Izz ad-Din al-Qassam Cyber Fighters have re-initiated their campaign against US financial institutions. Security experts from Arbor Networks have analyzed these attacks and they reveal that some of them were as large as 60Gbps.
The first series of distributed denial-of-service (DDOS) attacks launched by the hacktivists back in September used a lot of compromised PHP web applications as bots.
One of the most important PHP-based tools utilized at the time was Brobot. KamiKaze and AMOS were also used, but not as often as Brobot, which is also known as “itsoknoproblembro.”
“The attack tactics observered were a mix of application layer attacks on HTTP, HTTPS and DNS with volumetric attack traffic on a variety of TCP, UDP, ICMP and other IP protocols. The other obvious and uncommon factor at play was the launch of simultaneous attacks, at high bandwidth, to multiple companies in the same vertical,” experts said about the first round of attacks.
This week’s attacks looked similar to the ones that used Brobot, but some changes have been made.
“Some attacks looked similar in construction to Brobot v1, however there is a newly crafted DNS packet attack and a few other attack changes in Brobot v2,” experts wrote.
They emphasize that despite the fact that some of the attacks were 60Gbps in size, this is not what makes them so significant. Instead, it’s the fact that they’re focused and part of an ongoing campaign.
Arbor warns that the intrusion prevention systems (IPS) and the firewalls deployed by many enterprises are not effective in dealing with DDOS attacks. Instead, organizations need to use an on-premises DDOS mitigation solution.
The latest cyberattacks have demonstrated that the popularity of DDOS continues to grow as it has become an increasingly complex attack vector.