Hackers are crippling the police and ministries. Attacks by detour through American data centers

The majority of attacks are still from Russia, this is evident, among other things, from the regular monthly analysis of the ComSource company, according to which the number of attacks on Czech companies increased threefold in February. Attacks have moved from brute force to efficiency over time. Attackers mainly target applications and attack directly at the source in data centers, rather than using large numbers of Internet connections.

“This is also why the most intensive attacks in February were directed from the USA, where there are a huge number of data centers in which the attackers obviously managed to rent space. On the contrary, most of the attacks came from Russia, which were more of a widespread attack on the infrastructure,” says Jaroslav Cihelka, cyber security expert and co-owner of ComSource.

The last time she became a victim of police hackers was on March 17, her website was down for several hours. “According to preliminary information, this is a DDoS attack,” the police said on the X network. The same happened to the Ministry of Labor and Social Affairs in January. The website, where people handle applications for social benefits, among other things, was down for at least two hours.

The Czech Republic experienced a major attack on infrastructure in October, when it hosted the International Crimean Platform, at which Ukrainian President Volodymyr Zelenskyi, among others, also spoke online. In this context, a pro-Russian hacker group claimed to attack eight Czech websites on Telegram, the websites of the Senate, the Ministry of the Interior or the Government Office were not working.

The attacks had several points in common: the website was down for several hours, the attacks did not leak any sensitive data, and despite warnings, they could not be prevented.

The editors of iDNES.cz asked cyber security experts why the state cannot defend against DDoS attacks. Most of them agreed that the biggest problem is the lack of money and the quality of IT workers.

“A key problem for the state sector is low competitiveness in recruiting IT and cyber security specialists due to a general lack of people in the field,” says Martin Chlumecký, malware researcher at Avast. According to him, another problem is the fact that the state does not have a concept in the use and demand of security systems.

According to Chlumecký, each institution takes care of its own security, there is no uniform pattern for choosing suppliers or solving incidents such as a DDoS attack. “Creating a state strategy for IT security would give these institutions some guidance that would make it much easier and cheaper to implement security solutions and limit common mistakes in settings,” Chlumecký thinks.

The state has outdated technology

In addition to the lack of high-quality hackers, experts also see the problem in outdated technologies or bureaucratic processes that prevent a quick response to an attack. “Old systems can be more difficult to update and secure, which can mean that state institutions are more vulnerable to attacks,” points out Ondřej Remeš, cyber security manager at Thein Security.

But simply “pouring money” into state IT would not improve the situation. According to Jan Zmítek, a cybersecurity consultant at the company Trask, it often does not make economic sense to spend large sums for a few hours when the state’s websites are down.

“The very target of a given DDoS attack is crucial. If this is only the overloading of the server with communications and causing short-term unavailability, it is not a very fatal attack from the point of view of security risks,” explains Zmítko. He adds, however, that it is rapidly acquiring more sophisticated so-called bespoke attacks, which are already dangerous.

Like when you click thousands of tickets at the post office

A hacker attack can be ordered and bought on the Internet, just like a person orders shoes or a washing machine. The only difference is that the DDoS attack is offered anonymously, for example on the Telegram social network or on the darknet.

“Attacks will become an increasingly large problem, their implementation is extremely cheap and defense against them extremely expensive,” warns Stanislav Smolár, security manager of Soitron.

Martin Chlumecký compares basic hacker attacks to a person who comes to the post office, clicks on thousands of tickets and leaves. “Since the individual counters call the numbers sequentially, it will take a very long time for an ordinary visitor to be checked in,” the expert states.

In the case of more sophisticated attacks, it is mainly about overloading the transmission capacity. “If we continue the analogy with the post office, then it would be a question of filling up the post office’s premises, so that a new customer would not even pick up a ticket,” Chlumecký explains.

According to experts, DDoS attacks are available from a “budget” of tens to hundreds of dollars, with the price depending on the length of the attack and its intensity. Damages can cost companies or institutions up to hundreds of thousands of crowns.

According to analysts, the number of DDoS attacks has been growing rapidly in recent years, and their intensity has also increased.

“The war in Ukraine and hactivism, when the attackers’ activities are civically or politically motivated, also have a large share in this increase. These activists usually organize themselves on Telegram-type networks, where they also share their ‘successes’, especially in attacks on state institutions or banks, for example,” explains Vladimíra Žáčková, cyber security specialist at ESET.

Marketing events, discounts and VIP services

Miloslav Lujka from the cybersecurity company Check Point Software Technologies added to iDNES.cz that hacktivist groups want to cause chaos, intimidate and show their power.

“And also cause damage. If any website is down, it’s a problem, people don’t get access to information and services, costs go up, and the impact on the organization’s reputation is hard. But first of all, the attackers are simply trying to get media attention,” commented Lujka.

According to him, a DDoS attack with sufficient force is often successful, whether for minutes or hours, and that’s exactly what these hacker groups are good at. “The DDoS attack itself is not used for data theft or other espionage activities, but only overwhelms and overloads targeted services or websites. But at the same time, it can sometimes be a smokescreen that diverts attention from other, far more serious attacks,” he added.

According to him, the increase in incidents is also related to the phenomenon of cybercrime as a service. Indeed, the largest hacktivist groups rent out their botnets (internet robots note ed.). “Anonymous Sudan, for example, boasts that the InfraShutdown botnet is capable of paralyzing even the services of large multinational companies. And we also see traditional marketing events, discounts and VIP services,” explains the expert.

For example, they recently offered a special promotion for $500 an hour and the ability to use the InfraShutdown botnet to attack ISPs.

“Another Godzilla botnet can be rented for a week for $500 or a month for $2,500. So, unfortunately, amateurs without technical knowledge can do similar attacks with the power of large groups. Similarly, virtually any other threat and attack type can be purchased. And cybercriminals can then pay for their other activities, including hacktivist attacks,” added Lujka.