Ukrainian Postal Service Knocked Offline By Repeated DDoS

Ukrposhta, the national postal service in Ukraine, was hit with a two-day DDoS attack that began on Monday, knocking some systems offline.

According to the Interfax news agency, the computer systems targeted by the unknown assailants are used to track customer parcels and shipments. Ukrposhta is managed by the Infrastructure Ministry in Ukraine, and employs almost 12,000 postal officers across the country and 76,000 employees in all—meaning that disruptions could have far-reaching effects.

The company gave DDoS updates via its Facebook page yesterday. The latest (in translation) reads:

“During the first wave of the attack, which began yesterday in the morning, our IT services could normalize the situation, and after 5 p.m., all the services on the site worked properly. But today, hackers are at it again. Due to their actions, both the website and services are working, but slowly and with interruptions.”

Igal Zeifman, director of marketing at Imperva for the Incapsula product line, said via email that it sounds like Ukrposhta is dealing with several repeat assaults, occurring in rapid succession.

“Recently, such tactics had become more common due to their ability to disrupt some security measures and cause fatigue to the people in charge of the attack mitigation, forcing them to stay alert even in the quiet time between the attacks,” he said. “In the first quarter of the year, we saw the number of such repeat assaults reach an all-time-high, with over 74% of DDoS targets attacked at least twice in the span of that quarter.”

This is not the first time that Ukraine’s postal service has faced significant attacks this year. The country was ground zero for the Petya/NotPetya ransomware attacks that proliferated around the globe in June, which affected not just the postal service but also banks and the state-owned power companies, Ukenergo and Kyivenergo.

What’s Hot on Infosecurity Magazine?