March 2012 – Radware’s ERT Busiest Month Ever
Operation Blackout Status:
If you read the press over the weekend, you would have been led to believe that most of Anon’s request for a virtual army fell on deaf ears. To be certain fewer soldiers materialized, and those who did participate were met with even less meaningful impact on their targets than previous efforts.
However, not all was lost. Of the virtual soldiers who decided to pick up their digital battle-axes, they provided enough energy for notable mayhem at a few of the world’s leading organizations.
Radware’s Emergency Response Team (ERT) handled record volumes of engagements and attack mitigation, including assistance to the following organizations over the past five days:
- Four International Telecoms
- A Top-Five World Wide Trading Exchange
- A Major International Bank
- A Major Cloud Provider
- A Major Credit Card / Financial Transaction Processor
- Two International Government Entities
- An International consumer products website
- An International e-Commerce Company
The attack fury was notable in both size and the range of the industries targeted. It appears on the surface that each of the 12 above mentioned organizations had somehow recently grieved one Anon faction or another. Anon seemed to use Operation Blackout as the backdrop to their newly designed attacks. The fact that Operation Blackout was not meaningful only brought these sundry attacks further to the forefront.
Also, a couple of other items of note as there were other strange attributes worth mentioning. First, much of the anticipated attacks on the world’s DNS infrastructure appear to have been bypassed. Operation Blackout appeared to be more of a ruse for your ‘attack du jour’ than a dedicated effort against DNS root servers. Moreover, the apparent attack sophistication and volume levels of those attacks which were directed at DNS servers were not notable or effective over the weekend.
Busiest Attack Week of The Year Brings New Attack Vectors
As mentioned above, Radware’s industry-leading ERT has been busier than ever!
In the month of March, the ERT team has not only been conscripted to assist institutions defend themselves against Hacktivists of all flavors and desires, but they have also witnessed first hand changes in attack techniques and a tools in which attackers are choosing to use above all others. Listed below is a sampling of the more popular attack tools and newer techniques in which the Radware ERT is witnessing:
- Highly Leveraged Attack Tools
- LOIC (UDP & TCP)
- Mobile LOIC
- HOIC (new!)
- RefRef (rising in popularity)
- Socket Stress (rising in popularity)
- R.U.D.Y. (new stalwart)
- New Attack Techniques Witnessed
- Increased effective attacks on Content Delivery Networks (CDNs)
- Increased attacks on Secure Socket Layer (SSL) protections
- Increased attacks on DNS Attack Techniques
The combination of improved multi-vectored attacks along with new attack vulnerabilities continues to make these Hacktivist-oriented attacks very effective at providing outages at targeted victim’s often ignorantly designed infrastructure.
Biggest Month on Record
Keeping in touch with the increased rate of security attacks and incidences, Radware’s ERT team has experienced an amazing growth in assisting clients and prospects through debilitating attacks,responding to six times as many engagements in March 2012 when compared to the same period last year. Moreover, the industries and geographic distribution of the attacks during that period has been amazingly varied. Attacks targeted a wide range of business segments such as government, financial services, hosting and cloud / MSSP with no clear pattern of preferences among hackers.
Percentage of Attacks By Industry
Radware ERT Engagement Growth
As the “Witching Hour” Passed
Thank goodness that Operation Blackout was not the reaper of effective attacks. It is, however, a harbinger of the work we all have a head of us!
Good luck in hunting the technical solutions and partnerships which will assist you through these rather unique days!