Massive DDoS attacks take the West African nation of Liberia temporarily offline
Mirai botnet attacker said to be testing denial of service attacks, with the attacks of a short duration but massive in size, forcing websites hosted in-country to go offline
They are at it again. Another DDoA attack utilizing the Mirai-based botnet has targeted the West African nation of Liberia, reportedly taking much of the nation offline. Mirai is open-source malware that turns computer systems into remotely controlled “bots”, this is targeting Internet of Things devices, creating the denial of service attack.
Two weeks ago a similar cyberattack targeted Dyn, the company that manages DNS service.
Why someone would want to do this is, of course, unknown. Possibly the perpetrators are doing this on assignment.
“Over the past week we’ve seen continued short duration attacks on infrastructure in the nation of Liberia,” Kevin Beaumont wrote on Medium. “Liberia has one internet cable, installed in 2011, which provides a single point of failure for internet access. From monitoring we can see websites hosted in country going offline during the attacks — additionally, a source in country at a Telco has confirmed to a journalist they are seeing intermittent internet connectivity, at times which directly match the attack. The attacks are extremely worrying because they suggest a Mirai operator who has enough capacity to seriously impact systems in a nation state.”
Just yesterday, it was reported that the the National Health Service’s Lincolnshire and Goole trust had to cancel surgeries when a virus infected its electronics system on Sunday.
“A virus infected our electronic systems on Sunday October 30 and we have taken the decision, following expert advice, to shut down the majority of our systems so we can isolate and destroy it,” it said on the trust’s website. “All planned operations, outpatient appointments and diagnostic procedures have been canceled for Wednesday, Nov. 2 with a small number of exceptions.”
Some tech and hacker sites speculated that the culprit was ransomeware, thought I have not seen confirmation of that.
“According to a recent report by Intel Security, the healthcare sector is experiencing over 20 data loss incidents per day related to ransomware attacks. The company said it identified almost $100,000 in payments from hospital ransomware victims to specific bitcoin accounts so far in 2016,” Brian Krebs said on his website, KrebsonSecurity.
“As dependent as healthcare systems are on computers and information technology, the notion that a computer virus could result in bodily injury or death is no longer the stuff of Hollywood movie scripts. Unfortunately, the healthcare industry is for the most part still catching up in its ability to anticipate, prevent and respond to these types of cyber attacks,” Krebs said.
Quite frightening is that many observers believe those behind the attack in Liberia, and the Dyn attack are merely testing methods.
“As of 1PM today UK time, the botnet continues to intermittently attack Liberia telecom providers who co-own the submarine cable,” Beaumont said. “Monitoring is continuing of the botnet, but so far it appears they are testing denial of service techniques.”