The Russian Government allegedly shared a list of 17,576 IP addresses that were used to target Russian organisations through distributed denial-of-service (DDoS) attacks. The National Coordination Center for Computer Incidents (NKTsKI) shared the list of IP addresses. This is an organisation created by Russia’s Federal Security Service (FSB) and both organisations worked together to defend against the attacks along with a second list where the attacker’s referrer domain information was found.
The impact
The list of IP addresses does not lead to any information on the attacker’s identity, in fact, the list of domains shows European Union and US organisations, including the sites from the FBI and CIA.
The National Coordinating Center for Computer Incidents (NCCC) are strongly advising to take measures to report threats to information security.
Many IP addresses were found to be residential internet users and they may face legal charges if their government decides to take harsh action against cyber attacks.
The remediation
DDoS defence recommendations shared by the NKTsKI include:
- Using DDoS protection services
- Restricting network traffic based on the shared referrer info
- Disabling plugins and web statistics scripts
- Using Russian DNS servers
Source: Bleeping Computer