Hackers, believed to be sympathetic to Russia, targeted Iceland’s Parliament, Cabinet, and technology companies in a cyberattack on June 13. The distributed denial-of-service attack rendered the websites of the Parliament and Council of Ministers inaccessible. Similar to attacks during the recent Council of Europe summit, these cyber incidents aim to flood websites with artificial traffic, causing temporary disruptions without permanent damage or data compromise. The pro-Russian hacker group NoName057 claimed responsibility for last month’s cyber attacks against the Icelandic government.
The cybersecurity team CERT-IS confirmed the nature of the recent attack, describing it as a distributed denial-of-service attack. Alongside governmental websites, the tech company Advania also faced powerful and well-executed attacks. Defending against such cyberattacks can be challenging, requiring the ability to differentiate between legal internet traffic and organized attacks. While defenses exist to counter these attacks, they need constant updates, as attackers continually test new versions to bypass detection.
Gudmundur Arnar Sigmundsson from CERT-IS explained the difficulty in distinguishing legal from illegal internet traffic during these attacks. The defenses must recognize normal user access versus illegitimate online robots flooding the website. Attackers are aware of defense mechanisms and continuously try to test new versions to evade detection. In cases like the recent attacks, where defenses may not automatically detect them, a reactive approach is necessary to restore normalcy.
