Hacktivists Force Companies to Respond to Low-Level Cyberattacks

Websites for airports including New York City’s LaGuardia, Des Moines, Atlanta, Los Angeles International and Chicago’s O’Hare and Midway were inaccessible on Monday after the Killnet hacker group took credit for hitting them with denial-of-service attacks. While the website disruptions were short-lived, didn’t interrupt operations or affect flights or passengers, the hacks underscored the efforts companies must spend investigating minor incidents and disputing claims about their effects.

“It’s sort of an attack on legitimacy,” said John Hultquist, vice president of intelligence analysis at cybersecurity firm Mandiant. Denial-of-service attacks seldom affect a company’s operations or sensitive data, but hackers recognize they still get public attention, he said.

“Ultimately, the perception is far worse than the reality,” he said.

Hacktivists that support Russia, and others that support Ukraine, have taken aim at companies during the war in Ukraine, seeking to damage their reputations. In March, the hacker group Anonymous said it released internal data stolen from food and beverage company Nestlé SA. Nestlé said the company wasn’t hacked and the data was exposed in an earlier incident. Anonymous tweeted warnings about several companies, pressuring those that continued operations in Russia after the start of the war to withdraw.

Companies facing even low-grade denial-of-service attacks need to investigate to understand and communicate about the effects, said Lisa Plaggemier, executive director of the National Cybersecurity Alliance, a nonprofit that promotes information sharing between companies and the government.

“It’s on the radar of the American public, it’s on the radar of most board members, it’s on the radar of executives. You have to be able to answer those questions,” she said.

In recent months, Killnet has targeted companies and government websites in countries that support Ukraine, including Lithuania and Italy. The group took credit last week for briefly taking down state government websites in Kentucky, Colorado and Mississippi.

The attack on Des Moines International Airport’s website on Monday cost staff working hours as cyber experts worked to make sure the airport’s internal computer servers weren’t affected and then communicated details to the public, spokeswoman Kayla Kovarna said.

Passengers and operations weren’t harmed and the website was running normally around three hours after it was attacked, she said. An external company that provides the airport’s website installed a filter that was still blocking web traffic from outside the U.S. on Tuesday, she said.

LaGuardia Airport’s website was working normally about 15 minutes after cyber defense systems detected the attack, said a spokesperson for the Port Authority of New York and New Jersey, which runs the airport.

While the denial-of-service attacks are generally short, minor disruptions, the recent bombing escalation in the war in Ukraine might result in more serious cyberattacks on U.S. companies, Mr. Hultquist said. “My concern is for something more effective sometime in the near future,” he said.

Write to Catherine Stupp at [email protected]