Under Attack?
Search
Menu
  • Blog
  • DDoS Attacks
  • Anonymous Attacks – You Don’t Need a Big Crowd in Order to Take Down a Website

Anonymous Attacks – You Don’t Need a Big Crowd in Order to Take Down a Website

By Ronen KenigMarch 9, 2012

In the past year we used to see large campaigns by the anonymous group before launching a cyber attack. The purpose of the campaign is mainly to recruit additional members and volunteers to amplify the DDoS attack and to generate large volume of traffic in order to shut down the victim’s website and online services.

However, this pattern might have changed.  Last week attacks that were launched by Anonymous on several Italian organizations reveal a new behavioral pattern for the hacktivists group:

  1. No public campaign before the attack: Unlike previous attacks, in the recent attack there was not a campaign to recruit volunteers and additional computes to perform the attack. This group of Anonymous believes that they can take down a website without a massive number of attackers.
  2. No early warning: An early warning before the cyber attack starts is a bonus for the victim and it allows the victim to take actions to minimize its damage. However, the last attack did not have an early warning and did not allow any pre-attack cautions.
  3. Small number of hackers launch the attack: Since there was no public campaign before the attack started the number of hackers who launched the attack was fairly small. This attack was invoked by several hackers, probably located near from the victim, and they were very coordinated in their activities.
  4. Small number of attacking bots: In previous Anonymous attacks, many hundreds of bots were used to take down the victim’s online services, but in this case only several dozens of bots were involved, launching a very effective, mid-volume attack on the victim’s website servers.
  5.  Changing attack methods during the attack: The Anonymous attackers activated at least four different attack methods during the attack and they switched between the methods when they realized that a method has been mitigated. Each method involves different attack tools and requires unique mitigation techniques.

Lessons Learned

High-profile organizations and businesses that are the target of Anonymous they may not receive a public campaign before an attack on them nor be given an early warning.  They also may face more sophisticated attacks that can be launched by a small group of hackers with limited number of attacking bots. In addition, the attackers will use multiple attack methods and will switch between them during the attack to maximize their effectiveness. Therefore, organizations should adopt a comprehensive attack mitigation solution that can respond in real time and mitigate various attack vectors.

Posted in: DDoS Attacks SecurityTags:

Ronen Kenig

Ronen manages the global marketing strategy for Radware’s Security products. His responsibilities include the planning, positioning and go-to-market strategy for all Security products activities worldwide. An industry expert, Ronen has more than 14 years experience in managing R&D and marketing products in the networking infrastructure, Security and application delivery sectors. Ronen writes about Security threats and solutions, application delivery, and cloud computing.

Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Contact Us Now

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Locations
Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support
Join the Radware Customer Program

CyberPedia

An Online Encyclopedia Of Cyberattack and Cybersecurity Terms

CyberPedia
What is WAF?
What is DDoS?
Bot Detection
ARP Spoofing

Get Social

Connect with experts and join the conversation about Radware technologies.

Blog
Security Research Center
Close

What are you looking for?