OpIcarus Project Mayhem: DDoS Attacks Target Stock Exchanges


Anonymous has initiated the third and final phase of OpIcarus: “Project Mayhem” – a systematic cyber assault against worldwide stock exchanges.

Download a Copy Now

Abstract

Anonymous has initiated the third and final phase of OpIcarus: “Project Mayhem” – a systematic cyber assault against worldwide stock exchanges. The global hacktivist group opened its DDoS attacks with a takedown of the London Stock Exchange website on June 5, 2016 (see Figure 1).

OpIcarus initially started in February with limited success. The attackers then returned better organized and prepared with new DDoS attacks and cyber-attack tools and launched a 30-day campaign, during which network outages were caused at dozens of sites, including the Bank of Greece, the Bank of Jordan and the Bank of South Korea (see Figure 2)

For the third phase of OpIcarus, Anonymous has designated all stock exchanges listed on this site as potential targets of DDoS attacks from “Project Mayhem”

OpIcarus “Project Mayhem” Attack Tools

  • TorsHammer – A slow-rate HTTP POST (Layer 7) DoS tool that transmits HTML POST fields in slow rates under the same session, thus causing the web server application threads to await the end of boundless posts until they are exhausted. The new version features a native socks proxy that enables the attack to be launched from random source IP addresses.
  • SlowLoris - Opening multiple connections sending a partial request, holding them open. Then adding HTTP headers but never completing the request
  • PyLoris - Enables the attacker to craft its own HTTP request headers (packet header, cookies, packet size, timeout and CRLF) to keep TCP connections open for as long as possible between the attacker and the victims’ servers.
  • Slowhttptest - sends incomplete HTTP requests at a very low transfer rate, keeping server resources waiting (see figure 3).
  • Xerxes - an extremely efficient DDoS attack automation tool that provides the capacity to launch multiple independent attacks against several target sites without necessarily requiring a botnet.
  • Ufonet – This tool leverages 'Open Redirect' vectors on third-party web applications to cause a denial-of-service state.
  • GoldenEye – Another Layer 7 DoS tool that keeps connections open until the destination server crashes. It features cache control options.

Organizations Under These DDoS Attacks Should Consider

  • A security solution that can protect its infrastructure from multi-vector DDOS attacks, including protection from network and application-based DDoS attacks as well as volumetric DDoS attacks that can saturate the Internet pipe
  • A hybrid solution that includes on-premise detection and DDoS mitigation with cloud-based DDoS protection for volumetric attacks. This provides quick detection, immediate mitigation and protects networks from volumetric DDoS attacks that aim to saturate the Internet pipe.
  • A DDoS protection solution that provides protection against sophisticated web-based DDoS attacks, other cyber security threats and website intrusions to prevent defacement and information theft.
  • A cyber security emergency response plan that includes an emergency response team and process in place. Identify areas where help is needed from a third party.
  • Monitor security alerts and examine triggers carefully. Tune existing policies and protections to prevent false positives and allow identification of real threats if and when they occur.

In addition to Radware products, we recommend that you review your network and patch your system accordingly. Maintaining and inspecting your network is necessary in order to defend against these types of DDoS attacks and threats.

Under Attack and in Need of Expert Emergency Assistance?

DDoS attacks or malware outbreaks can create unwanted emergency situations. Radware offers an emergency DDoS service to help respond to these emergencies, neutralize the security risk, and better safeguard operations before irreparable damages occur. If you’re under DDoS attack and in need of emergency assistance, contact us with the code “Red Button.”


Click here to download a copy of the ERT Threat Alert. Download Now