Experts hope for another failure in next Anonymous attack

Twist in the planned U.S. attack is to target small banks

Anonymous' failed attack against Israeli websites last month has left security experts cautiously optimistic that the hacktivist group will be unsuccessful in its plans to disrupt U.S. government and banking sites.

Anonymous plans to launch distributed denial of service (DDoS) attacks on May 7 against nine government sites and more than 130 financial institutions, ranging from the nation's largest to the community banks, according to a Pastebin post. The motive is outrage over what the group calls America's "war crimes."

"America you have committed multiple war crimes in Iraq, Afghanistan, Pakistan, and recently you have committed war crimes in your own country. ...Now it is our time for our Lulz (fun)," the group said on another Pastebin post.

DDoS attacks have become a continuous occurrence for financial and government organizations. () For example, an Islamic group that calls itself the Izz ad-Din al-Qassam Cyber Fighters has launched several waves of attacks against U.S. banks starting last September. ( In the latest assault, which began Feb. 25 and is ongoing, the group targeted financial brokerages, apparently hoping they would be less prepared than the banks. U.S. government officials believe Iran is behind the attacks.

Because of al-Qassam, security experts believe the largest banks are well prepared for Anonymous, if its so-called "OpIsrael" is any indication. Where al-Qassam has used the traffic-generating muscle of a server botnet to try to overwhelm banking sites, Anonymous had no botnet in attacking Israeli sites, none of which suffered any major disruption.

[Also see: The DDoS survival guide, 2013 edition]

"The objective of OpIsrael was to take the country off the Internet and there was nothing close to it," said Ronen Kenig, director of security product marketing at Radware.

While Anonymous has not described its attack methods or tools for what it calls OpUSA, Radware assumes they will be similar to ones used in OpIsrael. In that assault, Anonymous used common DDoS tools such as Mobile LOIC, LOIC and HOIC in an attempt to saturate a target's bandwidth. The attackers also tried to consume Web server resources by using tools such as Slowloris, Pyloris and R.U.D.Y. to push traffic over HTTP and HTTPS protocols.

A twist in the planned U.S. attack is to also target small banks, which are unlikely to have the same level of sophistication in their defenses as the nation's largest financial institutions. Big banks often have dedicated staff, a lot more bandwidth and the technology for DDoS detection and mitigation.

"The smaller institutions certainly have less resources at their disposal and they have had a harder time defending against these attacks," Gary Sockrider, solutions architect for Arbor Networks, said.

Whether the next Anonymous attacks are successful, DDoS attacks as a whole are becoming more worrisome, said Avivah Litan, an analyst for Gartner. That is because the attackers are gradually building larger botnets with massive firepower and developing better tools to attack the application layer of sites, which are more vulnerable and do not require a huge amount of traffic.

With each attack, groups like Anonymous also gain knowledge for how to make the next assault more effective. "The whole situation is not very comfortable because there's not a good solution," Litan said.

Read more about malware/cybercrime in CSOonline's Malware/Cybercrime section.

Join the CSO newsletter!

Error: Please check your email address.

Tags OpIsraelapplicationsLulzseclegalsoftwarePastebindata protectioncybercrimeAnonymoushacktivismData Protection | Malwareddos

More about Arbor NetworksArbor NetworksGartnerRadware

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Antone Gonsalves

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place