Some Ubuntu services are still down following outages after DDoS attack

“Canonical’s web infrastructure is under a sustained, cross-border attack and we are working to address it. We will provide more information in our official channels as soon as we are able to,” the company said at the time.

Discussing the attack on unofficial Ubuntu forums, community members confirmed that the distro’s security API was affected, as well as multiple websites. Updates and system installs were also unavailable at the time.

Islamic Cyber Resistance in Iraq 313 Team

The attack was claimed by a group calling itself The Islamic Cyber Resistance in Iraq 313 Team. In a Telegram channel, the group allegedly said it used a DDoS-as-a-Service tool called Beamed to launch the attack.

Beamed is a booter (or stresser), a tool that allows users to “stress test” their website by paying for a DDoS attack. The service claims to be able to launch a 3.5 Tbps attack, half the power needed to deliver a record-breaking attack.

A DDoS happens when hundreds of thousands of internet-connected devices try to communicate with a single server, overloading it, forcing it to crash, and thus denying legitimate traffic any access. To create a DDoS service, the threat actors must gain control over these endpoints, which is usually done through malware. Using automated scripts and bots, the threat actors can look for vulnerabilities or weak login credentials and use the access to deploy different variants of malware.

After that, they can operate the instances through a unified dashboard. This access is then sold on the black market for a monthly fee. That fee can be anything from $10 for cheap services, to $500 a month for sustained, high-power attacks.

Via TechCrunch