Cyber Incident Victim: Government of Iceland

In early April 2022, multiple distributed denial-of-service (DDoS) attacks disrupted numerous Icelandic websites hosted by Netheimur, a service provider for several companies. The attacks, described by Netheimur’s system administrator Sverrir Már Sverrisson as involving tens of thousands of IP addresses targeting the same network gateways, created severe server overload. Sverrisson likened the attack’s mechanism to “sending a thousand people through a single door simultaneously,” emphasizing the coordinated flood of traffic overwhelming infrastructure. While such DDoS incidents typically lasted around fifteen minutes, one attack on Netheimur’s systems persisted for over an hour on April 14, indicating unusual intensity and duration. The sustained assaults prompted immediate operational challenges, forcing Netheimur to implement emergency measures to stabilize services.

Among the affected sites was the news outlet DV, whose web portal experienced complete outages during the attacks, compelling administrators to block all foreign readership access as a containment measure. Concurrently, Iceland’s national broadcaster RÚV encountered minor disruptions on ruv.is due to abnormally high traffic volumes, though these issues were resolved relatively quickly. Netheimur’s decision to restrict foreign traffic to specific websites mirrored the approach taken with DV.is, aiming to mitigate the attack’s impact by reducing inbound requests from international sources. The attacks remained under investigation, with no confirmed attribution or motive disclosed in initial reports. Service interruptions highlighted vulnerabilities in maintaining availability during large-scale volumetric attacks, particularly for media outlets reliant on continuous public access.