May 16, 2016 By Michelle Alvarez 3 min read

With the recent relaunch of Operation Icarus, the hacktivism group Anonymous is back in the spotlight. This campaign is centered on committing distributed denial-of-service (DDoS) attacks targeting banks around the world. Its latest alleged victims? The Bank of Greece and the Central Bank of Cyprus, among others.

According to HackRead, the Bank of Greece websites experienced a series of outages that alleged Anonymous members claim is the result of DDoS attacks causing servers to remain offline for several hours. In a statement to Reuters, a bank official explained, “The attack lasted for a few minutes and was successfully tackled by the bank’s security systems.”

Motivated by political or social interests, Anonymous is a somewhat disconnected collection of self-interested groups. However, with an issue that resonates with the wider collective, such as the corruption of financial institutions — the reported motivation behind Operation Icarus — Anonymous is still capable of significant attacks. In another recent example, Anonymous hacktivists claimed to target the servers of Thailand’s police, stealing and leaking private information about its officers and evidence.

Hacktivism Over Time

The alleged DDoS attacks against the Bank of Greece and Central Bank of Cyprus are just two incidents in a long list of alleged and actual attacks that fall under hacktivism. This type of cyberattack is not a new phenomenon, and Anonymous is not the only hacktivist group making headlines.

There have been numerous campaigns or operations from multiple groups over the years. IBM X-Force security incident data tracked more than 180 incidents involving hacktivists since 2011.

Source: IBM X-Force

Of the incidents where the attack type is known, more than 70 percent involved DDoS attacks. While just over half of the targets have been based in the U.S., organizations in countries across the globe have been affected — from Canada to Germany, from South Africa to Hong Kong.

In terms of industries targeted, one might think hacktivists would mostly go after governments. Although this did rank second, it only made up approximately 28 percent of the targets.

Don’t Base Your DDoS Mitigation Strategy Around a Particular Campaign

With the launch of each new operation, IBM Security customers often look for guidance on how to respond. Separating fact from fiction can be a challenge, especially considering the recent revelations that fake DDoS threats have netted over $100,000 by cautious businesses who were willing to pay for protection from a perceived threat.

Sometimes it’s like the boy who cried wolf: There is little risk of attacks being carried out, and the campaign ends up being more like a hoax. However, many threats have come to fruition, and the proverbial wolf has shown up.

So how much weight should be given to these operations? It’s difficult to quantify. The situations are often dynamic and subject to change. It’s important for organizations to remain vigilant if they’re the target of one of these DDoS campaigns — even if their name does not appear on a target list.

Prevention Strategies for DDoS Attacks

There are multiple ways to help proactively prevent DDoS attacks:

  • Applying software updates and patches helps to prevent buffer overflows and the exploitation of software vulnerabilities.
  • Intrusion prevention systems (IPS) can act as a first line of defense for some types of denial-of-service attacks and can mitigate targeted attacks that often occur under the cover of a DDoS.
  • Proper configuration of firewalls and access control lists can mitigate other attack vectors.
  • If you have a website, contact your Internet service provider (ISP) and specifically ask how it protects against DDoS attacks. A good starting point is to look at the ISP’s terms and conditions.
  • Consider a managed security solution that deflects and absorbs DDoS traffic in the cloud before it reaches the target.
  • With some DDoS attacks, it’s difficult to distinguish the legitimate traffic from the malicious. In this case, the best defense is a comprehensive incident response plan including failovers and methodology for identifying, analyzing and neutralizing the threat.
  • Test your protection and your team’s response capabilities by simulating DDoS attacks. Regularly scheduled attack simulations allow companies to measure their reaction and protection levels within a controlled environment.

For more guidance on how to protect your company from these kinds of attacks, the IBM white paper “Extortion by Distributed Denial of Service Attack” provides additional recommendations for threat prevention and mitigation.

More from Advanced Threats

GootBot – Gootloader’s new approach to post-exploitation

8 min read - IBM X-Force discovered a new variant of Gootloader — the "GootBot" implant — which facilitates stealthy lateral movement and makes detection and blocking of Gootloader campaigns more difficult within enterprise environments. X-Force observed these campaigns leveraging SEO poisoning, wagering on unsuspecting victims' search activity, which we analyze further in the blog. The Gootloader group’s introduction of their own custom bot into the late stages of their attack chain is an attempt to avoid detections when using off-the-shelf tools for C2…

Black Hat 2022 Sneak Peek: How to Build a Threat Hunting Program

4 min read - You may recall my previous blog post about how our X-Force veteran threat hunter Neil Wyler (a.k.a “Grifter”) discovered nation-state attackers exfiltrating unencrypted, personally identifiable information (PII) from a company’s network, unbeknownst to the security team. The post highlighted why threat hunting should be a baseline activity in any environment. Before you can embark on a threat hunting exercise, however, it’s important to understand how to build, implement and mature a repeatable, internal threat hunting program. What are the components…

Top-Ranking Banking Trojan Ramnit Out to Steal Payment Card Data

4 min read - Shopping online is an increasingly popular endeavor, and it has accelerated since the COVID-19 pandemic. Online sales during the 2021 holiday season rose nearly 9% to a record $204.5 billion. Mastercard says that shopping jumped 8.5% this year compared to 2020 and 61.4% compared to pre-pandemic levels. Cyber criminals are not missing this trend. The Ramnit Trojan, in particular, is out for a shopping spree that’s designed to take over people’s online accounts and steal their payment card data. IBM…

Detections That Can Help You Identify Ransomware

12 min read - One of the benefits of being part of a global research-driven incident response firm like X-Force Incidence Response (IR) is that the team has the ability to take a step back and analyze incidents, identifying trends and commonalities that span geographies, industries and affiliations. Leveraging that access and knowledge against the ransomware threat has revealed tools, techniques and procedures that can often be detected through the default Windows event logs (WELs). In particular, the X-Force IR team has identified several…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today