Record-breaking DDoS attack linked to pro-Palestinian group – Radware

Radware Links Record-Breaking 6-Day, 14.7 Million RPS Web DDoS Attack to Emerging Hacktivist Group SN_BLACKMETA

Radware has released a new threat advisory, uncovering the rising influence of a pro-Palestinian hacktivist group, SN_BLACKMETA, which has been linked to a record-breaking Web DDoS attack. This hacktivist group, which emerged in November 2023, is now suspected to be behind a six-day-long assault on a Middle Eastern financial institution, setting a new high in attack intensity for 2024.

Attack Details

The DDoS attack, characterised by its ferocity and persistence, spanned several waves over six days, each wave lasting up to 20 hours. The financial institution was under constant pressure for 100 hours, with an average of 4.5 million requests per second (RPS) and a staggering peak of 14.7 million RPS. This attack stands as the largest recorded this year.

The Attack Tool: InfraShutdown

Radware’s Cyber Threat Intelligence team believes that SN_BLACKMETA leveraged a new DDoS-for-hire service, InfraShutdown, to execute the attack. This service, reportedly supported by Anonymous Sudan, is available to anyone for as little as $500 per week through Telegram. The ease of access and affordability make InfraShutdown a potent tool for cybercriminals.

Anonymous Sudan Connection

SN_BLACKMETA shares striking similarities with Anonymous Sudan, not just in their strong pro-Palestinian stance but also in their attack methodologies, target selection, and overall patterns. This suggests a possible coordination or a significant overlap in strategic direction between the two groups.

A Growing Concern

The audacity and meticulous operations of SN_BLACKMETA mark it as a rising threat. The group has already launched notable attacks on critical infrastructure, including airports, ministries of defense, telecoms, stock exchanges, and tech giants. The potential expansion of InfraShutdown as a DDoS-for-hire service could pose a significant threat to global infrastructure.

Advanced Protection is Crucial

SN_BLACKMETA’s capability to bring down organisations without sophisticated protection is alarming. During the recent attack, the ratio of legitimate to malicious web requests was as low as 0.002%, averaging 0.12%. Radware’s Web DDoS Protection Services successfully blocked over 1.25 trillion malicious requests while allowing 1.5 billion legitimate ones to pass through unscathed.

 

See the full report here.