DDoS attacks are becoming more complex and also far more prevalent in each passing year. It is one of the few attacks that can be effectively utilized by script kiddies and black hat hackers alike. Popular targets for DDoS have always involved government entities, be it a single country or an international body. The latest international organization to be hit came on Nov. 24, when the European Commission was targeted by a DDoS attack.
As reported by Politico, in the afternoon of Nov. 24, European Commission servers began experiencing “millions of requests” for website access, which then alerted the EC’s IT team. Additionally the network gateways at the European Commission — which is the executive body of the European Union — came under an attack that effectively cut Internet access for all employees. The incident was handed over to CERT-EU for greater study of the attack and its origins.
The DIGIT team at the European Commission has more or less eliminated the effects of the DDoS. Their goal now is to prevent future attacks, although additional hits are likely. There was no data breach, so to call this a “hack,” as the news media described it, is slightly incorrect. What this DDoS could have been is a preparation for an actual attempt to breach the EC network. At this point, however, this is simply conjecture.
Cyber forensics have not revealed anything about the threat actors, so motivations for this DDoS are still unknown. What is known is that the attack was successful, and defenses must be bolstered to help prevent another incident. What was concerning about this attack was how the European Commission responded to the media. I mentioned earlier that Internet access was down for employees, yet this was denied by the EC in a statement to Politico. The EC claimed “the attack has so far been successfully stopped with no interruption of service.”
Statements by employees at the European Commission debunked this claim, as they reported the Internet had been shut down twice.
My only hope here is that the EU takes this incident seriously and does not naively think it now can automatically stop an attack. Just because incident response teams are now actively monitoring their network for suspicious activity does not mean they are hack-proof. Should another DDoS attack occur, it can be used as a diversion while other hackers attempt to breach the network. A massive overhaul is needed if the European Commission wishes to protect its sensitive data.
Photo credit: Amio Cajander