Elon Musk’s declare that the DDoS assault on X (previously Twitter) originated from Ukraine drew skepticism from cybersecurity specialists, who argue that attributing assaults primarily based on IP addresses is unreliable.
Attackers often use digital personal networks (VPNs) and different strategies to obfuscate their origins, making pinpointing a particular geographic supply troublesome.
On Monday, X was the goal of a distributed denial-of-service assault that intermittently shut down the favored social media website for customers worldwide. The X DDoS assault was linked to Darkish Storm Group, a infamous hackivist group identified for launching related large-scale cyber disruptions.
Hours after the assault, Musk claimed throughout an interview with Fox Enterprise that the IP addresses related to the assault originated within the Ukraine space.
Tech-savvy customers on X rapidly identified that IP addresses may be masked or spoofed, making them seem to originate from one area once they really originate from one other.
Expensive Elon:
You’ll be able to't attribute an assault to any geographic location by IP handle alone.
See: VPN, location spoofing, and so forth.
Additionally See: How botnets are managed remotely
Additionally Additionally See: Ask a cybersecurity particular person that will help you.— MikeTalonNYC (@MikeTalonNYC) March 10, 2025
Cybersecurity professionals additionally cautioned towards drawing conclusions primarily based solely on IP handle knowledge.
“If one have been conducting a DDoS assault you wouldn't essentially see every connection originating from an IP handle from a particular nation or netblock,” Scott Renna, Senior Options Architect with blockchain safety agency Halborn, informed Decrypt. “By definition, the assault must come from a number of IP addresses.”
Renna identified that attackers distribute their site visitors throughout quite a few places to keep away from detection and mitigation efforts.
“From an optics perspective and a blocking and prevention standpoint, it's simply not the way it's sometimes finished,” he mentioned.
Whereas the origins of the X assault stay a thriller, DDoS-as-a-Service web sites are popping as much as facilitate the launch of large-scale assaults. These web sites let prospects pay to launch DDoS assaults.
There are two primary varieties of DaaS.
"Stresser" companies, that are authentic instruments corporations use to check and strengthen their IT infrastructure. Then there are "Booter" companies, that are malicious platforms designed to disrupt or take down focused methods.
Cybersecurity groups can use DDoS blackhole routing and geo-blocking to reduce the impression of DDoS assaults, which might have prevented the kind of assault that disrupted X this week.
Blackhole routing is an emergency measure that immediately blocks all site visitors to a focused IP throughout an assault, but it surely additionally impacts authentic customers, making it a brief resolution.
Geo-blocking limits entry from high-risk areas, lowering cyber threats with out disrupting most customers.
In April 2022, web safety supplier Cloudflare efficiently mitigated an enormous DDoS assault concentrating on an unidentified cryptocurrency web site that tried to overwhelm the service with 15.3 million requests per second.
Whereas companies like Cloudflare excel at defending towards cyber threats, Renna emphasised the significance of getting ready for potential failures.
"Companies like Cloudflare do an excellent job for companies," Renna mentioned. "But it surely comes all the way down to what occurs when these fail."
Edited by Sebastian Sinclair
