KillNet’s Malicious Call to Action Takes Airport Websites Offline
Pro-Russian hackers knocked several U.S. airports offline earlier this week, and the attack is being called everything from a publicity stunt to a malicious call to action to a possible hint of bigger things to come.
Using denial-of-service attacks, the group Killnet essentially blocked access to 14 airport websites including Los Angeles International Airport (LAX), Hartsfield-Jackson Atlanta International Airport and Chicago O’Hare International Airport.
“At this time, it is unknown how successful these attacks were, but KillNet attacks are known to take websites down for short periods,” said Ivan Righi, senior cyberthreat intelligence analyst at Digital Shadows. “The attacks began with a DDoS attack on the Chicago O’Hare International airport, where the group stated its motivation to target ‘American’s civilian network sector,’ which the group deemed to be not secure. KillNet’s targeting of the U.S. and its critical sectors is not surprising.”
Although airport operations were not affected and the websites were brought back up quickly, the attacks were seen as a warning sign that pro-Russian forces have ramped up their attacks on targets opposed to Russia’s invasion of Ukraine. KillNet, in fact, claimed responsibility for attacks on organizations affiliated with NATO countries.
“It was a PR stunt that had almost zero impact. We should expect very few of these in the future—even with the best efforts by the hackers, the attack caused virtually no disruption and there was no money to be made, the latter being the number-one motivator for most hackers,” said Token CEO John Gunn.
Andrew Hay, COO at LARES Consulting, agreed, pointing out that “there was no vulnerability exploited” and that “the attackers simply overwhelmed the servers by flooding the sites with garbage requests—exhausting the server’s resources. Many of the targeted organizations are already utilizing anti-DDoS content delivery networks (CDNs) to mitigate attacks of this nature,” he said, the CDN infrastructure just couldn’t handle the flood of requests.
Still, organizations should be on high alert, security experts said, as the hacktivist group implored others to join in. “KillNet announced attacks on multiple airports in the U.S.. The group also asked its supporters to join in on the attacks, posting a list of domains to be targeted on its Telegram channel,” noted Righi. “In total, the group mentioned 49 domains belonging to airports all across the country.”
That should alarm most companies and agencies. “This malicious call to action is a great example of why organizations need to be ever-vigilant in their cybersecurity operations,” said Craig Burland, CISO, Inversion6. “A focus on cybersecurity isn’t only for when the auditor is coming or after a breach. It’s a 24x7x365 responsibility that we must all own and embrace.”
Burland added that companies “don’t take days off from things like workplace safety or legal due diligence,” and that “Cybersecurity is no different, especially as we collectively face organizations like KillNet.”
Righi said considering KillNet’s past activities, he expects the group’s attacks “will likely continue.”