Along with several major banks in the U.S., one large US Bank has been under attack since October 2012 as part of the infamous “Operation Ababil”. The bank has been unable to mitigate the attacks for more than 5 months and has suffered from continual service interruptions on the banks online services.
On March 12th another massive attack period started, but this time Radware DefensePro was already deployed onsite and Radware’s Emergency Response Team (ERT) was invoked. During the next few weeks the ERT worked closely with the bank to modify its system infrastructure and deploy Radware’s AMS until it achieved a successful mitigation for all attacks.
The main attacks seen at the bank were volumetric UDP/ICMP floods coupled with HTTP/S application floods. The volumetric floods reached a peak of 16Gbps and were mitigated upstream by the ISP. However, the ISP was not able to mitigate the application level attacks and these were the attacks which took down the bank each time. Some of the Bots that participated in the attack were more advanced than we have previously seen and were able to follow 302 redirects and cookies. At some point, one Bot was even able to successfully pass the Java script challenge for the first time ever. This required the ERT and Radware R&D to come up with a very quick resolution for the advanced Bot.