ChannelLife New Zealand - Industry insider news for technology resellers
New Zealand
Guides
#
cloud services
#
cybersecurity
#
distributors
#
microsoft
#
partner programmes
Search
Story image
#
Network Security
#
Cybersecurity
#
Australian Government

Under attack: Exposing upscale hacktivist DDoS tactics

Today
By Matthew Hanmer, Regional Director, Radware ANZ

In November 2024, DDoS attackers launched a campaign targeting Australian websites.

It's not unusual for Australian sites to be on the receiving end of DDoS attacks. However, this event was remarkable, amounting to a surge of over 60 DDoS attacks on 39 different websites during the month.

The attacks targeted various sectors, including government, transportation, financial, legal, education, and insurance. The undercurrent was unmissable: it wasn't just websites in Australia but the country itself that was the target, especially its government. Somebody was making a point. A group called NoName057(16) claimed responsibility for over half the attacks, angered by the Australian government's decision to supply Ukraine with 14 small military attack boats worth over $9 million.

Geopolitical revenge

This is what happens to a country that gets on the wrong side of what is politely called 'hacktivism', but these days, it is more akin to well-organised, high-stakes digital bullying. Adding to the intrigue is the fact that NoName057(16) is avowedly pro-Russian. Starting operations in the early days of the Russia-Ukraine war, NoName057(16) has become one of the most active groups to wield DDoS for political ends, making numerous attacks against a growing list of targets.

However, NoName057(16) is only one threat actor in an expanding field that uses different geopolitical issues as a motivation to launch sophisticated DDoS attacks on Western targets. Pro-Russian hacktivist groups often seek to undermine and retaliate against nations supporting Ukraine to send a broader message of deterrence and to create public and governmental pressure within those nations.

Under attack

According to the Australian Signals Directorate's Annual Cyber Threat Report 2023-2024, 49% of the attacks recorded were on national or state government, ahead of other critical sectors such as healthcare and education on a combined 11%. The authors describe the attention the country now receives from cyber criminals as contributing to "the most complex and challenging strategic environment since the Second World War."

Within this environment, DDoS plays a central role for attackers. Cyberattacks come in many forms, but uniquely, DDoS offers attackers the ability to respond to events in real time. A country's government can make a decision that is interpreted as hostile. Within hours, a DDoS attack significant and disruptive enough to give defenders something to think about can be summoned as if it were out of nothing.
Action at Layer 7

What's essential with DDoS attacks is to look closely at the details. DDoS attacks are often characterised as overwhelming network servers with large traffic volumes. However, the latest go-to technique used by a growing number of hacktivist collectives is to target the application layer with even more sophisticated, aggressive attacks, commonly referred to as Web DDoS attacks. These upscale, high-intensity and highly randomised Layer 7 (L7) attacks disguise themselves as legitimate application requests and traffic patterns, making them much more challenging to detect and mitigate—and, therefore, very attractive for potential offenders.

Under these high connection rate attacks, malicious actors direct large HTTP requests towards a web application to overload target servers with requests. Each iteration of attack waves can last from minutes to hours, some reaching multi-million requests per second (RPS).
To make their jobs easier, cybercriminals are using newer Web DDoS attack tools. This includes tools like Blood, MHDDoS, MegaMedusa and others, which not only support Layer 3 and Layer 4 network DDoS attack vectors and Web DDoS but also provide mitigation bypass techniques such as header randomisation, CAPTCHA solving, IP spoofing, proxy support and more.

A DDoS defence

All of this makes Web DDoS attacks particularly difficult to mitigate for conventional DDoS mitigation tools. Detecting Web DDoS attacks requires decryption and deep inspection into the L7 traffic headers, which network-based DDoS protection solutions weren't built to do. Standard on-prem or cloud-based web application firewalls fail to keep up with their scale and randomisation. Also, rate-limiting techniques have a significant adverse effect on legitimate traffic.
Successfully defending against these attacks requires a solution that can adapt in real time to the attacks as they evolve. The solution should include behavioural-based algorithms with advanced learning and auto-tuning capabilities to detect and surgically block L7 DDoS attacks without disrupting legitimate traffic.

The evolving threat

Cyberspace is no respecter of size or importance, even that of whole countries. Modern DDoS attacks reflect this reality. What counts is to grasp that these evolving attacks are not going away soon.

Nor should the term hacktivism cause us to underestimate the threat they pose. Countering them with capable DDoS mitigation solutions must be a priority.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
TechDay continues expansion with 16 site launches in US & Canada
Arctic Wolf finalises acquisition of BlackBerry’s Cylance
Italy bans DeepSeek AI over data security concerns
Ben Henshall appointed SUSE GM for Australia & NZ
Trellix partners with NEXTGEN to boost cybersecurity in ANZ
Top stories
Securing Auckland City Mission’s future with Gallagher Command Centre
Freshworks appoints Subramanian to lead product management
Dynatrace unveils AI, security, & developer tools update
Report finds ransomware exploits in OT devices rising
Adobe unveils AI-powered contract insights in Acrobat AI