ake78 (3D & photo) - Fotolia
Hong Kong’s LIHKG website, a localised forum service akin to Reddit that is being used to organise and co-ordinate the ongoing pro-democracy protests in the Special Administrative Region (SAR), has been targeted with distributed denial of service (DDoS) attacks originating from the so-called Great Cannon, a China-based tool allegedly operating with government support.
Little has been heard from the Great Cannon since it was first used in 2015, targeting censorship monitoring community GreatFire.org and open source software development community GitHub, but threat researcher Chris Doman of AT&T’s AlienVault security unit – now known as AT&T Cybersecurity – has now implicated it in a series of attacks.
In the case of LIHKG, the code repeatedly requested a number of different resources, including images and meme content hosted on the likes of Tumblr and other locations, that appears on the LIHKG forums. These content URLs are appended to the LIHKG image’s proxy URL, which means LIHKG’s resources are then consumed by accessing the content, changing its size and serving it to the user.
However, he said it was “disturbing” that a tool like the Great Cannon was being used once again, especially as the attacks are causing collateral damage to US-based hosting services.
LIHKG had already disclosed an “unprecedented” DDoS attack that took place on 31 August 2019, during which it saw 1.5 billion total requests made and 6.5 million unique “visitors” per hour, causing congestion and server overloads, but said its data and members’ personal information were not compromised. The site’s administrators thanked their DDoS mitigation service provider, Cloudflare, for its assistance.
Read more about mitigating DDoS attacks
- Automation can significantly improve response times during a distributed denial of service attack, reducing the potential damage to targeted organisations.
- Network layer and application layer DDoS attacks are significant threats. Learn about the differences between them and what you can do to reduce their effects.
- Although most scrubbing services can help fend off distributed denial of service attacks, a more comprehensive mitigation strategy is required to remain unscathed.
Although DDoS is arguably one of the more crude methods of conducting a cyber attack, some of the most damaging cyber incidents of recent years have been caused by DDoS, most famously the Mirai internet of things (IoT) botnet attack, which took multiple websites offline by targeting DNS services provider Dyn.
Three years on, its descendants continue to be an active security threat. According to Trend Micro researchers, Mirai has been so successful that it has stifled innovation among threat actors to some extent.
More recently, a November 2019 DDoS attack on the systems of the UK’s Labour Party was claimed by hacking group Lizard Squad, which has historically specialised in such tactics.
A recent report on the DDoS attack landscape by Kaspersky showed that the number of these attacks is growing rapidly, with 18% more conducted during the second quarter of 2019 compared to 2018.
“This trend is rather worrying for businesses,” said Alexey Kiselev, Kaspersky DDoS protection team business development manager. “Many are well protected against high volumes of junk traffic, but DDoS attacks on the application layer require the targets to identify illegitimate activity even if its volume is low.
“We therefore recommend that businesses ensure their DDoS protection solutions are ready to withstand these complex attacks.”