Some energy supply companies that were attacked
Posted: Wed Jan 22, 2025 5:20 am
In the last two weeks, the StormWall situation center has recorded many DDoS attacks on energy supply companies, agrees CEO and co-founder Ramil Khantimirov. "These attacks are complex, hackers use attack methods at the L7 level, the application level, according to the OSI model (with its help, network devices can interact with each other. - Forbes), - he continues. - Often, the protection tools used by energy supply companies cannot quickly cope with cayman islands whatsapp number database attacks of this type. This is due to the fact that the attackers use large botnets that create many "legitimate" connections from the point of view of protection, but their number per bot is small. Thus, it becomes extremely difficult to separate the attack from user traffic."
had only basic protection from the operator that provided them with communication services, explains Danylo Shcherbakov, Deputy CEO of Servicepipe, to Forbes. And until there were attacks from the IT army of Ukraine, this, according to him, was quite enough: "But when a massive DDoS began, providers saw that the basic tool could not withstand it. In order not to harm other clients, providers were forced to disconnect the attacked energy supply companies. That is, the attackers used a fairly common DDоS attack tactic, when the hoster or provider is deliberately forced to keep the attacked organization "switched off."
It is noteworthy that some organizations preventively disable their services at night. For example, when a Forbes correspondent asked what caused the interruptions in the operation of the mobile application and web resources of MosOblEIRC (a payment agent for several hundred management and resource supplying organizations) in the evening and at night, they answered: "From 23:00 to 07:00, access to the Personal Account service is temporarily limited. This is a forced temporary measure aimed at increasing the reliability of the system in connection with the possibility of destructive actions by third parties."
Selecting targets
Smart home systems are devices for recording and transmitting telemetry to consumers, servers that collect, store this data and manage devices, and interfaces for accessing them. There is a technical possibility to attack each of the components, says Qrator Labs product manager Georgy Tarasov.
"The control server to which sensors, meters and other smart devices are connected can be hosted by the management company with a connection through the "last mile" operator or by the telecom operator itself," explains Tarasov. "A successful DDoS attack on the resources of a local telecom operator can lead to the loss of access to smart home servers for all of their subscribers, which could be houses, residential complexes or entire enterprises." That is, the operator may not receive the telemetry and signals from devices about errors or failures it needs, make a decision and countermeasures based on this data, and consumers risk losing control through their personal accounts and applications. Taken together, this is "the most serious risk," says Georgy Tarasov: "Why attack one client if you can attack a server that has hundreds or thousands of clients?"
Thus, hackers have serious reasons to attack small regional providers, experts explain. Home Internet providers provide Internet in apartment buildings, essentially "reaching with a cable" to each apartment, explains Daniil Shcherbakov. According to him, these providers often provide channels for collecting information between energy companies and the end consumer, as well as managing it: "The widespread use of so-called smart meters, which allow you to regulate, for example, heat consumption directly at the facility and save significantly, may be one of the reasons for massive attacks on home Internet providers by hacktivists. Unavailability of provider services or even failures in operation can lead to incorrect collection of telemetry and operation of smart meters, which, in turn, can entail very negative
had only basic protection from the operator that provided them with communication services, explains Danylo Shcherbakov, Deputy CEO of Servicepipe, to Forbes. And until there were attacks from the IT army of Ukraine, this, according to him, was quite enough: "But when a massive DDoS began, providers saw that the basic tool could not withstand it. In order not to harm other clients, providers were forced to disconnect the attacked energy supply companies. That is, the attackers used a fairly common DDоS attack tactic, when the hoster or provider is deliberately forced to keep the attacked organization "switched off."
It is noteworthy that some organizations preventively disable their services at night. For example, when a Forbes correspondent asked what caused the interruptions in the operation of the mobile application and web resources of MosOblEIRC (a payment agent for several hundred management and resource supplying organizations) in the evening and at night, they answered: "From 23:00 to 07:00, access to the Personal Account service is temporarily limited. This is a forced temporary measure aimed at increasing the reliability of the system in connection with the possibility of destructive actions by third parties."
Selecting targets
Smart home systems are devices for recording and transmitting telemetry to consumers, servers that collect, store this data and manage devices, and interfaces for accessing them. There is a technical possibility to attack each of the components, says Qrator Labs product manager Georgy Tarasov.
"The control server to which sensors, meters and other smart devices are connected can be hosted by the management company with a connection through the "last mile" operator or by the telecom operator itself," explains Tarasov. "A successful DDoS attack on the resources of a local telecom operator can lead to the loss of access to smart home servers for all of their subscribers, which could be houses, residential complexes or entire enterprises." That is, the operator may not receive the telemetry and signals from devices about errors or failures it needs, make a decision and countermeasures based on this data, and consumers risk losing control through their personal accounts and applications. Taken together, this is "the most serious risk," says Georgy Tarasov: "Why attack one client if you can attack a server that has hundreds or thousands of clients?"
Thus, hackers have serious reasons to attack small regional providers, experts explain. Home Internet providers provide Internet in apartment buildings, essentially "reaching with a cable" to each apartment, explains Daniil Shcherbakov. According to him, these providers often provide channels for collecting information between energy companies and the end consumer, as well as managing it: "The widespread use of so-called smart meters, which allow you to regulate, for example, heat consumption directly at the facility and save significantly, may be one of the reasons for massive attacks on home Internet providers by hacktivists. Unavailability of provider services or even failures in operation can lead to incorrect collection of telemetry and operation of smart meters, which, in turn, can entail very negative