Akamai Diversity

The Akamai Blog

Multiple DDoS Attacks Possible Amid Action in Syria, 9-11 Anniversary

Emotions will already be high next week with the 12th anniversary of the 9-11 attacks. On top of that, Congress is expected to debate and possibly authorize military action in Syria. This has Akamai InfoSec's CSIRT team on high alert.

In recent weeks we've told you about the activities of the Syrian Electronic Army (SEA)a pro-Assad hacking group. Mike Kun and Patrick Laverty, two of our CSIRT team members, have been tracking the potential dangers for next week. 

What follows is an analysis they've written to warn customers and the general public. It also includes defensive measures organizations can take to blunt any impact.

With the possibility that the US Congress will authorize military action in Syria next week, we at Akamai are on high alert. We are also recommending that our customers do the same. It is very likely that the Syrian Electronic Army (SEA) will use the debate and vote on US military intervention in Syria to justify additional attacks.

The SEA attacks primarily via social engineering. In the past month they were able to compromise a DNS registrar and modify DNS zone files as well as an advertising network in order to insert malicious javascript. While normally DOS attacks consists of traffic floods to a target, the SEA is adept at denying access to web servers without directly attacking the target.

Akamai recommends the following steps to prevent similar attacks:

In addition to the SEA, we believe that other organizations will take advantage of the political situation and proximity to 9-11 to launch attacks. 

Al-Qussam Cyber Fighters (QCF) have not attacked as expected during Operation Ababil phase IV, but they have been maintaining the Brobot botnet and recruiting new nodes. It is possible that the QCF will attack again in the next week, hoping to take advantage of the confusion of other attackers. The QCF is primarily interested in targeting financial institutions, banks and brokerages with volumetric DDOS attacks. Firms in this sector should be prepared for the possibility of attacks by the Brobot botnet

Members of the Anonymous hacktivist collective are working to gather support among Muslim hackers for OpIsrael Reborn and threatening attacks on both Israeli and US websites.

Other attempts at widespread disruption by Anonymous in both OpIsrael and OpUSA had only minimal success with website defacements using cross-site scripting (XSS) and data exfiltration via SQL injection, but companies should be prepared for these kinds of attacks as well.

The confluence of the anniversary of 9-11 and the possibility of a declaration of US intervention in Syria makes next week an especially tempting one for hacktivists. Any organization with a web presence should make preparations to defend themselves from:

  • Volumetric DDOS attacks
  • Social engineering and phishing attacks
  • Attacks via third party code
  • Attacks on DNS infrastructure.

1 Comment

A very good article well written :)