The national Computer Emergency Response Team for Ukraine, CERT-UA, has warned of an ongoing distributed denial of service (DDoS (opens in new tab)) attack against.
The scripts are injected into the HTML structure of the site’s main files, and are encoded with base64 encryption to remain out of sight. Therefore, whenever someone visits the site, their extra computing power is used to create a large number of requests against target URLs.
Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022 (opens in new tab). Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey (opens in new tab) to get the bookazine, worth $10.99/£10.99.
In effect, the website visitors are the bots flooding Ukrainian sites with too much traffic for the servers to handle, resulting in the denial of service.
The worst part is, apart from a barely noticeable performance issue on the visitor’s endpoint, the attack is almost impossible to spot.
Some of the websites targeted include:
Allegedly, these websites have “taken a strong stance in favor of Ukraine” in the ongoing war with Russia, which is why they were targeted.
"To detect similar to the mentioned abnormal activity in the log files of the web server, you should pay attention to the events with the response code 404 and, if they are abnormal, correlate them with the values of the HTTP header 'Referer', which will contain the address of the web resource initiated a request," CERT-UA said.
At press time, there were 36 websites confirmed to be carrying the malicious code.
- Defend your premises with the best antivirus solutions around (opens in new tab)
Via BleepingComputer (opens in new tab)