Multiple DDoS Attacks Possible Amid Action in Syria, 9-11 Anniversary

Emotions will already be high next week with the 12th anniversary of the 9-11 attacks. On top of that, Congress is expected to debate and possibly authorize military action in Syria. This has Akamai InfoSec's CSIRT team on high alert.

In recent weeks we've told you about the activities of the Syrian Electronic Army (SEA), a pro-Assad hacking group. Mike Kun and Patrick Laverty, two of our CSIRT team members, have been tracking the potential dangers for next week.

What follows is an analysis they've written to warn customers and the general public. It also includes defensive measures organizations can take to blunt any impact.

Additional reading:

DDoS attack trends as outlined in Akamai's latest State of the Internet report
Security Awareness Programs: Better Than Nothing
How Akamai eDNS Protects Against DNS Attacks
DNS reflection defense
eDNS page on the Akamai website

***

With the possibility that the US Congress will authorize military action in Syria next week, we at Akamai are on high alert. We are also recommending that our customers do the same. It is very likely that the Syrian Electronic Army (SEA) will use the debate and vote on US military intervention in Syria to justify additional attacks.

The SEA attacks primarily via social engineering. In the past month they were able to compromise a DNS registrar and modify DNS zone files as well as an advertising network in order to insert malicious javascript. While normally DOS attacks consists of traffic floods to a target, the SEA is adept at denying access to web servers without directly attacking the target.

Akamai recommends the following steps to prevent similar attacks:

Place a transfer lock on your domain registration
Be ready to delete or shut off any trusted third-party content on your sites, in the event they are compromised
Be more vigilant monitoring the health (and existence!) of your websites
Remind employees to be wary of social engineering and phishing attempts
Ensure that key personnel is available and ready if a situation does arise

In addition to the SEA, we believe that other organizations will take advantage of the political situation and proximity to 9-11 to launch attacks.

Al-Qussam Cyber Fighters (QCF) have not attacked as expected during Operation Ababil phase IV, but they have been maintaining the Brobot botnet and recruiting new nodes. It is possible that the QCF will attack again in the next week, hoping to take advantage of the confusion of other attackers. The QCF is primarily interested in targeting financial institutions, banks and brokerages with volumetric DDOS attacks. Firms in this sector should be prepared for the possibility of attacks by the Brobot botnet.

Members of the Anonymous hacktivist collective are working to gather support among Muslim hackers for OpIsrael Reborn and threatening attacks on both Israeli and US websites.

Other attempts at widespread disruption by Anonymous in both OpIsrael and OpUSA had only minimal success with website defacements using cross-site scripting (XSS) and data exfiltration via SQL injection, but companies should be prepared for these kinds of attacks as well.

The confluence of the anniversary of 9-11 and the possibility of a declaration of US intervention in Syria makes next week an especially tempting one for hacktivists. Any organization with a web presence should make preparations to defend themselves from:

Volumetric DDOS attacks
Social engineering and phishing attacks
Attacks via third party code
Attacks on DNS infrastructure.

Multiple DDoS Attacks Possible Amid Action in Syria, 9-11 Anniversary

Categories:

Tags:

1 Comment

Leave a comment