NoName DDoS attacks have been a clear and present threats to pro-Ukraine nations for a year.
This time, the Pro-Russian hacker group has listed government websites from Italy, the United Kingdom, and France as victims on its website. The Cooperative Credit Bank of Rome, BCC Roma, was also attacked, leaving its website inaccessible.
The other targets of the NoName DDoS attacks were the websites of London City Airport, and the authorization service on the website of the Italian Federation of Cooperative Credit Banks Credito Cooperativo.
NoName DDoS attacks: The latest list
The website of BCC Roma, transport and travel company Cars Olivier, France, and the local government association LGA, UK were among the targets of NoName.
The portal of the Alnwick City Council, UK, the electronic identity card of Italy, and the website of the Supreme Judicial Council of Italy were the other names on its website.
This is the latest in the stream of cyber attack BCC Roma has been facing.
The noted one was in 2021, when BCC Roma suffered a massive cyber attack impacting over 188 branches. According to reports, the hacker group DarkSide had claimed responsibility for the BCC Roma cyber attack.
While most of the websites were accessible at the time of writing, the portals of the Alnwick City Council, UK, and the website of the electronic identity card of Italy remained inaccessible at the time of publishing this report.
The Cyber Express has reached out to the listed organizations for comments on the security incident. We will update this report as we receive their response.
NoName DDoS attacks and the larger picture
The Cyber Express has detected a clear pattern of attacks on organizations in Italy over the past one year.
What spiked since March 2022 following the Russian invasion of Ukraine continues to rise, as cyber criminals have started cashing in on the attacks and data leaks by state-sponsored actors.
NoName topped the list of attackers.
The pro-Russian hacker group is notorious for launching Distributed Denial of Service (DDoS) attacks to halt or crash networks with a flood of requests. The group targets government, telecommunications, and transportation websites, among others.
The NoName hacker group has been spotted in action since June 1, 2022, targeting organizations of importance, from government bodies and ministries to transportation and even parliaments.
“The group reacts to evolving political situations, targeting pro-Ukrainian companies and institutions in Ukraine and neighboring countries, like Estonia, Lithuania, Norway, and Poland,” a report by digital security and privacy firm Avast read.
Success ratio of NoName DDoS attacks
“According to Avast’s research, the group has a 40% success rate, and companies with well-protected infrastructure can withstand their attack attempts. The research also found that 20% of the successes claimed by the group may not be their doing,” the report said.
They initially targeted the Ukrainian websites of local governments, utility companies, and arms and ammunitions manufacturer, among others. They do so by infecting systems that are unpatched to gain initial access. They also employ botnet-as-a-Service including the Redline stealer to steal system and user data.
With the increase in the number of cyber attacks by the NoName hacker group, Avast researcher, Martin Chlumecky, stated that there were several thousand ‘Bobik’ bots in the wild, considering the effectiveness and frequency of attacks. The group has been found to use the Bobik malware which acts as a bot.
They are suspected to have their command-and-control server in Romania including two others in Romania and Russia that are now defunct.
The bots are programmed to target entities via a form in an XML configuration file. This file gets an update thrice a day for the bot to launch cyber attacks. The attacks suspend activities of the servers from a few hours to days in a row.
Mitigation techniques to NoName DDoS attacks
Mitigation against NoName’s DDoS attacks requires extended cloud protection tools and specialized software to detect the flood of traffic seconds before it could hit the servers. In some cases, certain antivirus software proves successful in detecting threats that can be used by organizations.
A good and essential cyber hygiene practice to avoid threats is not opening phishing emails that are specially crafted to look like urgent communications from legitimate government organizations.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
