In the past year we used to see large campaigns by the anonymous group before launching a cyber attack. The purpose of the campaign is mainly to recruit additional members and volunteers to amplify the DDoS attack and to generate large volume of traffic in order to shut down the victim’s website and online services.
However, this pattern might have changed. Last week attacks that were launched by Anonymous on several Italian organizations reveal a new behavioral pattern for the hacktivists group:
- No public campaign before the attack: Unlike previous attacks, in the recent attack there was not a campaign to recruit volunteers and additional computes to perform the attack. This group of Anonymous believes that they can take down a website without a massive number of attackers.
- No early warning: An early warning before the cyber attack starts is a bonus for the victim and it allows the victim to take actions to minimize its damage. However, the last attack did not have an early warning and did not allow any pre-attack cautions.
- Small number of hackers launch the attack: Since there was no public campaign before the attack started the number of hackers who launched the attack was fairly small. This attack was invoked by several hackers, probably located near from the victim, and they were very coordinated in their activities.
- Small number of attacking bots: In previous Anonymous attacks, many hundreds of bots were used to take down the victim’s online services, but in this case only several dozens of bots were involved, launching a very effective, mid-volume attack on the victim’s website servers.
- Changing attack methods during the attack: The Anonymous attackers activated at least four different attack methods during the attack and they switched between the methods when they realized that a method has been mitigated. Each method involves different attack tools and requires unique mitigation techniques.
High-profile organizations and businesses that are the target of Anonymous they may not receive a public campaign before an attack on them nor be given an early warning. They also may face more sophisticated attacks that can be launched by a small group of hackers with limited number of attacking bots. In addition, the attackers will use multiple attack methods and will switch between them during the attack to maximize their effectiveness. Therefore, organizations should adopt a comprehensive attack mitigation solution that can respond in real time and mitigate various attack vectors.