Hacked WordPress sites used for Ukrainian DDoS targets
The National Computer Emergency Response Team for Ukraine, CERT-UA, has warned of an ongoing Distributed Denial of Service (DDoS) attack.
The scripts are injected into the HTML structure of the main site files and are encoded with base64 encryption to stay out of sight. Therefore, each time a person visits the site, their extra computing power is used to create a large number of queries on the target URLs.
This is because website visitors are the bots that flood Ukrainian sites with too much traffic for the servers to handle, resulting in a denial of service.
What’s worse is that, aside from a barely noticeable performance issue on the visitor endpoint, the attack is nearly impossible to spot.
Some of the targeted websites include:
Apparently, these websites have “taken a strong stance in favor of Ukraine” in the ongoing war with Russia, which is why they have been targeted.
“To detect abnormal activity similar to that mentioned in the web server log files, you should pay attention to events with response code 404 and, if abnormal, correlate them with HTTP header values ‘Referer’, which will contain the address of the web resource originating a request,” CERT-UA said.
At press time, there were 36 websites confirmed to carry the malicious code.