November 1, 2024 at 07:08AM
Recent cyberattacks orchestrated by the pro-Russia group NoName057(16) targeted multiple UK councils, rendering websites inaccessible. Affected authorities included Bradford, Eastleigh, and Salford. The attacks stemmed from the UK’s support for Ukraine. Although confirmed attacks were limited, there are ongoing concerns about the psychological impact of such DDoS efforts.
### Meeting Takeaways:
1. **Cyber Attacks Overview**:
– Multiple councils in the UK faced website outages due to coordinated DDoS attacks by the pro-Russia hacktivist group NoName057(16), which began on Tuesday of the week.
2. **Impacted Councils**:
– Notable councils affected included Bradford, Eastleigh, Keighley, Salford, Tameside, and Trafford. Eastleigh and Trafford remained offline for an extended period, while Salford’s site returned with issues on Wednesday.
3. **Additional Targets**:
– Other organizations, including small banks and Premier League club Tottenham Hotspur, were also targeted. Tottenham Hotspur’s site returned an Error 500.
4. **Motivation Behind the Attacks**:
– The attacks were attributed to the UK’s renewed support for Ukraine, referencing outdated news stories for justifying the targeting of councils.
5. **Confirmation of DDoS Attacks**:
– Only Hastings and BCP explicitly confirmed DDoS attack causation for their outages. Councils did not disclose detailed technical issues but acknowledged connectivity problems.
6. **NCSC Involvement**:
– The National Cyber Security Centre (NCSC) confirmed its support to affected councils, recommending familiarity with Denial of Service prevention guidance.
7. **Continued Issues**:
– Salford council reported ongoing website issues, while Middlesbrough attributed their outage to suspected hacking.
8. **Expert Opinions**:
– Security expert Kevin Beaumont suggested that technical failures in infrastructure also contributed to the outages, pointing to specific service limitations.
9. **Public Response and Future Mitigation**:
– Councils are working on securing their systems against future attacks, but the overall psychological impact of DDoS attacks remains significant despite their minimal operational disruption.
10. **NoName Group Overview**:
– The NoName group maintains active communication via Telegram, numbering over 77,000 followers, promoting its automated DDoS tool, and frequently updating members on targets based on perceived anti-Russian sentiment.
11. **Historical Context**:
– Comparisons were made to previous groups like Killnet, with insights from the FBI suggesting the limited long-term effects of such DDoS campaigns, which focus more on psychological intimidation than tangible disruption.
Overall, the meeting highlighted ongoing cybersecurity challenges faced by local authorities in the UK, particularly concerning pro-Russia hacktivism, while underscoring the importance of preventative measures and public communication in the face of such threats.