— Extremely difficult to find the exact origin of DDoS attacks

— Botnets often route attacks through devices in unrelated regions

— Spoofing techniques allow attackers to mask the true origins

— Use of proxy servers or VPNs

US billionaire and owner of social media platform X Elon Musk has claimed that the war-torn country Ukraine was behind the cyberattack on X. This claim is being contested by several top cybersecurity experts of India. The distributed denial of service (DDoS) cyberattack disrupted X on March 10, with widespread outage of the social networking site.

“The reality of the attack is only known to the people involved in responding to the digital disruption because no details have been disclosed yet. Let us face it, it would not be far-fetched to believe that X would be subject to DDOS attacks just like any other social media platform. A pro-Palestinian group has claimed responsibility,” says infosec leader Agnidipta Sarkar, Vice President CISO Advisory, ColorTokens Inc. and former biocon group CISO.

“I am hoping X still has good cyber crisis managers. I guess we have to wait and watch to see if X makes an SEC disclosure or any other type of disclosure of what really happened,” adds Sarkar.

Were Ukranian actors behind the DDoS attack?

Elon Musk has suggested that IP addresses involved in the attack were traced to locations “in the Ukraine area,” but this claim is disputed by cybersecurity experts, who argue that such attacks typically involve a global network of compromised devices.

“Since when has someone been able to pin point the origin of a DDOS attack? Isn’t that the whole point of D in DDoS?” questions an infosec expert.

Pinpointing the exact origin of DDoS attacks is extremely challenging due to their distributed nature and deliberate obfuscation techniques. Botnets often route attacks through devices in unrelated regions. Moreover, there are spoofing techniques involved in which attackers mask the true origins using proxy servers or VPNs. Furthermore, there is a “background noise” infrastructure under which many botnets operate as for-hire services with no clear geopolitical ties.

“True, it is hard to catch the origin of the IP but it is possible. I’m sharing my opinion not the fact that it will be possible. Bot IPs may be suspicious and we can check the suspicious IP and mark them red and try to find the original IP or nonsuspicious IP then investigate them. It takes time to consume but could help to find the origin IP,” opines another cybersecurity expert.

Understanding a DDoS cyberattack

A DDoS (Distributed Denial of Service) cyberattack occurs when multiple compromised systems flood a target server or network with excessive traffic, overwhelming it and causing it to become unavailable. The impact of a DDoS attack can be devastating for businesses, organizations, and individuals. One of the primary consequences is downtime, which disrupts online services, causing loss of revenue and damaging the organization’s reputation. For businesses that rely on e-commerce or online platforms, even a short period of inaccessibility can lead to significant financial losses.

Moreover, DDoS attacks can strain IT resources, requiring costly mitigation efforts. This often involves deploying specialized DDoS protection services or additional infrastructure to handle the traffic, which can be expensive and time-consuming. In some cases, attackers may also use DDoS attacks as a smokescreen for other malicious activities, such as data theft or network intrusion. The impact can extend beyond the immediate financial losses. Customer trust may be eroded, and clients might seek more secure alternatives. The cumulative effect of repeated attacks could lead to long-term reputational damage, especially if the business struggles to recover or experiences ongoing vulnerabilities.

In conclusion

It is no surprise that companies tend to use the cyber-attack as an excuse sometimes to deflect attention from IT mismanagement. And then there were the job cuts. Ignoring the political aspect of the situation and the fact that Musk blames it on Ukraine, it does raise a few questions. For example, was the attack so severe that it overwhelmed the Anti-DDOS capability of X? Or how did the attacker manage to disable the CDN? Or why did the attack happen in spurts? There are several questions which remain unanswered.