Russian cybercriminals known as “KillNet” is claiming responsibility for a widespread, distributed-denial-of-service (DDoS) attack against top airport websites in the United States. The DDoS attacks are overwhelming web servers and even Cloudflare web application firewalls (WAF) with junk traffic to knock the airport websites offline.
By knocking the affected airport websites offline, it makes any sort of legitimate request to access the website—such as by active travelers—impossible to fulfill. Thus, the websites remain offline for all users, legitimate or not.
According to BleepingComputer, affected airport websites include Hartsfield-Jackson Atlanta International Airport (ATL) and Los Angeles International Airport (LAX). The LAX website was reported down earlier this morning, but appears to be back online now. At this time, attempting to access the ATL website displays a “You have been blocked” automated web firewall message from Cloudflare.
Other major airport websites to be taken offline include Chicago O’Hare International Airport (ORD), Orlando International Airport (MCO), Denver International Airport (DIA), Phoenix Sky Harbor International Airport (PHX), among others.
To be clear, there is no reported disruption to any flights out of any of the airports targeted by KillNet. The DDoS campaign solely seems to make websites inaccessible, with no affect to actual flights.
According to CNN, Kiersten Todt, Chief of Staff of the US Cybersecurity and Infrastructure Security Agency (CISA) stated that “there’s no concern about operations being disrupted.”
The Transportation Security Administration (TSA) is also monitoring the events and working with airports for resolution, per CNN.
