Russian Scientists Say They Have A New System to Monitor Attacks on the Russian Internet

As Russia rains artillery fire down on Ukrainian cities, cyber attackers from around the world have been targeting Russian media, cryptocurrency services, and retail brands with denial of service attacks. A group of Russian scientists say that they’ve developed a new tool to block such attacks—but even that is an indication that severe economic sanctions are changing life in Russia. 

Engineers from Samara University developed a tool they called NetTestBox to monitor internet traffic into and out of Russia. “The information obtained by the system allows you to track unauthorized data leaks, see what part of the traffic goes through foreign channels, and, therefore, is vulnerable to external shutdown,” according to a Monday article from Russia’s Izvestia news outlet. (Like most Russian media, the site is state-controlled.)

The testbox will “allow us to detect our country's disconnections from international data exchange points and help assess the impact of unfriendly actions on [the Russian internet]. The system can be used to form a secure and independent digital space from other countries,” the article said. 

Sam Bendett, ​​an adjunct senior fellow at the Center for a New American Security and an adviser at the CNA Corporation, said the development is another symptom of the sanctions on Russian IT. 

“For years, the Russian infosec industry was preparing for a possible disconnect from international Internet data exchanges. Now, with the unprecedented IT sanctions that are impacting Russia’s high-tech industry, some in Russia think that threat may come to fruition. This NetTestBox is only a prototype, but similar technologies probably already exist in the Russian infosec ecosystem,” he told Defense One. 

Since the start of Russia’s expanded invasion of Ukraine, attackers from around the world have been targeting Russian internet services with distributed denial of service, or DDOS, attacks. Considered less severe than a “hack,” a cyber attack suggesting penetration of a victim computer or multiple computers in a network, a DDOS attack floods the target with internet traffic, making the site inaccessible from outside. 

DDOS attacks against Russian media, internet service providers, cryptocurrency sites, and retail sites—in that order—have been on the rise in the first quarter of this year, according to a new report published today by Cloudflare. The company, which specializes in helping sites prevent or recover from DDOS attacks, estimates that Russia became the fourth biggest DDOS target in the period from January until the end of March, up from the sixth largest target in the final quarter of last year.  

“The majority of HTTP DDOS attacks that targeted Russian companies originated from Germany, the U.S., Singapore, Finland, India, the Netherlands, and Ukraine. It’s important to note that being able to identify where cyber attack traffic originates is not the same as being able to attribute where the attacker is located,” Cloudflare notes in the report.