The National Cyber Security Centre Finland’s weekly review – 38/2023

Topics covered in this week’s review

• Denial-of-service attacks are contemporary information influence activities
• Join the results seminar of the Ketjutonttu campaign on 5 October 2023 at 14:00!
• Microsoft report details cyber activity trends in East Asia

Denial-of-service attacks are contemporary information influence activities

Denial-of-service attacks involve driving large amounts of traffic to websites or online services. For regular users, this usually results in the website or service becoming inaccessible or working very slowly. A denial-of-service attack is a simple but flashy attack technique. They are also often covered by media outlets. In most cases, denial-of-service attacks do not cause any visible effects for users, and even at their worst, they usually result in nothing more than short service interruptions.

Nowadays denial-of-service attacks are especially common as a form of hactivism. Hacktivism is cyber crime that is motivated by a political agenda instead of money. For hacktivists, denial-of-service attacks are a way of expressing discontent in a political decision or other activities and influencing the surrounding information environment. After all, even short service interruptions can increase distrust among the targeted party’s customers or stakeholders. Hacktivism has been increasing recently, especially following the Russian invasion of Ukraine in 2022. Both pro-Russian and pro-Ukrainian hacktivist groups have carried out denial-of-service attacks as part of their information influence activities.

In September, Traficom was one of the parties targeted by pro-Russian hacktivist group NoName, which carried out denial-of-service attacks on the traficom.fi website on both 7 and 18 September. As a result of the attacks, Traficom’s online services experienced some temporary disruptions before the attacks were successfully thwarted. The group also carried out attacks on several other Finnish logistics sector actors at the same time. On their Telegram channel, the group announced that the attacks were motivated by Finland’s recently imposed ban on the entry of Russian-registered cars. The case is a typical example of contemporary hactivism, in which a political decision is protested by way of a denial-of-service attack.

Carrying out and communicating about cyber attacks also serve as ways of demonstrating cyber capabilities to the global audience. NoName’s communication channels are a good example of this, as the group uses them to not only advertise successful denial-of-service attacks, but also spread pro-Russian propaganda and post hate speech denouncing western and liberal values. In addition to propaganda and recruitment notices, the group also regularly post cryptocurrency donation requests on their channels, so they are also financially motivated to continue their operations and bolster their reputation.

Read more about denial-of-service attacks:

Instructions – Denial-of-service attack (PDF, 1.66 MB)
Denial-of-service attacks are on the rise – the impact is minor
Interruptions in online services are common and usually harmless

More information about the hactivist group NoName:

What's in a NoName? Researchers see a lone-wolf DDoS group (External link)
Following NoName057(16) DDoSia Project’s Targets (External link)

Join the results seminar of the Ketjutonttu campaign on 5 October 2023 at 14:00!

Come and join the open results seminar of the Ketjutonttu campaign, which will be held on 5 October 2023 at 14:00–16:00!

Ketjutonttu is part of the Tonttu series of feasibility study projects organised by Traficom’s National Cyber Security Centre Finland. The aim of the Ketjutonttu project is to help Finnish companies and their suppliers identify interdependencies and manage cyber risks in their supply chains. The campaign has provided the suppliers of participating organisations with a free-of-charge information security check based on open data sources. In addition to this, suppliers were provided with assistance for implementing fixes. The Ketjutonttu campaign is funded by the National Emergency Supply Agency, and the service is provided by the Finnish company Badrap Oy.

In the webinar, we will go over the results of the campaign, hear participants’ experiences of Ketjutonttu during a panel discussion and explain how the cooperation carried out under the campaign helped improve the information security of Finnish supply chains at both the national and global level.

You can find the invitation to the webinar and a participation link here (in Finnish): Results seminar of the Ketjutonttu campaign 5 October 2023 at 14:00–16:00

Microsoft report details cyber activity trends in East Asia

Microsoft recently issued a new report entitled “Sophistication, scope, and scale: Digital threats from East Asia increase in breadth and effectiveness” as part of an ongoing series of reports on the threat posed by influence operations and cyber activity, identifying specific sectors and regions at heightened risk.

The topics covered by the report include cyber espionage and influence operations by China-affiliated actors and intelligence gathering and procurement of cryptocurrencies by North Korea. The report also looks toward anticipated future actions from China and North Korea in the months ahead, as increasing geopolitical tensions fuel new threat priorities.

Read more: China, North Korea pursue new targets while honing cyber capabilities (External link)