Ukraine Was Hit by DDoS Attacks from Hacked WordPress Sites

Ukraine hit by DDoS attacks

Ukrainian Computer Emergency Response Team (CERT-UA) said that Ukraine was hit by large-scale DDoS attacks.

CERT-UA has published a report on ongoing DDoS attacks on Ukrainian websites and a government web portal.

Unknown attackers compromise WordPress sites and inject malicious JavaScript code into the HTML structure. The script is base64 encoded to avoid detection like in this picture.

Ukraine hit by DDoS attacks

The Ukrainian Government Computer Emergency Response Team CERT-UA, in close cooperation with specialists from the National Bank of Ukraine (CSIRT-NBU), has taken measures to investigate DDoS attacks, for which attackers place malicious JavaScript code (BrownFlood) in the structure of web pages and files of compromised websites (primarily those running WordPress), whereby the computing resources of the computers of visitors to such websites are used to generate an abnormal number of requests to attack targets whose URLs are statically defined in malicious JavaScript code.CERT-UA specialists reported.

The code is executed on the visitor’s computer and generates a huge number of requests in order to stop the websites from working. Cyberattacks occur without the knowledge of the owners of compromised sites and create subtle performance disruptions for users.

By the way, we talked about the State Department Offers $1 million for Info on Russian Hackers.

CERT-UA works closely with the National Bank of Ukraine to implement protective measures against DDoS campaigns and numerous previous cyberattacks. In their report, the CERT-UA team provided instructions for removing malicious JavaScript code and added a threat detection tool to scan sites for hacking.

To detect such activity in the web server log files, you should look for events with a 404 response code and, if they are non-standard, correlate them with the values of the “Referer” HTTP header, which indicates the address of the web resource that created the request.advises CERT-UA.

In addition, it is important to keep the content management systems (Content Management Systems, CMS) of the site up to date, update plugins and restrict access to site management.

We also note that it seems that the Chinese comrades do not support Russian hackers: we wrote that Chinese Mustang Panda Cyberspies Attack Russian Officials.

By Vladimir Krasnogolovy

Vladimir is a technical specialist who loves giving qualified advices and tips on GridinSoft's products. He's available 24/7 to assist you in any question regarding internet security.

Leave a comment

Your email address will not be published. Required fields are marked *