A Russian-affiliated hacktivist group known as KillNet has been observed targeting healthcare applications hosted using Microsoft Azure infrastructure for over three months.
The tech giant revealed details of its new campaign in an advisory published on Friday. In November 2022, he saw 10-20 attacks, and in February 2023, he saw 40-60 attacks daily, according to the Azure Network Security team.
“When we tracked attack statistics over the same time period, we found that DDoS attacks on healthcare institutions did not exhibit very high throughput,” reads a technical article from Microsoft.
“There have been some attacks reaching 5M packets per second (PPS), [the] The majority of attacks were below 2M PPS. While these attacks are not extremely common, they can bring your website down if it’s not protected by network security services. ”
The tech company also observed various multi-vector Layer 3, Layer 4, and Layer 7 DDoS attacks.
Learn more about DDoS attacks here: 2022: DDoS Year-in-Review
“In contrast to the overall DDoS attack trend in 2022, where TCP was the most common attack vector, 53% of attacks against healthcare were UDP floods, with TCP accounting for 44%. Health care ‘and read the recommendations.
In terms of healthcare organizations targeted in these attacks, according to Microsoft, KillNet’s primary targets were pharmaceuticals and life sciences (31%), followed by hospitals (26%), health insurance/medical services, and care (31%). 16% each). Geographically, most KillNet attacks originated from the United States, Russia, or Ukraine.
“These attacks were successfully mitigated for customers enrolled in the Azure DDoS Network Protection and Web Application Firewall service,” Microsoft said.
At the same time, the Azure Network Security team noted that KillNet could easily disrupt websites and apps if not properly protected through the use of DDoS scripts, stressors, botnets and spoofed attack sources. I warned you.
The tech giant’s advisory comes months after KillNet hacktivists reportedly targeted and brought down the websites of several hospitals in the United States and the Netherlands.
