Sayers KillNet Healthcare and Educational Threat Advisory
Posted February 1, 2023 by Chris Glanden
What is Killnet?
KillNet is a pro-Russian hacktivist group currently targeting the U.S. healthcare industry. They have previously targeted this sector and is currently active in acquiring media attention for its attacks. The group is known to launch distributed denial of service (DDoS) assaults aiming to cripple systems. DDoS attacks involve sending a large number of connection requests and packets to a target server or website, slowing it down substantially.
When did it start and who is affected?
KillNet has been around for about a year. However, on Jan 28. 2023, The U.S. Department of Health & Human Services Health Sector Cybersecurity Coordination Center (HC3) identified targeted attacks to healthcare organizations nationwide including Stanford (Calif.) Health Care, Los Angeles-based Cedars-Sinai Medical Center, Charlotte, N.C.-based Atrium Health, and many more. They have also been targeting top Universities; including Stanford and Duke. Previously, they have targeted government agencies, transportation, financial and other industries.
How damaging is the attack?
While KillNet’s DDoS attacks typically don’t cause major damage, they can cause service outages lasting several hours or even days. This could cause a major impact within the healthcare sector, resulting in appointment delays, ER downtime, and ambulance diversions.
How to protect yourself from this threat?
In order to mitigate the risk of a KillNet DDoS attack, it’s important to understand your security posture, external attack surface and your security controls in place to mitigate this type threat. Upstream defenses, such as firewalls (especially Web Application Firewalls) and Cloud-based DDoS protection services, can help protect your systems and services from unauthorized access and disruption. The scaling of these controls should be considerate of the level of traffic expected from this type of attack could be significant. Review your incident response plan, as it should outline the processes to implement in the event of an attack and the steps that need to be taken to restore normal operations. Lastly, leverage monitoring and observability tools for tracking of changes and anomalies to ensure your service remains operational during high-traffic periods.
For more information, please reach out to Sayers.
Reference to affected organizations, click here.