X suffered a DDoS attack. Its CEO and security researchers can’t agree on who did it. – CyberScoop
Social media service X was hit by a series of distributed denial-of-service attacks Monday, which rendered the platform formerly known as Twitter inaccessible at times for users with intermittent outages and errors, according to researchers.
The cause of those attacks has been much harder to discern.
Elon Musk, the site’s owner, described the incident as a “massive cyberattack,” but did not provide any evidence, and threat researchers have yet to back up that claim. DDoS attacks are malicious, overwhelming targeted systems with traffic, but they do not involve unauthorized access, data theft or encryption — the hallmarks of more serious and potentially damaging cyberattacks.
“We’re not sure exactly what happened,” Musk told Fox Business in a Monday interview. “But there was a massive cyberattack to try to bring down the X system with IP addresses originating in the Ukraine area.”
While it is possible for a threat group to initiate DDoS attacks from a specific region or country, it is rare and improbable, according to F5 Labs.
“With so many compromised consumer devices all over the internet, attackers could, conceivably, cherry-pick which country they wish all attack traffic to come from,” David Warburton, director at F5 Labs, told CyberScoop.
“This seems unlikely, however, since in order to try and circumvent defenses, it’s in their interest to distribute attack traffic from all over the world,” he said.
External researchers can’t determine the originating IP addresses for the flood of malicious traffic that hit X’s servers without direct access to X’s systems.
“We don’t really know or see what X experienced,” Oded Vanunu, chief technologist and head of product vulnerability at Check Point Research, said in an email. “Only they know what and from where [it] hit them.”
Dark Storm Team, a pro-Palestinian threat group specializing in DDoS attacks, claimed responsibility Monday, according to Check Point Research. The group also backed up its claim with screenshots on Telegram and a report on Check-Host.net that captures a site’s availability at specific times, a practice that bolsters the group’s credibility.
The attacks are consistent with Dark Storm Team’s “broader goal of destabilizing prominent digital platforms and infrastructure,” Vanunu said. The group primarily targets organizations in the United States, Ukraine, the United Arab Emirates and Israel.
DDoS attack groups such as Dark Storm Team typically use botnets composed of thousands or sometimes hundreds of thousands of infected devices scattered across the globe to conduct their attacks. This makes it difficult to pinpoint any specific malicious IP involved in these attacks, Vanunu said.
Attackers also conceal the source of DDoS attacks through compromised routers and IoT devices, residential proxy networks, and the user datagram protocol, which is linked to more than 4 in 5 DDoS attacks, according to F5 Labs.
UDP allows attackers to “completely forge where the attacks appear to originate,” Warburton said. “This means that it’s possible to make all malicious traffic appear to come from one specific country when, in fact, it is likely being sent from all over the world.”
X is the fifth-most visited website globally, according to Similarweb. When a popular website is hit with DDoS attacks, the threat intelligence community often jumps at the opportunity to comment and share their insights.
Yet, six of the most qualified cybersecurity and technology companies tracking malicious activity said they had no knowledge or declined to answer CyberScoop’s questions about what caused X’s sporadic outages.
The post X suffered a DDoS attack. Its CEO and security researchers can’t agree on who did it. appeared first on CyberScoop.
–
Read More – CyberScoop
