This attack report describes an attack campaign against a country (Israel) and how several sites in this country were attacked simultaneously over a full week. A Pro Palestinian hackers group, the “Nightmare group” and 0xomar, a Saudi hacker member of the Saudi Arabian Anonymous collective, have disclosed credit card information of thousands of Israeli citizens, later leading to retaliation action by Israeli hackers. Prior to the attack, the media reported that few Israeli websites, both in public and private sectors, were about to be attacked.
The Attack Campaign
On Day 1, a cyber attack campaign started against various Israeli websites lasting for several days. The first victims were as announced in the media while another target was attacked as well. The attack was a dynamic HTTP flood (Attack Vector I), in which the URL is changed at each HTTP request packet to bypass any proxy or CDN on the way. It caused serious outage that lasted for several hours. Nevertheless and as explained below, the sites were eventually able to overcome the attack.
On Day 2, more Israeli websites were attacked – one of them was attacked with a UDP flood on port 443 (Attack Vector II) where the attacker sent very large packets.
On Day 3, another massive HTTP flood was launched against an additional Israeli website. This static HTTP flood (Attack Vector III) was different from the first one. On one hand it was simpler as it used the same URL again and again, but about 800 attackers came from a local host proxy which may be a new technique to bypass challenge-based mitigation technologies. The attack peak reached 50K concurrent connection which is 10 times more the sites normal activity.
On Day 4, the victim’s website attacked on Day III was hit again with the same attack vector. Later, it was attacked with a UDP flood on port 80 (Attack Vector V).