On 8 December 2022, all websites belonging to the Danish Defence went down early in the morning. Four hours later it was discovered that it was caused by a cyber attack, and 11 hours later - in the evening - they managed to start repelling the attack, which only ceased from the threat actor at 9:10 the following day. It later emerged that the attack was a DDoS attack.
How a DDoS attack works
A DDoS attack is a Distributed Denial of Service attack where websites crash due to external denial of service. This is done by a hacker spreading malware to other computers over the Internet, and the infected computers send large amounts of fake traffic to a website, which is then overloaded and taken down.
Any organisation or business that is present and accessible on the Internet is a potential target for DDoS attacks. This is precisely why it is also important that all organisations are aware of the threat and able to react quickly to a potential attack.
In the case of the Danish Defence, it was first suspected that it was a technical fault before it was concluded that it was a cyber attack. According to the Ministry of Defence's Materiel and Procurement Agency (FMI), which subsequently explained the attack in a report, this was because it can be difficult to determine whether there is an internal error or an external attempt at a cyber attack when an inappropriate number of requests are made to the same servers.
However, several experts in the field have since criticised the delay in detecting the attack, concluding that it was a cyber attack and subsequently defusing the threat.
Quick response time is important
The attack on the Danish Defence is not the only one of its kind to have taken place recently, as both the Swedish and Norwegian defence, as well as the European Parliament, have experienced similar attacks within the past six months.
Interestingly, it took the Swedish Defence no more than 10 minutes to detect and defeat the attack on them, while it took the Danish Defence more than 11 hours in total.
Although the Danish Defence has reported that no data was lost in the attack, the slow response time is worrying because the attack was probably intended to test the cyber security of the defence network.
In addition, the earlier an attack is detected and dealt with, the better the chances of stopping it or minimising its impact. One way to do this is to have a good knowledge of the website's data traffic through appropriate monitoring and possibly receive automatic notifications in case traffic patterns change significantly.
DDoS attacks and modern warfare
In all recent attacks, the Russian pro-Kremlin hacker group Killnet has been suspected of being behind the attacks, although this has not yet been confirmed.
However, the group has claimed responsibility for the attack on the European Parliament in November, and is thus known to carry out activist DDoS attacks in support of Russia, particularly against governments and public sectors and institutions. It thus appears that the attacks are being used as part of a hybrid war in the context of the war in Ukraine, and Russia is therefore the obvious perpetrator.
In this way, DDoS attacks are often about sending a political message that the perpetrators have, for example, the capacity to hit infrastructure, which in some cases can have very large and serious consequences.
There have been several warnings recently about the threat of cyber attacks against critical infrastructure in NATO countries, so it is important to be prepared for this type of attack.
Source: "Det tog 11 timer for Forsvaret at afværge cyberangreb på hjemmesider," DR.dk.
Emilie Hartmann is a student and copywriter at Moxso, where she is a language nerd and always on the lookout for new and exciting topics to write about. She is currently doing her Master's in English, where she is primarily working in the fields of Creative Writing and Digital Humanities.