soft spots in network defenses and refine their effectiveness.

U.S. States Fall Victim

In October 2022, a DDoS cyberattack took down dozens of state government websites including those of Connecticut, Colorado, Mississippi, and Kentucky. The Russian hacking collective Killnet took responsibility for this. Killnet has claimed responsibility for numerous DDoS attacks on the U.S. and other countries, and the group appears to be politically rather than financially driven. In this instance, the hackers posted offensive slogans and images designed to offend the sensibilities of American visitors to these sites. Other states targeted in this operation were Florida, Alaska, Delaware, Indiana, Hawaii, Idaho, Alabama, and Kansas.

A few days later Killnet struck again, hitting airports such as Chicago O’Hare and Los Angeles International with a series of DDoS attacks that temporarily took their websites offline. Incidents such as these reduce the public trust in organizations that fall victim to them, and disruption in government services may lead to civil unrest and change public perceptions of war, causing local people to question why they’re paying the price for a foreign conflict.

Costa Rica Targeted Multiple Times

On April 17, 2022, approximately 30 government institutions in the Central American country of Costa Rica were targeted by a massive ransomware attack. Among the many targets were the Ministry of Finance; the Ministry of Science, Innovation, Technology, and Telecommunications; the Ministry of Labor and Social Security; and the Costa Rican Social Security Fund (CCSS). Pro-Russian hackers called the Conti Group claimed responsibility and demanded a $10 million ransom, threatening to release sensitive information that included private citizens’ tax returns if the ransom was not paid.

The Costa Rican government was forced to shut down computer systems used to control imports and exports and collect taxes. Losses in the private sector were estimated at around $30 million per day. Overall, this attack consisted of not only ransomware but also the theft of emails and the defacement of webpages. Even the country’s official Twitter account was hacked.

Then on May 31, 2022, the CCSS was targeted by the Hive Ransomware Group—a ransomware as a service (RaaS) operation—forcing that institution to shut down key systems that stored sensitive medical information and a website used to collect insurance fees. The ransomware hit at least 30 of approximately 1,500 government servers. According to reports at the time, some CCSS employees were forced to turn off their computers when office printers started returning documents that were unintelligible. Dark web messages posted by Conti suggested they intended to overthrow the Costa Rican government via these cyberattacks.

Learn More

There remains debate among security experts on what specifically constitutes cyberwarfare, but one thing is clear: the results of an adaptive DDoS attack are devastating, whether they target governments or businesses. NETSCOUT just released our fifth anniversary DDoS Threat Intelligence Report, “Unveiling the New Threat Landscape,” with findings from the second half of 2022. You’ll find this detailed report useful when considering your current defenses against DDoS attacks and other types of cybercrime.

Check out the latest NETSCOUT Threat Intelligence Report.