DDoS Attack Lasted for 6 Days, Record created for Cyberattack


A financial institution in the Middle East endured a record-breaking Distributed Denial of Service (DDoS) attack for six days.

The attack, orchestrated by the hacktivist group SN_BLACKMETA, set a new benchmark for the duration and intensity of such cyberattacks.

EHA

The relentless assault, consisting of multiple waves, highlighted the growing sophistication and persistence of cyber threat actors in the digital age.

The Attack Unfolds

The attack campaign, which spanned six days, involved ten waves of DDoS attacks, each lasting four to twenty hours. In total, the financial institution faced 100 hours of sustained attack time.

The average rate of malicious requests was 4.5 million per second (RPS), peaking at 14.7 million RPS. This overwhelming volume of traffic aimed to cripple the institution’s web applications and services.

Statistics of the ten-wave, six-day Web DDoS attack campaign
Statistics of the ten-wave, six-day Web DDoS attack campaign

During the attack, the ratio of legitimate to malicious web requests dropped to as low as 0.002%, averaging 0.12%.

Radware’s Web DDoS Protection Services were crucial in mitigating the impact. They successfully blocked over 1.25 trillion malicious web requests while allowing 1.5 billion legitimate requests to pass through.

A few days before the attack, the hacktivist group SN_BLACKMETA announced their intentions on their Telegram channel.

Join our free webinar to learn about combating slow DDoS attacks, a major threat today.

Radware’s Cyber Threat Intelligence (CTI) team attributed the attack to this group based on their known motivations and previous activities.

The infrastructure used in the attack was likely part of the InfraShutdown DDoS-for-hire service, a premium service with subscription fees ranging from $500 for a week to $2,500 for a month.

SN_BLACKMETA emerged as a significant player in the cyber warfare landscape in late 2023. Initially targeting Israeli and Palestinian infrastructure, the group quickly expanded its operations to include a wide range of targets across the globe.

Their attacks are ideologically driven, primarily motivated by pro-Palestinian sentiments and opposition to perceived injustices against Muslims.

SN_BLACKMETA Telegram Channel
SN_BLACKMETA Telegram Channel

The six-day attack on the Middle Eastern financial institution is just one example of SN_BLACKMETA’s capabilities.

The group has a history of targeting critical infrastructure, including banking systems, telecommunication services, government websites, and major tech companies.

Their strategy is to disrupt entities they view as adversaries or complicit in actions against their cause. SN_BLACKMETA is not shy about publicizing its successes.

They regularly update their audience with screenshots and links to validate their claims, leveraging user complaints and third-party validations to substantiate the impact of their operations.

This transparency legitimizes their actions, rallies support, and garners attention from wider media channels.

Possible Geographical Ties

Based on observed timestamps and activity patterns, it is plausible that the actors behind these attacks operate in a time zone close to Moscow Standard Time (MSK, UTC+3) or other Middle Eastern or Eastern European time zones (UTC+2 to UTC+4).

There are also indications that the group could be pro-Sudanese, with “SN” potentially standing for “Sudan.”

Number of attacks over time and targeted countries for Anonymous Sudan and SN_BLACKMETA
Number of attacks over time and targeted countries for Anonymous Sudan and SN_BLACKMETA

InfraShutdown: A Premium DDoS-for-Hire Service

The attack on the financial institution might have been facilitated by the InfraShutdown DDoS-for-hire service launched by Anonymous Sudan in February 2024.

This service offers tailored DDoS attacks with military-grade privacy, targeting critical infrastructures, financial systems, and telecommunication networks.

The six-day DDoS attack underscores the need for robust cybersecurity measures. Mitigating such prolonged and intense attacks requires a capable Web DDoS mitigation infrastructure with adequate capacity.

Simple rate limiting is insufficient; the mitigation solution must effectively differentiate between legitimate and malicious web requests.

The record-breaking DDoS attack on the Middle Eastern financial institution is a stark reminder of the evolving threats in the cyber landscape.

As hacktivist groups like SN_BLACKMETA continue to refine their tactics and expand their targets, organizations worldwide must remain vigilant and invest in advanced cybersecurity defenses to protect against such sophisticated attacks.

Understanding the motivations, operational patterns, and affiliations of groups like SN_BLACKMETA is crucial for global cybersecurity efforts.

As these groups evolve, so too must the strategies and technologies used to defend against them. The six-day DDoS attack is a wake-up call for organizations to bolster their defenses and prepare for the ever-changing landscape of cyber threats.

Protect Your Business Emails From Spoofing, Phishing & BEC with AI-Powered Security | Free Demo



Source link