Russian hackers use a new DDoS-as-a-Service to hit medical institutions in nine countries as a sign of retaliation for providing military aid to Ukraine.
Politically motivated cybercrime groups are nothing new, but rare are the cases when hacktivists target industries as sensitive as healthcare. A relatively new clique that recently wrought havoc in this sector couldn’t care less. On January 27, pro-Russian hacktivists used an emerging DDoS-as-a-Service platform to mount a series of attacks on medical organizations across the United States and Europe.
According to researchers at Radware, the crooks’ reasoning appears to boil down to vengeance for sending tanks to Ukraine. The theory about this utterly wicked display of protest is, in part, evidenced by the fact that the countries in the criminals’ spotlight are the ones that had previously expressed consent to assist in Ukraine’s fight against the unprovoked invasion by the neighboring state. Specifically, the European institutions that found themselves on the receiving end of this incursion are based in Finland, Germany, the Netherlands, Norway, Poland, Portugal, Spain, and the UK.
The DDoS-as-a-Service platform that set these incidents in motion is called “Passion”. First seen in several website defacement attacks against small orgs in Japan and South Africa that took place in early January this year, it is being advertised on Russian-language Telegram channels as a turnkey network flood toolkit that harnesses a botnet of numerous breached IoT devices.
One of the things that makes “Passion” stand out is a broad range of options relating to denial-of-service vectors, duration, and volume of the traffic to be thrown at a victim. The available onslaught techniques at the disposal of “customers” include HTTPS Mix, DNS L4, TCP-Kill L4, Mixamp L4, OVH-TCP L4, and several other less widespread ones.
Affordable subscription is another hallmark of this DDoS-as-a-Service offering. The price for one week is 30 USD, the monthly fee is 120 USD, and the annual plan is worth 1,440 USD – all payable in Bitcoins, Tether, and the QIWI payment service popular in Russia. These ridiculously low rates, combined with the wide choice of features and customizations, make “Passion” a one-stop attack instrument even for wannabe threat actors, let alone seasoned black hats who are up to no good.
In light of the escalating threat, which spans attempts to knock computer networks offline or extort organizations via what’s called Ransom DDoS (RDoS), companies and nonprofits need a plan B that kicks in whenever a malicious traffic flood strikes their digital infrastructures. This isn’t a “reinventing the wheel” type of thing. The battle-tested way is to use a DDoS mitigation service like Cloudflare that disperses rogue traffic packets across a global network of servers, thereby mitigating the impact.