The customer, a major financial institution in the United States, was targeted with a multivulnerability DDoS attack by the Anonymous collective as part of a large attack campaign. This attack lasted for about nine hours.
On the same day, the customer notified ERT with the following information “We have received credible information that an Anonymous kind of attack is being targeted on (our site) tomorrow”; the attack started three hours later than planned.
There were four confirmed attack vectors in this attack campaign:
- Attack Vector I: TCP SYN-FIN-RST Flood on TCP/80
- Attack Vector II: Garbage Flood on UDP/53
- Attack Vector III: Network Scans Attack
- Vector IV: HTTP Floods