Attacks on Large US Bank During Operation Ababil - March 2013


June 3, 2013 02:00 PM

Background

Along with several major banks in the U.S., one large US Bank has been under attack since October 2012 as part of the infamous “Operation Ababil”. The bank has been unable to mitigate the attacks for more than 5 months and has suffered from continual service interruptions on the banks online services.

On March 12th another massive attack period started, but this time Radware DefensePro was already deployed onsite and Radware’s Emergency Response Team (ERT) was invoked. During the next few weeks the ERT worked closely with the bank to modify its system infrastructure and deploy Radware’s AMS until it achieved a successful mitigation for all attacks.

The main attacks seen at the bank were volumetric UDP/ICMP floods coupled with HTTP/S application floods. The volumetric floods reached a peak of 16Gbps and were mitigated upstream by the ISP. However, the ISP was not able to mitigate the application level attacks and these were the attacks which took down the bank each time. Some of the Bots that participated in the attack were more advanced than we have previously seen and were able to follow 302 redirects and cookies. At some point, one Bot was even able to successfully pass the Java script challenge for the first time ever. This required the ERT and Radware R&D to come up with a very quick resolution for the advanced Bot.

Additional Information

For additional information regarding the threat, read the full Attack Report.

Download Now

Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Locations
Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support

Get Social

Connect with experts and join the conversation about Radware technologies.

Radware Blog
Security Research Center