Akamai Diversity

The Akamai Blog

OurMine Team Attack Exceeded 117 Gbps

A new hacking group has landed on the Akamai's PLXsert and CSIRT radar for taking responsibility for launching DDoS attacks against several of our customers in the financial services sector.


The entity calls itself the "OurMine Team" and if it is to be believed, it has gained access to one customer's $500,000 account. The group has announced it will give that money to the poor.


This is a relatively new group, which started its Twitter account March 31, 2015. Before it started targeting the financial sector, the group generally discussed and conducted DDoS attacks against gaming services.

Akamai researchers validated several DDoS attacks targeted against financial services customers, though Akamai has so far been able to protect them and prevent outages.

In a post called "The Truth Behind Team OurMine," the Drama Alert blog estimated that OurMine consists of 3-5 people, all from Saudi Arabia, "which makes it very hard to find them."

Meanwhile, multiple groups have claimed to have doxed OurMine.

Social media campaigns 
The group is also taking to Twitter to stir the pot. In one tweet, OurMine announces it has targeted Soundcloud:

OurMineTeam

DDoS attacks mitigated by Akamai

The following is an outline of attacks OurMine Team launched against Akamai customers. Akamai successfully mitigated the attacks:

Start Date - Wednesday, July 22, 2015 


Target Industry = Financial 


Summary of Initial DDoS campaigns:

7/22/15

Financial Organization A
: Peak Bandwidth - 1.11 Gbps | 
Peak packets per second - 327.40 Kpps | 
Attack Type(s) - SSDP Floods

Financial Organization B: 
Peak Bandwidth - 362.09 Mbps | 
Peak packets per second - 975.41 Kpps
 | Attack Type(s) - SYN Floods

Financial Organization C: 
Peak Bandwidth - 5.44 Gbps
 | Peak packets per second - 2.65 Mpps | 
Attack Type(s) - SYN, ICMP, and SSDP Floods

Financial Organization D: 
Peak Bandwidth - 3.35 Gbps | 
Peak packets per second - 1.36 Mpps
 | Attack Type(s) - SYN and SSDP Floods

Financial Organization E: 
Peak Bandwidth - 26.37 Gbps | 
Peak packets per second - 2.84 Mpps
 | Attack Type(s) - UDP Fragment Floods

Financial Organization F: 
Peak Bandwidth - 56.60 Gbps | 
Peak packets per second - 22.02 Mpps | 
Attack Type(s) - SYN, GET, UDP, Reflected DNS, POST, and TCP Flag Floods

Largest mitigated DDoS campaign which occurred the following day:

Peak Bandwidth - 117.35 Gbps | 
Peak packets per second - 18.72 Mpps | 
Attack Type(s) - SYN and GET Floods

The operation is still ongoing with subsequent attacks continuing to targeted our customers throughout the week. We can confirm a total of 9 financial institutions that were targeted on the opening day of this operation.

Customers: What you can do

The Akamai Security Operations Center is open 24/7, and our vast cloud-based mitigation platform is ready to respond. However, there are some proactive steps you can take:

  • Review your playbook with IT and security staff to ensure you are prepared and know what to do in the event of an attack.

  • Ensure all contact numbers and email addresses for key staff have been updated and are correct.

  • Ensure all critical staff are available - if staff are on vacation or absent due to sickness, make sure their responsibilities are covered by others.

  • Stay in close contact with the Akamai SOC and check the Akamai Community Security Space for updates.


Leave a comment