Understand how DDoS attacks and data dump work

Cybercriminals are increasingly audacious and engaging in even more sophisticated attacks. Recently, we followed the repercussions on the attack on the TSE website, during this year’s municipal elections in Brazil. Identified as DDoS, the attack was combined with a “data dump” of the TSE, performed previously. However, the data obtained was only released by cybercriminals on the day of the municipal elections in 2020, to expand its impact and make the TSE portal unstable or even inaccessible to its Brazilian users.

Even if the data in question was obtained and unrelated to the municipal elections themselves, in doing so, cybercriminals gave the perception that the attack occurred at the current time of the elections and that the target – even if it acted quickly to reinforce their systems at the time of the attack – still appear to have weaknesses to be explored. With this, also threatening the credibility of the institution and democracy.

Also threatening the credibility of the institution and democracy

There is not enough information to know how the data dump was obtained. Anyway, it looks like most of the data comes from an old server. As in other similar cases that I saw in the past, one of the most likely options is that it was a server that was there for a long time without support and probably lacking the installation of updates, making it easier to hack using some modern exploits.

And how do DDoS attacks work?

Known as a denial of service attack, this type of attack aims to target mainly banks, news portals and even government websites – as in this case, the TSE.

While sites victims of DDoS attacks suffer from instabilities, on the other hand, users tend to experience or notice slower performance or even that the sites are blocked. Other characteristics perceived by users are the constant display of error messages, the drop in the connection or even the difficulty in reaching it – if the user perceives one of these situations, it is likely that he is suffering a DDoS attack.

DDoS attacks seek to bring down entire sites or networks, overloading them with traffic from thousands of infected devices

In general, DDoS attacks seek to bring down websites or entire networks, overloading them with traffic from thousands of infected devices, which make up a large network created by cybercriminals and called a botnet.

Among the main reasons for this type of attack are: financial gains, revenge or the desire to generate disorder so that its users lose confidence in the institution, which is at risk of losing its reputation.

What to do?

For companies that want to know if their portal is being victimized by a DDoS attack, the tip is to observe sudden and unexpected spikes in traffic and immediately take action to resolve the issue.

Users can use a good antivirus, capable of scanning their system, identifying and removing possible malware responsible for keeping their device as part of the botnet, created by cybercriminals. By eliminating malware, the device resumes operation more quickly, without slowing down or crashing.

Users should also be careful not to download unfamiliar software on the device or even observe any other signs of strange behavior on the device, such as slowness.


Luis Corrons, biweekly columnist of TecMundo, is Avast Security Evangelist. Always attentive to the latest news on cybersecurity, malware and darknet, Luis is a veteran of the security sector and an industry speaker. He is also a reporter for WildList, Chairman of the Board of Directors of AMTSO (Anti-Malware Testing Standards Organization) and a member of the Board of Directors of MUTE (Malicious URLs Tracking and Exchange).

Leave a Comment