After Russia began to use equipment for filtering communication networks to block foreign traffic on a geographical basis, hackers began to look alternative ways to organize DDoS attacks. Attackers use VPN and proxy services to carry out malicious campaigns, as well as botnet networks consisting of compromised network devices, such as routers and smart cameras, with Russian IP addresses.
In April this year, Roskomnadzor announced its intention to create a national DDoS protection system, for which it was planned to upgrade the equipment for deep traffic filtering (DPI) used in the implementation of the law on the sovereign Internet. According to the source, this equipment is used to filter traffic on a geographical basis on the borders of Russia. Official representatives of Roskomnadzor refrain from commenting on this issue.
Since the start of the special operation in Ukraine on February 24, Russia has faced a wave of cyber attacks on the public sector and business. Kaspersky Lab reported that at the end of February the company repelled 4.5 times more DDoS attacks than in the same period a year earlier.
“When fighting DDoS attacks, the geo-blocking mechanism for a number of services is fast and effective”, – Alexey Novikov, director of the Positive Technologies security expert center (PT Expert Security Center), believes. When attackers realize that the resource has enabled such blocking, they begin to use IP addresses located on the territory of Russia in attacks. “This can be done by renting a VPN, Proxy or VPS (virtual dedicated server) from providers located in the Russian Federation, or using various botnets that unite infected devices in the territory of the Russian Federation. Most botnet networks are currently assembled from various infected smart devices or simply personal computers.added the expert.
The founder of Qrator Labs (specializes in protection against DDoS attacks) Alexander Lyamin agrees that against the background of blocking traffic from abroad, attackers began to use devices located in the Russian address space. “A similar scheme for bypassing IP blocking existed before, this proves that filtering traffic by geolocation is ineffective”Mr. Lyamin is sure.
If you notice an error, select it with the mouse and press CTRL + ENTER.