Warning against suspicious websites conducting DDoS attacks

The National Cyber Security Centre SK-CERT warns against the use of suspicious websites the purpose of which is to conduct DDoS attacks via a web browser targeting different websites.

In connection with the war in Ukraine, in the Slovak cyberspace there have been calls for distributed attacks on websites in Russia, using a simple web link which the “candidate” should keep open in the browser. Gradually, various modifications of this web link targeting websites in Slovakia have appeared.

Why not to click on such links:

  • possibility to execute a malicious code
  • malfunctioning of own device
  • leak of information
  • illegal activity

Clicking on unverified links can run not only the functionality promised by the web link creator. We strongly warn that such web links may also contain a malicious code, the purpose of which may be various illegitimate activities, such as stealing of passwords, personal data, device data and information, and so on. Therefore, we recommend, at least, to reconsider clicking on such links or to avoid them totally.

Clicking on a link that has poorly (or not at all) implemented power limits will overload the device so much that it becomes unresponsive (“frozen”) and will need to be restarted. A potential “damage” that such a weak device can cause on a well-configured powerful network server is negligible.

Currently, there are no records that the links mentioned above contain the malicious code. However, there is an assumption that the links, applications or services hiding the malicious code under a noble or legitimate purpose may emerge in the future.

In this case, it should not be ignored the fact that by conducting a distributed attack (for example, against websites in Russia), you provide an opportunity for the target side to use the information about the source of the attack. Consequently, your device can be compromised and used for similar DDoS attacks, just against other targets (for example in Ukraine or Slovakia). A special warning applies to employees in the public sector who by performing such activities may help to compromise their work devices.

Though, there is no need to emphasize this information, anyway, activities of a similar type may be classified in certain cases as illegal.  

How such an attack works: The principle of a web link consists in running a simple javascript, which queries specific websites and thus overloads them with requests, resulting in slowing down or a total unavailability of the target website. The URL of this link can be different, but every one just replicates the same javascript and only the target websites change.

« Späť na zoznam