A free tool aims is helping organizations defend against KillNet distributed-denial-of-service (DDoS) bots and comes as the US government issued a warning that the Russian cybercrime gang is stepping up its network flooding attacks against hospitals and health clinics.
At current count, the KillNet open proxy IP blocklist lists tens of thousands of proxy IP addresses used by the Russian hacktivists in their network-traffic flooding events. SecurityScorecard’s threat researchers developed the list following their ongoing investigation into Killnet and other network-spamming miscreants.
“DDoS attacks are relatively unsophisticated but can still cause serious damage, especially when they affect hospitals,” the security firm wrote in a recent blog about KillNet.
In late January, the Russian gang claimed responsibility for a series of these attacks that took 14 US hospitals’ websites offline. These included University of Michigan Hospitals and Health Centers, Stanford Hospital, Duke University and Cedars-Sinai. While DDoS attacks are normal they can be used to mask more intrusive actions.
This prompted the US Department of Health and Human Services (HHS) to issue a second warning [PDF] about the threat KillNet poses to the health-care sector. This was the department’s second such security alert in as many months.
The pro-Kremlin group’s attacks — and sometimes empty threats — usually have a political bent to them. “For example, Killmilk, a senior member of the KillNet group, has threatened the US Congress with the sale of the health and personal data of the American people because of the Ukraine policy of the
Read more