DDoS happens: Swiss cyber security in the Ukraine conflict
As a secure hosting provider, we face the challenge of preventing and defending against cyber attacks on a daily basis. A recent NCSC analysis report explains the background and impact of a politically motivated DDoS wave on Swiss organisations.
The National Cyber Security Center (NCSC) has published a detailed analysis of incidents relating to application-layer DDoS attacks on Swiss organisations and authorities in the first two weeks of June 2023.
The masterminds and the context
The report identifies the pro-Russian hacktivist group "NoName057(16)" as the perpetrator and highlights its actions. The attacks were caried out following a decision by the Swiss Parliament in connection with the War Material Act in favour of Ukraine and the announcement of an online speech by Ukrainian President Zelenskyi to the Federal Assembly. The actor focused on authorities or organisations that have a certain proximity to the Federal Administration and enjoy a high reputation among the public (e.g. the Swiss Parliament, Swiss Post Ltd and the Swiss Federal Railways SBB).
The report also addresses the geopolitical context of the war in Ukraine and the political motivation of the attackers. The technical part, both in terms of the attack and the defence, is also discussed in comprehensive detail. It comes to the conclusion that conventional anti-DDoS security strategies, which tend to be geared towards volumetric DDoS attacks, are no longer sufficient to protect against application-layer attacks (such as those perpetrated by the current actor). The NSCS believes that organisations have a responsibility to reassess their risk of DDoS attacks as part of a continuous improvement process and to make the necessary adjustments.
Protective measures, awareness and personal responsibility
As a provider of hosting services for business-critical systems, aspectra is confronted with such situations on a daily basis. Internet uplinks, routers, firewalls, WAF and other components as well as resilient application architectures are implemented for prevention. In the event of an attack, the focus is on trained staff who use checklists, experience and dialogue with other stakeholders or the NCSC to weigh up the various measures available and mitigate the attacks.
The involvement of the affected customers and their solutions is also important. The decision to take parts of an application offline globally or locally must ultimately be taken by the affected parties themselves. Accordingly, raising awareness and understanding of the impact of DDoS attacks is an issue for anyone who makes applications available on the Internet.
You can find the entire report including "Lessons Learned" here:
Downstream incident analysis DDoS attacks by NoName057(16), June 2023 (PDF, 2 MB, 02.11.2023)