In a significant cybersecurity incident, financial institutions in the UAE were recently hit by an unprecedented distributed denial-of-service (DDoS) attack. Lasting for six days, the attack reached a peak volume of 14.7 million requests per second (RPS) and maintained an average of 4.5 million RPS. This onslaught dramatically reduced legitimate web traffic to the affected institutions to a mere 0.002% at its lowest, with an average of only 0.12% throughout the attack.
The attack was attributed to a pro-Palestinian hacktivist group known as SN_BLACKMETA. This group announced their intentions on their Telegram channel prior to the event, a tactic reminiscent of another hacktivist group, Anonymous Sudan, with whom SN_BLACKMETA is believed to have connections. Both groups share a common anti-Western stance and have targeted various institutions in the past.
Detailed Breakdown of the Attack
The DDoS campaign spanned more than 100 hours, with multiple waves of attacks ranging from four to twenty hours each. It was utilized a DDoS service called InfraShutdown to execute the attacks at a relatively low cost, estimated between $500 and $625 per week. This service enabled the attackers to inundate the financial institutions’ websites, causing legitimate web traffic to plummet.
Director of threat intelligence, highlighted the departure from typical hacktivist attacks, which usually last only a few minutes. In contrast, this campaign sustained high-intensity attacks over several days, targeting the institutions 70% of the time.
Background and Motivations of the attackers
SN_BLACKMETA, also known as BlackMeta or DarkMeta, emerged in November 2023 and has a history of targeting organizations in Israel, the UAE, and the United States. The group’s motivations seem to be primarily driven by a pro-Palestinian ideology, positioning their attacks as retribution for perceived injustices. Their targets often include critical infrastructure such as banking systems, telecommunications, government websites, and major tech companies.
This attack follows several previous campaigns, including a multiday DDoS attack on the San Francisco-based Internet Archive and an attack on the Israel-based infrastructure of the Orange Group.
The Impact and Response
The sustained DDoS attack demonstrated the significant capabilities of hacktivist groups using commercially available DDoS services.
The attack caused substantial disruptions, making the financial institutions’ websites temporarily unavailable to legitimate users. Despite the intensity and duration of the attack, the financial institutions managed to mitigate the impact on their services, eventually leading the attackers to move on after six days.
The Role of InfraShutdown in DDoS Attacks
InfraShutdown, the DDoS service used in this attack, has been advertised for its effectiveness and affordability, allowing various groups to launch high-volume attacks.
Anonymous Sudan previously promoted this service during their campaigns, suggesting a potential financial incentive behind their hacktivism.
How RELIANOID Can Enhance IT Security
The recent DDoS attack on UAE financial institutions underscores the evolving threat landscape in cybersecurity, where hacktivist groups leverage affordable and effective DDoS services to carry out prolonged and high-intensity attacks. As these threats continue to grow, it becomes imperative for organizations to enhance their cybersecurity measures and remain vigilant against such disruptive activities.
Amid the rise of sophisticated cyber threats, platforms like RELIANOID are crucial for bolstering IT security in the financial sector. RELIANOID leverages cutting-edge AI and machine learning technologies to deliver real-time threat detection and response, ensuring swift identification and mitigation of cyber risks. Its anomaly detection capabilities constantly monitor network traffic and system activities, highlighting any irregularities that may signal malicious behavior. With automated incident response features, RELIANOID shortens response times and mitigates the impact of security breaches. Additionally, its predictive analytics enable financial institutions to foresee and prevent future cyber incidents, protecting critical infrastructure and sensitive data from an ever-evolving threat landscape.
Contact us for more information about how to protect your infrastructure from DDoS attacks.