A Record-Breaking DDoS Attack: The Six-Day Siege on a Middle Eastern Financial Institution

In an alarming demonstration of the escalating threats in the cyber landscape, a financial institution in the Middle East recently endured a record-breaking Distributed Denial of Service (DDoS) attack that lasted an astonishing six days. Orchestrated by the hacktivist group SN_BLACKMETA, this attack not only set a new benchmark for duration but also showcased the increasing sophistication and persistence of cyber threat actors in the digital age.

The Attack Unfolds

The assault on the financial institution was relentless, comprising ten distinct waves of DDoS attacks, each lasting between four to twenty hours. In total, the institution faced an overwhelming 100 hours of sustained attack time. The sheer volume of malicious requests was staggering, with an average rate of 4.5 million requests per second (RPS), peaking at an astonishing 14.7 million RPS. This deluge of traffic aimed to cripple the institution’s web applications and services, creating chaos and disruption.

During the attack, the ratio of legitimate to malicious web requests plummeted to a mere 0.002%, with an average of just 0.12%. This dramatic decline underscores the severity of the attack and the challenges faced by cybersecurity teams in distinguishing between legitimate user traffic and malicious requests. Fortunately, Radware’s Web DDoS Protection Services played a crucial role in mitigating the impact, successfully blocking over 1.25 trillion malicious web requests while allowing 1.5 billion legitimate requests to pass through.

The Hacktivist Group Behind the Attack

A few days prior to the attack, SN_BLACKMETA announced their intentions on their Telegram channel, signaling their readiness to launch a significant cyber offensive. Radware’s Cyber Threat Intelligence (CTI) team attributed the attack to this group based on their known motivations and previous activities. SN_BLACKMETA emerged as a notable player in the cyber warfare landscape in late 2023, initially targeting Israeli and Palestinian infrastructure before expanding their operations to a broader range of global targets.

The group’s attacks are ideologically driven, primarily motivated by pro-Palestinian sentiments and opposition to perceived injustices against Muslims. Their strategy involves disrupting entities they view as adversaries or complicit in actions against their cause. SN_BLACKMETA is not shy about publicizing its successes, regularly updating their audience with screenshots and links to validate their claims, thereby leveraging user complaints and third-party validations to substantiate the impact of their operations.

Possible Geographical Ties

Based on observed timestamps and activity patterns, it is plausible that the actors behind these attacks operate in a time zone close to Moscow Standard Time (MSK, UTC+3) or other Middle Eastern or Eastern European time zones (UTC+2 to UTC+4). There are also indications that the group could be pro-Sudanese, with “SN” potentially standing for “Sudan.” This geographical speculation adds another layer of complexity to understanding the motivations and operational patterns of SN_BLACKMETA.

InfraShutdown: A Premium DDoS-for-Hire Service

The attack on the financial institution may have been facilitated by the InfraShutdown DDoS-for-hire service, launched by Anonymous Sudan in February 2024. This service offers tailored DDoS attacks with military-grade privacy, specifically targeting critical infrastructures, financial systems, and telecommunication networks. The emergence of such services highlights the growing commodification of cyberattacks, making it easier for malicious actors to launch sophisticated assaults without the need for extensive technical knowledge.

The six-day DDoS attack serves as a stark reminder of the need for robust cybersecurity measures. Mitigating such prolonged and intense attacks requires a capable Web DDoS mitigation infrastructure with adequate capacity. Simple rate limiting is insufficient; the mitigation solution must effectively differentiate between legitimate and malicious web requests.

The Evolving Cyber Threat Landscape

The record-breaking DDoS attack on the Middle Eastern financial institution is a wake-up call for organizations worldwide. As hacktivist groups like SN_BLACKMETA continue to refine their tactics and expand their targets, it is imperative for organizations to remain vigilant and invest in advanced cybersecurity defenses. Understanding the motivations, operational patterns, and affiliations of groups like SN_BLACKMETA is crucial for global cybersecurity efforts.

As these groups evolve, so too must the strategies and technologies used to defend against them. The six-day DDoS attack is not just an isolated incident; it is indicative of the evolving threats in the cyber landscape. Organizations must bolster their defenses and prepare for the ever-changing nature of cyber threats.

Conclusion

In conclusion, the six-day DDoS attack on a Middle Eastern financial institution highlights the urgent need for enhanced cybersecurity measures in an increasingly hostile digital environment. As cyber threat actors become more sophisticated and organized, the responsibility falls on organizations to protect their assets and ensure the integrity of their operations. The lessons learned from this unprecedented attack will undoubtedly shape the future of cybersecurity strategies, emphasizing the importance of preparedness in the face of evolving threats.