May 16, 2022

Italian govt websites hit by DDoS attacks

Italy's Computer Security Incident Response Team (CSIRT) has disclosed recent DDoS attacks against crucial government sites in the country over the past couple of days.

Pro-Russian hackers Killnet claimed responsibility for the cyberattacks and are the same group that launched similar attacks against Romanian portals and the Bradley Airport in the US.

In response to news stories about the DDoS attacks against Italy, Killnet published a message to Telegram stating that further attacks may be coming in the future.

Our Legion conducts military cyber exercises in your countries in order to improve their skills. Everything happens similarly to your actions - the Italians and the Spaniards are going to learn how to kill people in Ukraine. Our Legion is learning to kill your servers!
You must understand that this is training. Don't make too much noise, I'm sick of the amount of news about attacks on the Senate. I give you my word of honor that our cyber army will soon finish training in your territory, and we will go on the offensive. It will happen suddenly and very quickly.

As part of the announcement, CSIRT explained that the attacks on the country's government, ministry, parliament, and even army websites, used the so-called "Slow HTTP" technique.

This method is based on sending one HTTP request at a time to webservers but sets the request at a very slow transmission rate or makes it incomplete, leaving the server waiting for the next request.

The server detects the incoming communication and allocates resources dedicated to waiting for the remaining data. When there are too many of these types of requests, the server is overwhelmed and cannot take any more connections, making the site inaccessible.

CSIRT characterizes "slow HTTP" as an unusual type of DDoS attack, warning system administrators that their existing defenses may not be effective if they are not targeted towards the attack.

With regard to the recent DDOS attacks that occurred starting from 11 May last against national and international subjects, it was found that they were carried out using techniques that differ from the most common DDOS attacks of volumetric type 1, thus passing unnoticed to the protection systems commonly used on the market against this type of attack as they occur using a limited bandwidth.

IKEA also suffered a massive hacker attack that affected 95,000 customers.