During Brazil’s Carnival break, the Superior Court of Justice (STJ) was hit by a significant cyberattack that caused its website to go offline for almost 48 hours, affecting its ability to provide public access to legal processes and news. The attack, which began on Monday, March 3, severely disrupted communication between the court and the public. This interruption had a profound impact on users who rely on the website to consult information about ongoing legal cases and news updates. The cyberattack, conducted using a Distributed Denial of Service (DDoS) method, flooded the site with an overwhelming number of 10 million simultaneous connections, rendering the site temporarily inaccessible and leaving users unable to retrieve crucial information.
According to the court’s confirmation, the DDoS attack was limited to the public-facing part of the website, and internal systems were unaffected.
Despite the severe disruption, the court assured that its internal databases and processes remained secure and operational. In response to the attack, emergency measures were implemented, including user access validation, which resulted in some slowdown of the website’s functionality. The court emphasized that while the public-facing interface was impaired, it took all necessary actions to ensure the continuity of its other services. The STJ stressed that the situation was under control and that no sensitive data was compromised during the attack.
The attack exposed the growing challenges public institutions face in protecting themselves from increasingly sophisticated cyberattacks.
Experts have pointed out that DDoS attacks, which work by bombarding a site with excessive traffic to crash its servers, are becoming more common. These attacks are frequently carried out during times when digital vigilance is lower, such as holidays or long breaks when fewer staff members are available to monitor for potential security threats. The timing of the STJ attack during the Carnival period made it an ideal target for cybercriminals, taking advantage of the reduced attention to cybersecurity during this time. As a result, the attack shed light on the vulnerabilities of governmental and public service websites, especially those that deal with large amounts of sensitive and public information.
After the nearly two-day outage, the STJ began to restore some of its pages on March 5, but the attack highlighted the need for stronger cybersecurity measures for public institutions. The attack served as a reminder of the growing frequency and sophistication of cyberattacks, particularly DDoS operations, which present a significant threat to any organization that depends on its online presence. Specialists have warned that public institutions must remain vigilant and invest in enhanced cybersecurity strategies, especially during low-traffic periods when cyberattacks may go unnoticed. The STJ’s ability to quickly implement mitigation measures to prevent further damage demonstrated its commitment to improving its cybersecurity defenses, yet the incident underscores the importance of ongoing investments in digital security to safeguard against future threats.
Reference:
