The official website of the UK royal family was subject to a distributed denial-of-service (DDoS) attack on the morning of Sunday, Oct. 1, thanks to pro-Russian hacktivists.
The resulting downtime for royal.uk began around 10 a.m. BST, and only lasted for around 90 minutes. As of this writing, though, visitors to the site are still being vetted by a Cloudflare security check prior to loading the homepage.
While the site was down, the Russian threat actor KillNet claimed responsibility. It was an “attack on pedophiles,” the group’s founder, Killmilk, called it in a Telegram post.
Security experts have not independently verified KillNet’s attribution, though it wouldn’t be the first time Killnet has scored a cheap media victory in the name of Russian nationalism.
KillNet’s PR Stunts
“It is in line with their modus operandi,” explains Eli Nussbaum, managing director at Conversant Group.
“Where we often think of Russian cyber threat actors as launching more destructive attacks like malware or ransomware,” he explains KillNet has built a reputation for less damaging DoS and DDoS attacks, particularly against public and private organizations located in Ukraine and NATO member countries. “Their activities are designed to bring attention to their political cause (in this case, support for Russia in the Russia/Ukraine conflict), widen the battlefield, and likely shift popular support within Ukraine’s allies.”
Sunday’s attack was a perfect case-in-point, coming just 10 days after King Charles appeared at the Palais du Luxembourg, home of the French senate, and condemned the Russian invasion of Ukraine. “Now, more than 80 years since we fought, side by side, for the liberation of Europe, we once again face unprovoked aggression on our continent,” Charles said in a bilingual speech.
Defending Against DoS
In April, the UK National Cyber Security Center warned about Russian state-aligned threat actors causing havoc in Britain. “While the cyber activity of these groups often focuses on DDoS attacks, website defacements, and/or the spread of misinformation, some have stated a desire to achieve a more disruptive and destructive impact against western critical national infrastructure,” it explained.
The ease with which a cybercrime outfit took down a premier government website in this case only further highlights the need for organizations to protect against such groups.
Besides general cyber protections, Nussbaum suggests, “defending against DDoS attacks requires protecting Domain Name Servers and the actual workloads (protocols and resources). Further, ensuring that systems are scalable to support amplified loads may mitigate the impact of an attack. Opting into DNS-based DDoS protection services is a good first step.”
“DDoS attacks generally aren’t as crippling as ransomware, but because the royal family is so highly visible, this activity has certainly made a statement. In part, that statement may be construed as a warning that no one is immune to their reach and power,” he says.