Hackers take aim at drones

Since the beginning of October, cybersecurity companies have recorded a sharp increase in DDoS attacks on retailers selling consumer drones. Ukrainian hackers believe they are being bought to be sent to a war zone and coordinate attacks on specialized forums. Retailers confirm the trend, but assure that their information infrastructure is still coping with the load.

“Kommersant” found that on hacker forums, attackers who generate malicious traffic using their own capacities are uniting to attack sellers of commercial drones. The devices, according to hacktivists, “can be used for aerial reconnaissance or artillery guidance.” One of the retailers that the cybercriminals are urging to attack, Citilink, has more than a thousand stores and distribution points. Kommersant’s interlocutor in the cybersecurity market notes that attacks have intensified on the resources of M.Video-Eldorado.

Since February, when hostilities began in Ukraine, prices for commercial or “consumer” drones have risen by at least 30% (see Kommersant on June 15). This was due both to the stoppage of official deliveries of the key manufacturer on the market – DJI, and to the growth in demand due to hostilities. The devices were already sent “together with other equipment to the Donbass”. At the same time, gadgets remain a common consumer product and continue to be in demand among different categories of consumers.

Citilink confirmed DDoS attacks, but noted that the company’s infrastructure “continues to operate normally.” M.Video-Eldorado reported that all platforms and services are working, the company has implemented a number of measures to further protect online sites. SberMarket, which also sells consumer drones, did not respond to Kommersant.

An increase in the activity of hackers in the retail segment is also recorded in cybersecurity companies. “In recent days, DDoS attacks on online stores selling drones have been coordinated,” confirms Igor Sergienko, Director for the Development of Special Services at RTK-Solar. In total, about 70 Russian online stores are currently under attack, he specified. “Moreover, we are talking about sellers not only of commercial unmanned vehicles, but also of radio-controlled equipment of the “hobby” category. In addition to specialized stores, electronics hypermarkets that have similar products in their assortment are also affected,” said Mr. Sergienko.

Military stores have become another target of hackers over the past week, attacks on them have begun to be coordinated on hacker forums since the announcement of partial mobilization in Russia, Kommersant drew attention. At the same time, consumer demand for this segment has grown sharply: the traffic of stores selling military clothing and equipment has increased by an average of 40% (see Kommersant of September 29). In general, the activity of malefactors has increased since the beginning of the military operation in Ukraine. The strongest surge in hacker activity was recorded in late February – early March, when the number of addresses reached 3.5 million, but by the summer it dropped to 1 million on average (see Kommersant of June 24).

“Back in May, when the total number of DDoS attacks began to decline, we noted that if there were aggravations in the current conflict, then this would definitely be reflected in cyberspace by an increase in the number and intensity of attacks, which we are seeing today,” notes the founder and CEO Qrator Labs Alexander Lyamin. At the moment, the focus of attacks is online retail, he adds. The general external situation suggests that attacks will not decrease in the near future, Ivan Melekhin, Director of the Center for Monitoring and Counteracting Cyberattacks IZ: SOC of Informzaschita, agrees: “Attacks of this kind have a negative impact on the business of the victim organization, as they significantly use of its online services. In addition, the expert adds, DDoS incidents can be a cover for more serious attacks.

Tatyana Isakova