A group operating under the name Tunisian Hackers Team are targeting the websites of government agencies and large organizations with distributed denial of service (DDoS) attacks, according to a public-facing advisory issued by Solutionary.
The operation named seven financial organizations, each of which will be attacked over a 24-hour period starting from July 5 and going all the way to July 11, according to Solutionary. #TheWeekofHorror operation will target Whitney Bank, Union Bank, Zions Bank, New York Community Bank, TCF Bank, Prosperity Bank, and Banner Bank.
Solutionary reported attacks occurred according to the published schedule, which would mean attacks against Whitney Bank on July 5, Union Bank on July 6, and Zions Bank on July 7.
“It is reasonable to assume the future attacks will occur as planned,” Solutionary said.
Each of the primary targets receive an eight-hour distributed denial of service attack, according to the details of the operation posted by the group. The group has claimed to have launched DDoS campaigns recently at volumes as high as 840 Gbps.
“Quite a feat,” Solutionary said.
While the current focus is on DDoS attacks, attackers frequently use these operations to train weaker members and generate noise, which distract the defenders. While the defenders are busy trying to mitigate the DDoS attack, the attacker can launch secondary attacks, such as website defacements, cross-site scripting redirects, and database leaks.
The Tunisian Hackers Team has also claimed responsibility for database leaks and website defacements for several government organizations, including database leaks from the Bureau of Statistics, United States Department of Agriculture, the federal World War II registry, the Federal Bureau of Investigation, and the United States Army. Columbia University, University of California Los Angeles, Sony Travels, and the City of Tucson (Arizona) were also targeted by the Tunisian Hackers Team, according to various posts on text-sharing site Pastebin.
There is no reason to panic about the prospect of these DDoS attacks, even if they do launch a large-scale one. These attackers are not using a “crazy new 0-day,” but rather the same exploits and attack methods that have been seen before. A Solutionary whitepaper on DoS and DDoS protection offers details on mitigating these types of attacks.
Organizations should review the settings for timeouts, IP connection limits, minimum data transfer rates, maximum connection time limits, and maximum request sizes on their firewalls and edge routers to reduce risk, Solutionary recommended. It's also important to verify all patches are installed and all systems are up to date. “Many of the secondary attacks are designed to exploit patched vulnerabilities in web servers,” Solutionary said.
It's easy for organizations who have not been called out by the Tunisian Hackers Team to dismiss the threat of DDoS attacks, but that is a shortsighted view. It's possible the organization may be selected in a future operation. Groups can also change the list of targets at any time.
“Pre-released lists frequently include targets which either the attackers have determined is running a version vulnerable to their main exploit, or those which will draw the most media attention,” Solutionary said.