Elon Musk’s declare that the DDoS assault on X (previously Twitter) originated from Ukraine drew skepticism from cybersecurity specialists, who argue that attributing assaults primarily based on IP addresses is unreliable.
Attackers often use digital non-public networks (VPNs) and different strategies to obfuscate their origins, making pinpointing a particular geographic supply troublesome.
On Monday, X was the goal of a distributed denial-of-service assault that intermittently shut down the favored social media website for customers worldwide. The X DDoS assault was linked to Darkish Storm Staff, a infamous hackivist group recognized for launching related large-scale cyber disruptions.
Hours after the assault, Musk claimed throughout an interview with Fox Enterprise that the IP addresses related to the assault originated within the Ukraine space.
Tech-savvy customers on X shortly identified that IP addresses might be masked or spoofed, making them seem to originate from one area after they really originate from one other.
Pricey Elon:You may’t attribute an assault to any geographic location by IP deal with alone. See: VPN, location spoofing, and many others. Additionally See: How botnets are managed remotelyAlso Additionally See: Ask a cybersecurity individual that will help you.
— MikeTalonNYC (@MikeTalonNYC) March 10, 2025
Cybersecurity professionals additionally cautioned towards drawing conclusions primarily based solely on IP deal with knowledge.
“If one have been conducting a DDoS assault you would not essentially see every connection originating from an IP deal with from a particular nation or netblock,” Scott Renna, Senior Options Architect with blockchain safety agency Halborn, instructed Decrypt. “By definition, the assault must come from a number of IP addresses.”
Renna identified that attackers distribute their site visitors throughout quite a few areas to keep away from detection and mitigation efforts.
“From an optics perspective and a blocking and prevention standpoint, it is simply not the way it’s sometimes finished,” he mentioned.
Whereas the origins of the X assault stay a thriller, DDoS-as-a-Service web sites are popping as much as facilitate the launch of large-scale assaults. These web sites let prospects pay to launch DDoS assaults.
There are two most important sorts of DaaS.
“Stresser” providers, that are official instruments corporations use to check and strengthen their IT infrastructure. Then there are “Booter” providers, that are malicious platforms designed to disrupt or take down focused methods.
Cybersecurity groups can use DDoS blackhole routing and geo-blocking to reduce the impression of DDoS assaults, which may have prevented the kind of assault that disrupted X this week.
Blackhole routing is an emergency measure that immediately blocks all site visitors to a focused IP throughout an assault, however it additionally impacts official customers, making it a short lived answer.
Geo-blocking limits entry from high-risk areas, decreasing cyber threats with out disrupting most customers.
In April 2022, web safety supplier Cloudflare efficiently mitigated a large DDoS assault focusing on an unidentified cryptocurrency web site that tried to overwhelm the service with 15.3 million requests per second.
Whereas providers like Cloudflare excel at defending towards cyber threats, Renna emphasised the significance of making ready for potential failures.
“Providers like Cloudflare do a great job for companies,” Renna mentioned. “But it surely comes all the way down to what occurs when these fail.”
Edited by Sebastian Sinclair
Typically Clever E-newsletter
A weekly AI journey narrated by Gen, a generative AI mannequin.
Discussion about this post