Healthcare Organizations Hosted in Azure Facing Increased DDoS Attacks by Hacktivist Group KillNet

Healthcare organizations that utilize Azure to host their applications are increasingly becoming targets of cyber-attacks by hacktivist groups. Among these groups is KillNet, which uses distributed denial of service (DDoS) attacks to disrupt online services and draw attention to their cause. These attacks are relatively easy and low-cost, making them a popular choice among these groups.

Number of daily DDoS attacks
Number of daily DDoS attacks, Source
A recent study found that the number of daily DDoS attacks on healthcare organizations in Azure has increased from 10-20 in November to 40-60 daily in February. Furthermore, these attacks include multi-vector layer 3, layer 4, and layer 7 DDoS attacks. Healthcare organizations in different sectors such as pharma and life sciences, hospitals, healthcare insurance, and health services and care are all targets of these attacks. While most attacks are below 2M pps, several attacks hit 5M pps, which can take down a website if not protected by a network security service like Azure DDoS Network Protection.

Attack throughput (pps)
Attack throughput (pps), Source
To protect against DDoS attacks, organizations should consider implementing Azure DDoS Network Protection, which learns normal baseline patterns specific to an application and detects traffic anomalies effectively. In addition, organizations should regularly review and update their security policies, implement two-factor authentication, and educate employees on how to identify and respond to security threats.

The article also highlights KillNet, a pro-Russian hacktivist group that has attracted the attention of various cybercriminal groups amid the ongoing conflict between Ukraine and Russia. KillNet is primarily known for its DDoS attacks against countries supporting Ukraine, particularly NATO countries. Their attacks don't typically cause major damage, but they can cause service outages lasting several hours or even days.

KillNet started as a DDoS attack tool for rent before becoming a hacker group that carries out attacks to support Russia and fight for Russia's interests. They have targeted various European and Western countries, including Ukraine, the US, the UK, Germany, Italy, Romania, Lithuania, Estonia, and Poland. To prevent DDoS attacks from groups like KillNet, website owners should ensure they have sufficient bandwidth and server resources to withstand DDoS attacks. Cloud-based security solutions, firewalls, and content delivery networks can also help protect against DDoS attacks.

In conclusion, healthcare organizations hosted in Azure and other online services must be vigilant and take proactive measures to protect themselves against cyber-attacks. By implementing network security services and following best practices, organizations can reduce their risk of falling victim to DDoS attacks by groups like KillNet. It's essential to prioritize security and take proactive measures to prevent cyber-attacks, as the cost of an attack could be significant and may affect an organization's reputation and patient trust.