May 16, 2016 By Michelle Alvarez 3 min read

With the recent relaunch of Operation Icarus, the hacktivism group Anonymous is back in the spotlight. This campaign is centered on committing distributed denial-of-service (DDoS) attacks targeting banks around the world. Its latest alleged victims? The Bank of Greece and the Central Bank of Cyprus, among others.

According to HackRead, the Bank of Greece websites experienced a series of outages that alleged Anonymous members claim is the result of DDoS attacks causing servers to remain offline for several hours. In a statement to Reuters, a bank official explained, “The attack lasted for a few minutes and was successfully tackled by the bank’s security systems.”

Motivated by political or social interests, Anonymous is a somewhat disconnected collection of self-interested groups. However, with an issue that resonates with the wider collective, such as the corruption of financial institutions — the reported motivation behind Operation Icarus — Anonymous is still capable of significant attacks. In another recent example, Anonymous hacktivists claimed to target the servers of Thailand’s police, stealing and leaking private information about its officers and evidence.

Hacktivism Over Time

The alleged DDoS attacks against the Bank of Greece and Central Bank of Cyprus are just two incidents in a long list of alleged and actual attacks that fall under hacktivism. This type of cyberattack is not a new phenomenon, and Anonymous is not the only hacktivist group making headlines.

There have been numerous campaigns or operations from multiple groups over the years. IBM X-Force security incident data tracked more than 180 incidents involving hacktivists since 2011.


Source: IBM X-Force

Of the incidents where the attack type is known, more than 70 percent involved DDoS attacks. While just over half of the targets have been based in the U.S., organizations in countries across the globe have been affected — from Canada to Germany, from South Africa to Hong Kong.

In terms of industries targeted, one might think hacktivists would mostly go after governments. Although this did rank second, it only made up approximately 28 percent of the targets.

Don’t Base Your DDoS Mitigation Strategy Around a Particular Campaign

With the launch of each new operation, IBM Security customers often look for guidance on how to respond. Separating fact from fiction can be a challenge, especially considering the recent revelations that fake DDoS threats have netted over $100,000 by cautious businesses who were willing to pay for protection from a perceived threat.

Sometimes it’s like the boy who cried wolf: There is little risk of attacks being carried out, and the campaign ends up being more like a hoax. However, many threats have come to fruition, and the proverbial wolf has shown up.

So how much weight should be given to these operations? It’s difficult to quantify. The situations are often dynamic and subject to change. It’s important for organizations to remain vigilant if they’re the target of one of these DDoS campaigns — even if their name does not appear on a target list.

Prevention Strategies for DDoS Attacks

There are multiple ways to help proactively prevent DDoS attacks:

  • Applying software updates and patches helps to prevent buffer overflows and the exploitation of software vulnerabilities.
  • Intrusion prevention systems (IPS) can act as a first line of defense for some types of denial-of-service attacks and can mitigate targeted attacks that often occur under the cover of a DDoS.
  • Proper configuration of firewalls and access control lists can mitigate other attack vectors.
  • If you have a website, contact your Internet service provider (ISP) and specifically ask how it protects against DDoS attacks. A good starting point is to look at the ISP’s terms and conditions.
  • Consider a managed security solution that deflects and absorbs DDoS traffic in the cloud before it reaches the target.
  • With some DDoS attacks, it’s difficult to distinguish the legitimate traffic from the malicious. In this case, the best defense is a comprehensive incident response plan including failovers and methodology for identifying, analyzing and neutralizing the threat.
  • Test your protection and your team’s response capabilities by simulating DDoS attacks. Regularly scheduled attack simulations allow companies to measure their reaction and protection levels within a controlled environment.

For more guidance on how to protect your company from these kinds of attacks, the IBM white paper “Extortion by Distributed Denial of Service Attack” provides additional recommendations for threat prevention and mitigation.

More from Advanced Threats

Phishing kit trends and the top 10 spoofed brands of 2023

4 min read -  The 2024 IBM X-Force Threat Intelligence Index reported that phishing was one of the top initial access vectors observed last year, accounting for 30% of incidents. To carry out their phishing campaigns, attackers often use phishing kits: a collection of tools, resources and scripts that are designed and assembled to ease deployment. Each phishing kit deployment corresponds to a single phishing attack, and a kit could be redeployed many times during a phishing campaign. IBM X-Force has analyzed thousands of…

Grandoreiro banking trojan unleashed: X-Force observing emerging global campaigns

16 min read - Since March 2024, IBM X-Force has been tracking several large-scale phishing campaigns distributing the Grandoreiro banking trojan, which is likely operated as a Malware-as-a-Service (MaaS). Analysis of the malware revealed major updates within the string decryption and domain generating algorithm (DGA), as well as the ability to use Microsoft Outlook clients on infected hosts to spread further phishing emails. The latest malware variant also specifically targets over 1500 global banks, enabling attackers to perform banking fraud in over 60 countries…

A spotlight on Akira ransomware from X-Force Incident Response and Threat Intelligence

7 min read - This article was made possible thanks to contributions from Aaron Gdanski.IBM X-Force Incident Response and Threat Intelligence teams have investigated several Akira ransomware attacks since this threat actor group emerged in March 2023. This blog will share X-Force’s unique perspective on Akira gained while observing the threat actors behind this ransomware, including commands used to deploy the ransomware, active exploitation of CVE-2023-20269 and analysis of the ransomware binary.The Akira ransomware group has gained notoriety in the current cybersecurity landscape, underscored…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today