A new hacking group has landed on the Akamai's PLXsert and CSIRT radar for taking responsibility for launching DDoS attacks against several of our customers in the financial services sector.
The entity calls itself the "OurMine Team" and if it is to be believed, it has gained access to one customer's $500,000 account. The group has announced it will give that money to the poor.
This is a relatively new group, which started its Twitter account March 31, 2015. Before it started targeting the financial sector, the group generally discussed and conducted DDoS attacks against gaming services.
Akamai researchers validated several DDoS attacks targeted against financial services customers, though Akamai has so far been able to protect them and prevent outages.
In a post called "The Truth Behind Team OurMine," the Drama Alert blog estimated that OurMine consists of 3-5 people, all from Saudi Arabia, "which makes it very hard to find them."
Meanwhile, multiple groups have claimed to have doxed OurMine.
Social media campaigns The group is also taking to Twitter to stir the pot. In one tweet, OurMine announces it has targeted Soundcloud:
DDoS attacks mitigated by Akamai
The following is an outline of attacks OurMine Team launched against Akamai customers. Akamai successfully mitigated the attacks:
Start Date - Wednesday, July 22, 2015
Target Industry = Financial
Summary of Initial DDoS campaigns:
7/22/15
Financial Organization A : Peak Bandwidth - 1.11 Gbps | Peak packets per second - 327.40 Kpps | Attack Type(s) - SSDP Floods
Financial Organization B: Peak Bandwidth - 362.09 Mbps | Peak packets per second - 975.41 Kpps | Attack Type(s) - SYN Floods
Financial Organization C: Peak Bandwidth - 5.44 Gbps | Peak packets per second - 2.65 Mpps | Attack Type(s) - SYN, ICMP, and SSDP Floods
Financial Organization D: Peak Bandwidth - 3.35 Gbps | Peak packets per second - 1.36 Mpps | Attack Type(s) - SYN and SSDP Floods
Financial Organization E: Peak Bandwidth - 26.37 Gbps | Peak packets per second - 2.84 Mpps | Attack Type(s) - UDP Fragment Floods
Financial Organization F: Peak Bandwidth - 56.60 Gbps | Peak packets per second - 22.02 Mpps | Attack Type(s) - SYN, GET, UDP, Reflected DNS, POST, and TCP Flag Floods
Largest mitigated DDoS campaign which occurred the following day:
Peak Bandwidth - 117.35 Gbps | Peak packets per second - 18.72 Mpps | Attack Type(s) - SYN and GET Floods
The operation is still ongoing with subsequent attacks continuing to targeted our customers throughout the week. We can confirm a total of 9 financial institutions that were targeted on the opening day of this operation.
Customers: What you can do
The Akamai Security Operations Center is open 24/7, and our vast cloud-based mitigation platform is ready to respond. However, there are some proactive steps you can take:
Review your playbook with IT and security staff to ensure you are prepared and know what to do in the event of an attack.
Ensure all contact numbers and email addresses for key staff have been updated and are correct.
Ensure all critical staff are available - if staff are on vacation or absent due to sickness, make sure their responsibilities are covered by others.
Stay in close contact with the Akamai SOC and check the Akamai Community Security Space for updates.
Leave a comment