- Several important government websites such as the Italian Senate, the House of Lords, and the Ministry of Defense were attacked by cyberattacks, and the websites were inaccessible for at least 1 hour;
- Italian CERT issued an early warning that the attack used a new DDoS technique of “slow HTTP”, which is difficult to resist with traditional defense measures and requires targeted treatment;
- The pro-Russian hacking group Killnet claimed responsibility for the attack.
Italy’s Computer Security Incident Response Team (CSIRT, similar to the national CERT) has warned of a number of recent DDoS attacks targeting important Italian government websites.
DDoS (Distributed Denial of Service) is a common cyber-attack designed to exhaust the available resources on a server so that it cannot respond to normal user requests and the website it is hosting on cannot be accessed properly.
Table of Contents
Several important government websites in Italy are down
Italy’s Ansa news agency reported that on May 11, local time, several important government websites such as the Italian Senate, the House of Lords, and the Ministry of Defense were attacked by a network. The websites were inaccessible for at least an hour. Websites of the Institute of Health, the Italian Automobile Club, and others.
The pro-Russian hacking group Killnet claimed responsibility for the attack. Previously, they had also launched similar attacks on Romanian portals and Bradley International Airport in the United States.
In response to news reports of a DDoS attack in Italy, the Killnet gang posted on its Telegram channel that further attacks are likely in the future.
A member of the Killnet representative declared on Telegram, “Our ‘corps’ are conducting military cyber exercises in your country, aimed at training and improving attack skills. This is similar to what your country is doing – Italians and Spaniards are also learning in Ukraine. Fight. Our ‘Legion’ is destroying your servers!”
“Please note that the current stage is just training. Stop yelling and posting about the attack on the Senate. I can guarantee that our cyber forces will soon complete their training within Italian territory and continue to operate. Offense. It’s all going to come hard, come fast.”
Current defenses struggle against slow HTTP tactics
The CSIRT explained in the announcement that malicious hackers used so-called “slow HTTP” technology in their attacks on the country’s government, ministries, parliament, and even the military’s websites.
This technique sends an HTTP request to the webserver one at a time, but either sets an extremely slow transfer rate for the request or deliberately sends an incomplete request, causing the server to wait for the next request.
The server first detects incoming traffic and then allocates resources dedicated to waiting for the remaining data. When there are too many such requests, the server becomes overwhelmed and can no longer accept any other connections, ultimately rendering the site unreachable.
“This attack is more effective when using POST requests because these requests send large amounts of data to the webserver at the same time,” the CSIRT said.
The CSIRT called “slow HTTP” a relatively rare type of DDoS attack, and warned existing defenses would be ineffective if system administrators didn’t take action.
“For the several DDoS attacks against domestic and international targets discovered since May 11, we found that they are different from the conventional Type 1 capacity exhaustion attacks. Due to the limited bandwidth actually occupied, it is impossible to exploit the commonly used DDoS attacks on the market. protection system against it.”
The CSIRT has shared possible ways to mitigate such attacks in an announcement.
In the information age, as long as data is generated, data security is always a topic worthy of attention. No matter what organization it is, government, enterprise, hospital, or school, all need data backup and protection. Now the more advanced data protection technology is virtual machine backup, like Xenserver Backup, VMware Backup, Hyper-V Backup and etc. Every business or organization should pay attention to data security and be prepared for data disasters so that less cyberattack news can be found.