Elon Musk’s X DDoS Accusation Ignores Basics of Cyber Attacks, Expert Says

Elon Musk’s claim that the DDoS attack on X ( formerly Twitter ) originated from Ukraine drew skepticism from cybersecurity experts, who argue that attributing attacks based on IP addresses is unreliable.

Intruders frequently use virtual private networks (VPNs ) and other techniques to conceal their origins, making defining a specific geographic origin difficult.

On Monday, X was the goal of a distributed denial-of-service assault that frequently shut down the popular social media page for consumers worldwide. The X DDoS assault was linked to Dark Storm Team, a famous hackivist cluster known for launching related large-scale computer problems.

Hours after the attack, Musk claimed during an interview with Fox Business that the Internet names associated with the attack originated in the Ukraine place.

Tech-savvy people on X immediately pointed out that IP addresses can be masked or spoofed, making them appear to originate from one area when they actually originate from another.

Security specialists also cautioned against drawing conclusions based only on Internet address information.

” Adversaries use techniques like Internet Phishing, VPNs and machines infected with malware to do these episodes”, Siri Vegiraju, Software Development Engineer at Microsoft Azure told Decrypt. ” Particularly, with IP spoofing intruders create boxes with false supply IP addresses to basically impersonate other methods”.

Adding to the difficulty of stopping DDoS problems is that they are essentially decentralized, making them difficult to trace.

” If one were conducting a DDoS strike you wouldn’t necessarily view each link originating from an Internet target from a particular region or netblock”, Scott Renna, Senior Solutions Architect with blockchain security firm Halborn, told . ” By description, the attack would have to arrive from various Internet lists”.

Renna pointed out that intruders distribute their visitors across various locations to evade detection and mitigation efforts.

” From an magnification view and a blocking and avoidance point, it’s just not how it’s usually done”, he said.

While the causes of the X strike remain a mystery, DDoS-as-a-Service platforms are popping up to promote the release of large-scale problems. These websites let customers pay to launch DDoS attacks.

There are two main types of DaaS.

” Stresser” services, which are legitimate tools companies use to test and strengthen their IT infrastructure. Then there are” Booter” services, which are malicious platforms designed to disrupt or take down targeted systems.

Cybersecurity teams can use DDoS blackhole routing and geo-blocking to minimize the impact of DDoS attacks, which could have prevented the type of attack that disrupted X this week.

Blackhole routing is an emergency measure that instantly blocks all traffic to a targeted IP during an attack, but it also affects legitimate users, making it a temporary solution.

Geo-blocking limits access from high-risk regions, reducing cyber threats without disrupting most users.

​ In April 2022, internet security provider Cloudflare successfully mitigated a massive DDoS attack targeting an unidentified cryptocurrency website that attempted to overwhelm the service with 15.3 million requests per second.

While services like Cloudflare excel at defending against cyber threats, Renna emphasized the importance of preparing for potential failures.

” Services like Cloudflare do a good job for businesses”, Renna said. ” But it comes down to what happens when those fail”.

Editor’s note: Adds additional comments from&nbsp, Microsoft Software Development Engineer at Azure Siri Vegiraju