Enlarge / An iteration of what happens when your site gets shut down by a DDoS attack.

Threat actors loyal to the Kremlin have stepped up attacks in support of its invasion of Ukraine, with denial-of-service attacks hitting German banks and other organizations and the unleashing of a new destructive data wiper on Ukraine.

Germany's BSI agency, which monitors cybersecurity in that country, said the attacks caused small outages but ultimately did little damage.

“Currently, some websites are not accessible,” the BSI said in a statement to news agencies. “There are currently no indications of direct effects on the respective service and, according to the BSI's assessment, these are not to be expected if the usual protective measures are taken.”

Enlarge (credit: Aurich Lawson / Ars Technica )

Microsoft researchers have discovered a hybrid Windows-Linux botnet that uses a highly efficient technique to take down Minecraft servers and performs distributed denial-of-service attacks on other platforms.

Dubbed MCCrash, the botnet infects Windows machines and devices running various distributions of Linux for use in DDoS attacks. Among the commands the botnet software accepts is one called ATTACK_MCCRASH . This command populates the user name in a Minecraft server login page with ${env:random payload of specific size:-a} . The string exhausts the resources of the server and makes it crash.

A packet capture showing the TCP payload for crashing Minecraft servers. (credit: Microsoft)

“The usage of the env variable triggers the use of Log4j 2 library, which causes abnormal consumption of system resources (not related to Log4Shell vulnerability), demonstrating a specific and highly efficient DDoS method,” Microsoft researchers wrote . “A wide range of Minecraft server versions can be affected.”

Enlarge (credit: Aurich Lawson / Getty)

A small retail business in North Africa, a North American telecommunications provider, and two separate religious organizations: What do they have in common? They’re all running poorly configured Microsoft servers that for months or years have been spraying the Internet with gigabytes-per-second of junk data in distributed-denial-of-service attacks designed to disrupt or completely take down websites and services.

In all, recently published research from Black Lotus Labs, the research arm of networking and application technology company Lumen, identified more than 12,000 servers—all running Microsoft domain controllers hosting the company’s Active Directory services—that were regularly used to magnify the size of distributed-denial-of-service attacks, or DDoSes.

A never-ending arms race

For decades, DDoSers have battled with defenders in a constant, never-ending arms race. Early on, DDoSers simply corralled ever-larger numbers of Internet-connected devices into botnets and then used them to simultaneously send a target more data than they can handle. Targets—be they game companies, journalists, or even crucial pillars of Internet infrastructure—often buckled at the strain and either completely fell over or slowed to a trickle.