Russia has published a list of IP addresses and domains attacking its infrastructure with DDoS attacks

Amid escalating cyberattacks, the Russian government has published a list containing 17,576 IP addresses and 166 domains, which, according to the NCC, are behind a series of distributed denial of service (DDoS) attacks aimed at internal infrastructure.

The list includes several well-known domains, such as the US Federal Bureau of Investigation (FBI), the Central Intelligence Agency (CIA) and the websites of several media publications, such as USA Today, 24News.ge, megatv.ge and the Ukrainian magazine “Correspondent”.

As part of its recommendations on countering DDoS attacks, the agency calls on organizations :

1. Take an inventory of all network devices and services operating in your organization, as well as the firewall rules that provide access to them. Restrict external access to all services and devices in ITS, except for the absolutely necessary ones.

2. Configure logging. Make sure that the logs of system security messages and the functioning of operating systems are sufficiently complete and correct, as well as access events to various services of the organization (websites, mail servers, DNS servers, etc.). In the future, this can simplify the process of responding to possible computer incidents. Make sure that the logs are collected in the required volume.

3. Use Russian DNS servers. Use corporate DNS servers and/or DNS servers of your telecom operator in order to prevent redirection of the organization’s users to malicious resources or other malicious activity. If your organization’s DNS zone is served by a foreign telecom operator, move it to the information space of the Russian Federation.

4. Perform an unscheduled change of passwords for access to key elements of the infrastructure.

5. Use complex and unique passwords to access the services of the organization, as well as the workplaces of employees.

6. Make sure that the default usernames and passwords are not used anywhere, and if they are detected, change them immediately.

7. Check the correct functioning and correct configuration of the information security tools used in your organization.

8. Update the databases of anti-virus protection tools on a regular basis.

9. Check email attachments in dynamic file analysis systems.

10. Disable automatic software updates. Install the necessary updates after analyzing the threats of exploiting vulnerabilities.

11. Disable external plugins and plug-in code elements of web pages, limit the work of the following scripts for collecting statistics on information resources:

− Google AdSense
 − SendPulse
 − MGID
 − Lentainform
 − onthe.io
 

12. Use data backup to be able to restore significant digital information processed in the organization in case of loss. Make sure you have up-to-date backups.

13. Monitor the status of the SSL certificate. When using an SSL certificate issued by a foreign certification authority, make sure that the connection to your information resource remains trusted, and the SSL certificate used has not been revoked. If the SSL certificate is revoked, prepare a self-signed SSL certificate. Distribute your certificates to those who use your services (customers, partners, etc.).

14. Use DDoS protection services.

15. To protect against DDoS attacks on network information security tools, limit the network traffic containing the values from the file in the Referer HTTP header field referer_http_header.txt .

16. To protect against DDoS attacks on network information security tools, limit network traffic from the IP addresses listed in the file proxies.txt . The IP addresses specified in it belong to proxy servers used in DDoS attacks.

17. Use remote administration tools, the operation of which is not carried out through foreign information resources.

18. Use products for secure information exchange of data using VPN technology.

19. Conduct classes with employees of the organization on information security, countering the methods of social engineering, as well as the principles of safe remote work.

20. Teach employees not to succumb to the threats of scammers demanding a ransom for data recovery. Send information about such computer incidents to the NCC for subsequent response.

That’s not all. Ukraine, which has managed to assemble a volunteer “IT army” of civilian hackers from around the world, has put forward a new set of goals, which includes the Belarusian railway network, the Russian satellite global navigation system GLONASS and telecom operators such as MTS and Beeline.

«Lone hackers and organized attackers with the necessary cyber skills can directly attack the enemy of their country or recruit others to participate in a coordinated attack“, – said the researchers Trustwave SpiderLabs. «These actions, combined with the use of special malware, can become a common tactic to weaken the country’s defensive capabilities, critical infrastructure or communication channelsand».