As the conflict between Russia and Ukraine rages on, the Russian government published yesterday a massive list containing 17,576 IP addresses and 166 domains that seem to be behind a series of distributed denial-of-service (DDoS) attacks on its domestic infrastructure.
The US Federal Bureau of Investigation (FBI), Central Intelligence Agency (CIA), and the sites of some media outlets such as USA Today, 24News.ge, megatv.ge, and Ukraine’s Korrespondent publication were among the significant domains in the list made public by Russia’s National Coordination Center for Computer Incidents (NCCCI).
NCCCI Recommendations for Organizations
According to The Hacker News, in order to reduce the DDoS attacks, the agency advises companies to:
ringfence network devices, enable logging, change passwords associated with key infrastructure elements, turn off automatic software updates, disable third-party plugins on websites, enforce data backups, watch out for phishing attacks.
Use Russian DNS servers. Use the corporate DNS servers and/or the DNS servers of your telecom operator in order to prevent the organization’s users from being redirected to malicious resources or other malicious activity.
If your organization’s DNS zone [is] serviced by a foreign telecom operator, transfer it to the information space of the Russian Federation.
Hackers Are Picking