Cybercriminals are becoming more audacious and carrying out even more sophisticated attacks. We recently followed the repercussions of the attack on the TSE website, during this year’s municipal elections in Brazil. Tagged as DDoS, the attack was combined with a “data dump” from the TSE, performed earlier. However, the data obtained were only released by cybercriminals on the day of municipal elections in 2020, to expand its impact and make the TSE portal unstable or even inaccessible to its Brazilian users.
Even if the data in question were obtained and are not related to the municipal elections themselves, by acting in this way the cybercriminals gave the perception that the attack took place at the current time of the elections and that the target – even if they acted quickly to strengthen their systems at the time of the attack – still seem to have weaknesses to exploit. Thus, also threatening the credibility of the institution and democracy.
Also threatening the credibility of the institution and democracy
There is not enough information to know how the data dump was taken. Anyway, it looks like most of the data comes from an old server. As in other similar cases I’ve seen in the past, one of the most likely options is that it was a server that sat there for a long time with no support and probably lack of update installation, making it easier to hack using some modern exploits.
And how do DDoS attacks work?
Known as a denial of service attack, this type of attack mainly targets banks, news portals and even government websites – such as, in this case, the TSE.
While websites that are victims of DDoS attacks suffer from instabilities, on the other hand, users tend to experience or notice slower performance or even that the websites are blocked. Other characteristics perceived by users are constant display of error messages, dropped connection or even difficulty in reaching it – if the user notices one of these situations, it is likely that they are suffering from a DDoS attack.
DDoS attacks seek to bring websites or entire networks down, overloading them with traffic coming from thousands of infected devices
In general, DDoS attacks seek to bring websites or entire networks down, overloading them with traffic from thousands of infected devices, which make up a vast network created by cybercriminals called a botnet.
Among the main reasons for this type of attack are: financial gain, revenge or the desire to create disorder so that its users lose confidence in the institution, which runs the risk of losing its reputation.
What to do?
For companies that want to know if their portal is being victimized by a DDoS attack, the tip is to observe sudden and unexpected spikes in traffic and immediately take action to resolve the issue.
Users can make use of a good antivirus, capable of scanning their system, identifying and removing a possible malware responsible for keeping their device as part of the botnet, created by cybercriminals. By eliminating the malware, the device is back up and running faster, without slowing down or crashing.
Users should also be careful not to download unknown software to the device or even observe any other signs of strange behavior on the device, such as slowness.
Luis Corrons, biweekly columnist of TechWorld, is Avast’s Security Evangelist. Always on the lookout for the latest cybersecurity, malware and the darknet news, Luis is a security industry veteran and industry speaker. He is also a reporter for WildList, Chairman of the Board of Directors of AMTSO (Anti-Malware Testing Standards Organization) and member of the Board of Directors of MUTE (Malicious URLs Tracking and Exchange).