We all remember the debated attacks of Anonymous collective against Israeli government that targeted various websites of the country last April 7th. The data on the cyber attacks reported by Israel government are really different from the one provided by the group of hacktivists in the damage report for #OpIsrael that account for a Total damage of $3-plus billion damage.
The hackers hit the principal web sites of the country with a series of powerful DDoS attacks, but how the attackers did it?
The most plausible hypothesis is that Anonymous gathered control of a huge quantity of machine infected with a malware.
The researchers in TrendMicro use data collected by the Smart Protection Network, “a cloud-based security infrastructure that rapidly and accurately collects and identifies new threats, delivering instant protection for data wherever it resides.”
Analyzing traffic directed to one of the hit website the expert discovered that meanwhile usually more of 90% of the traffic is originated in Israel, during the attack on April 7th this percentage has fallen to 9%as shown in the following chart:
The attackers haven’t used compromised machines within Israel as usual happen, but the traffic coming from outside the Israeli networks appearing well distributed from 27 countries. The histogram below shows the spike in traffic during the attacks:
As usual I desire to reflect with you on the data:
According to TrendMicro many IP addresses involved in the attacks were related to machine belonging to known botnets under the control of cyber criminals. Which is the link between Anonymous and cybercrime?
Here you are my hypothesis:
The investigation added another interesting element, the IP addresses used in the attacks had been previously identified as victims of other attacks like exploit kits, fake antivirus applications and ransomware.
TrendMicro post states:
“These attacks are not nearly as “harmless” as some would think.” “These findings highlight how major DDoS attacks are, at least in part, not just carried out by hacker groups like Anonymous but by cybercriminals as well. These attacks are not nearly as “harmless” as some would think.”
I agree, underestimate these attacks is stupid, these events must be analyzed in detail trying to identify the attackers and related motivations, but above all the real targets of the offensive …
Are we sure the websites hit was really the targets of the attacks? Is it possible that third part actors were silently attacking other infrastructures?
In my opinion Anonymous has received a great and unexpected support from other entities …
Does the collective really want this? I think no!
(Security Affairs – Anonymous)