Pro-Palestinian Actor Levels 6-Day DDoS Attack on UAE Bank

  /     /     /  
Publicated : 23/11/2024   Category : security


Pro-Palestinian Actor Levels 6-Day DDoS Attack on UAE Bank


DDoS cyberattack campaign averaged 4.5 million requests per second, putting the bank under attack 70% of the time.



A distributed denial-of-service (DDoS) attack targeting a financial institution in the United Arab Emirates set records for the duration of the cyberattack and the sustained volume of requests.
The attack — attributed to pro-Palestinian hacktivist group BlackMeta, also known as DarkMeta — lasted six days and included multiple waves of Web requests lasting anywhere from four to 20 hours, targeting the financial institutions site. Overall, it lasted more than 100 hours in total, averaging 4.5 million requests per second, cybersecurity firm Radware stated in an advisory published this week.
The DDoS attack represents a significant departure from the standard hacktivist denial-of-service attacks, says Pascal Geenens, director of threat intelligence for Radware.
Those attacks were lasting between 60 seconds and five minutes — they came, they hit hard, and they go away after one to five minutes, he says. Now, in the case of this attack, the campaign in total lasted six days, and in those six days, 70% of the time, that customer was being targeted by an average of 4.5 million requests.
BlackMeta, also known as SN_BlackMeta, appeared in November 2023 and has a history of claiming responsibility for attacks against organizations in Israel, the United Arab Emirates, and the United States. In May, the group claimed responsibility for a multiday
denial-of-service attack on the San Francisco-based Internet Archive
. In April, the group
claimed to have attacked
the Israel-based infrastructure of the Orange Group, a French provider of telecommunication services in Europe, the Middle East, and Africa. The group also targeted organizations in Saudi Arabia, Canada, and the United Arab Emirates.
The BlackMeta group announced its intent to attack the financial institution on Telegram in the days leading up to the operation. The cyberattack inundated the financial firms website with requests, causing the share of legitimate requests to plummet to as low as 0.002%, with an average of 0.12%. The attacks continued for 70% of the time during the six-day period.
The attackers used a cybercrime service known as InfraShutdown, which allows attackers to target sites for $500 to $625 a week,
according to Radwares advisory
.
BlackMeta is primarily motivated by a pro-Palestinian ideology, but similar to Anonymous Sudan, has an anti-Western stance, and appears to have links with Russia, and uses Arabic, English, and Russian in its posts, Radware stated.
The group positions its attacks as retribution for perceived injustices against Palestinians and Muslims, the company stated. Their targets typically include critical infrastructure such as banking systems, telecommunication services, government websites and major tech companies, all reflecting a strategy to disrupt entities viewed as complicit in or supportive of their adversaries.
BlackMeta is likely a rebrand of Anonymous Sudan, a group that made a name for itself last year
attacking targets along with the loose-knit pro-Russian Killnet group,
according to the researchers. Anonymous Sudan
targeted Israeli organizations
and
the encrypted messaging service Telegram
in 2023. Comparing the number of claimed attacks by month over the past year and a half shows Anonymous Sudans activity dwindling at the same time that BlackMetas was ramping up.
Anonymous Sudan advertised its InfraShutdown DDoS attack service during previous attacks, urging other would-be attackers to sign up, which means the group is likely financially benefiting from its hacktivism.
If the actors behind [BlackMeta] are in any way related to or support Anonymous Sudan, the premium InfraShutdown service is highly likely to be the origin of the 14.7 million [requests-per-second], 100-hour attack campaign, Radware stated in its advisory
Rate-limiting the bandwidth during such attacks is not a solution to sustained application-layer attacks, because a company would have to be able to differentiate between the 1.5 billion legitimate requests reaching the website over a six-day period, and the 1.25
trillion
malicious requests targeting the site, Geenens says.
With the attacks going to Layer 7 — the application layer — the problem has shifted, he says. Before we were at the network level, you could use a firewall, but that is too much processing power, so we moved to network protection. But when you move one layer up [to Layer 7], they can target specific pages and randomize the queries that they put in, so they make it look like legitimate posts.

Last News

▸ Criminal Possession of Government-Grade Stealth Malware ◂
Discovered: 23/12/2024
Category: security

▸ Senate wants changes to cybercrime law. ◂
Discovered: 23/12/2024
Category: security

▸ Car Sector Speeds Up In Security. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Pro-Palestinian Actor Levels 6-Day DDoS Attack on UAE Bank