Anonymous' DDoS Attack Against Israel Leverages Botnet Network

By | April 19, 2013

Posted in: Network Security Trends , Enterprise DDoS Protection

Botnets were responsible for the recent cyber attack aimed at Israel, according to a review of the incident from Trend Micro.

On April 7, the hacktivist group Anonymous reportedly began a targeted Distributed Denial of Service (DDoS) campaign against various Israeli websites i/blog/wp-admin/post.php?post=6834&action=editn retaliation for the country’s policies towards Hamas and subsequent attacks on the Gaza Strip.

Despite apparent Israeli government remarks that attacks caused little damage, Chris Huang, a big data security analyst at Trend Micro, wrote in a blog post that he had found that the increase in non-Israeli traffic was "well distributed, with users from 27 different countries accessing the targeted sites."

Huang noted that while the targeted sites may have weathered the barrage, it’s the origin of the attacks that should cause some real concern.

"Media coverage of DDoS attacks tend to cover on whether or not the targeted site is knocked offline, and not particularly how they are carried out," Huang wrote. "This is a mistake, as this ignores the fact that many of the 'attackers' are actually systems that have been infected with malware and used to carry out attacks."

Using data collected from Trend’s Smart Protection Network, Huang examined typical incoming traffic to the sites impacted by the April attack. He discovered that on a typical day, 90 percent arrives from within Israel itself. On the day in question, only 9 percent was from within the country.

“Examining the IP addresses that had accessed the target site, we noticed that some of these were known to be parts of various botnets under the control of cybercriminals,” he wrote. “In addition, further investigation revealed that these IP addresses had been previously identified as victims of other attacks like FAKEAV, ransomware, and exploit kits.”

However harmless government officials deem these attacks to be, the source of these exploits is nothing to dismiss.

“These findings highlight how major DDoS attacks are, at least in part, not just carried out by hacker groups like Anonymous but by cybercriminals as well. These attacks are not nearly as ‘harmless’ as some would think,” he added.

You May Also Be Interested In: