Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

Tunisian Hackers Target Governments, Banks in “TheWeekofHorror” Cyber Attacks

Tunisian Hackers Team DDoS Attacks

A group operating under the name Tunisian Hackers Team are targeting the websites of government agencies and large organizations with distributed denial of service (DDoS) attacks, according to a public-facing advisory issued by Solutionary.

Tunisian Hackers Team DDoS Attacks

A group operating under the name Tunisian Hackers Team are targeting the websites of government agencies and large organizations with distributed denial of service (DDoS) attacks, according to a public-facing advisory issued by Solutionary.

The operation named seven financial organizations, each of which will be attacked over a 24-hour period starting from July 5 and going all the way to July 11, according to Solutionary. #TheWeekofHorror operation will target Whitney Bank, Union Bank, Zions Bank, New York Community Bank, TCF Bank, Prosperity Bank, and Banner Bank.

Solutionary reported attacks occurred according to the published schedule, which would mean attacks against Whitney Bank on July 5, Union Bank on July 6, and Zions Bank on July 7.

“It is reasonable to assume the future attacks will occur as planned,” Solutionary said.

Each of the primary targets receive an eight-hour distributed denial of service attack, according to the details of the operation posted by the group. The group has claimed to have launched DDoS campaigns recently at volumes as high as 840 Gbps.

“Quite a feat,” Solutionary said.

While the current focus is on DDoS attacks, attackers frequently use these operations to train weaker members and generate noise, which distract the defenders. While the defenders are busy trying to mitigate the DDoS attack, the attacker can launch secondary attacks, such as website defacements, cross-site scripting redirects, and database leaks.

The Tunisian Hackers Team has also claimed responsibility for database leaks and website defacements for several government organizations, including database leaks from the Bureau of Statistics, United States Department of Agriculture, the federal World War II registry, the Federal Bureau of Investigation, and the United States Army. Columbia University, University of California Los Angeles, Sony Travels, and the City of Tucson (Arizona) were also targeted by the Tunisian Hackers Team, according to various posts on text-sharing site Pastebin.

There is no reason to panic about the prospect of these DDoS attacks, even if they do launch a large-scale one. These attackers are not using a “crazy new 0-day,” but rather the same exploits and attack methods that have been seen before. A Solutionary whitepaper on DoS and DDoS protection offers details on mitigating these types of attacks.

Organizations should review the settings for timeouts, IP connection limits, minimum data transfer rates, maximum connection time limits, and maximum request sizes on their firewalls and edge routers to reduce risk, Solutionary recommended. It’s also important to verify all patches are installed and all systems are up to date. “Many of the secondary attacks are designed to exploit patched vulnerabilities in web servers,” Solutionary said.

It’s easy for organizations who have not been called out by the Tunisian Hackers Team to dismiss the threat of DDoS attacks, but that is a shortsighted view. It’s possible the organization may be selected in a future operation. Groups can also change the list of targets at any time.

“Pre-released lists frequently include targets which either the attackers have determined is running a version vulnerable to their main exploit, or those which will draw the most media attention,” Solutionary said.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Cybersecurity Funding

Forward Networks, a company that provides network security and reliability solutions, has raised $50 million from several investors.

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Cisco patched a high-severity SQL injection vulnerability in Unified Communications Manager (CM) and Unified Communications Manager Session Management Edition (CM SME).

Network Security

Our networks have become atomized which, for starters, means they’re highly dispersed. Not just in terms of the infrastructure – legacy, on-premises, hybrid, multi-cloud,...