As we can clearly see, the second wave of attacks began on May 8th and peaked on the ninth of the month. Let us clarify the definition of "attack" in this context. Arbor reported that during the course of two weeks, they recorded 128 individual DDoS attacks, of which 115 utilized a typical ICMP-flood, 4 used SYN, and the remaining 9 were different variants of attacks meant to increase traffic.
Of course this is only part of all of the attacks that took place, but one can still get the general idea of the enormous scale of the attack. Furthermore, the overwhelming majority of the attacks were rather short-lived at one hour or less. Only 7 attacks lasting over 10 hours were recorded. The attack against Estonia happened on several levels at once. Besides the DoS attacks targeting key government sites, there were also mass defacements of dozens of other Estonian websites. Most of these were aimed at websites running different script engines which have a number of vulnerabilities ranging from CSS/XSS vulnerabilities to SQL injections.
These attacks were not particularly complex technically and they could have taken place at any other time, although the events as a whole attracted hackers around the world, and many of them managed to use the situation as an arena for honing and applying their skills. One of the first websites to be broke into was that of the Reformist Party, which is chaired by Estonia’s Prime Minister, Andrus Ansip. The text on the website's homepage was replaced with an alleged apology addressed to the Russian-speaking population of Estonia. "The Prime Minister Asks For Forgiveness! The Prime Minister of Estonia and the Estonian government begs the forgiveness of the entire Russian population of Estonia and takes responsibility for returning the Bronze Soldier statue to its rightful place" the hackers wrote.
Meanwhile, Russian websites were also subjected to the attacks."On May 3 this year the website of the President of Russia was hit by an unprecedented scale of hacker attacks from servers that seem to be located in the Baltics"RIA Novosti news agency was told by a source in the Kremlin. However, thanks to a multifaceted backup system and a modern security system, the president's website managed to retain control. The source at the Kremlin did admit that "there were certain problems." "The hacker attacks on government institutions in various countries are, unfortunately, a widespread practice" added the source.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.