On April 7, the hacker group Anonymous wielded its annual #OpIsrael attack, which has been taking place on the same date since 2013.
Anonymous targeted websites, databases, and internal networks belonging to the government, the IDF as well as large and small enterprises. These kind of cyberattacks have the potential to disable an organization’s systems and networks, steal and abuse valuable data, damage reputations and brands, and invade and violate users’ privacy.
Ironically enough, the announced 2016 attack had a positive effect – it made Israeli users even more aware of cyber risks and it also served as a “training day” for local security companies.
According to Israeli media, by midday April 7, Anonymous claimed it had disabled 55 Israeli sites, including several belonging to the IDF and the government. Although some websites were at the receiving end of Denial of Service (DDOS) attacks, those websites were either restored almost immediately or, at worst, responded slower than normal. But all kept working.
For example, an Israeli mobile operator reported it was attacked at three separate times during the day. At those times, its normal traffic doubled from around 50 gbps to close to 100 gbps. The provider’s security suite was able to accurately pinpoint the 50 gbps of malicious traffic, block, and remove it, thus effectively warding off the DDoS attacks to its customers downstream.
Attacks like these put the spotlight once again on the main question: how to remain protected from cyber-attacks and hacktivists such as Anonymous. The security industry (estimated at $75B in December 2015) is leading the fight against cybercrime — not an easy feat. The cybercrime economy is estimated to be anywhere between $100B and $400B. Furthermore, cyberattacks are becoming more and more sophisticated. To give an example, 4G/LTE operators are also facing potential attacks “from within” i.e. via malware infected devices of their own subscribers that have the potential to cripple the operators’ core network services.
What is the best way to handle these kinds of DDoS attacks? By deploying a DDoS mitigation solution consisting of deep analysis of inbound traffic for behavioral anomalies that also inspects many rate dependent and rate independent attributes of the traffic. After identifying an anomaly, such a security solution will apply a filter that surgically removes the anomalous traffic that is threatening the operator’s network.
Today’s state-of-the-art technology detects anomalous network behavior in just 10-60 seconds and creates a pattern in 10-20 seconds; therefore most attacks are mitigated in less than a minute. In the reverse direction (on the access of the operator’s network), a similar analysis and intelligence process is applied at the end-user level to the traffic generated by the end-user’s device. Anomalies identified in user traffic, e.g. an attempt to DDoS a remote site, will be blocked and signaled to the OSS/BSS systems so that the operator can take further action ( e.g., stopping the service for such a user).
To protect their networks and subscribers, mobile operators can also take several other effective counter measures:
- Educating employees and customers about the risks of cyber-attacks and precautions to undertake.
- Implementing solutions that can preempt attacks, stop malware in its tracks, and neutralize BOT infected phones. In addition to the security capabilities, solutions must be integrated with the OSS/BSS systems to effectively manage and communicate with infected devices in order to minimize service disruptions.
- Performing deep analysis of attack patterns and utilizing security solutions that enable automated attack prevention.
Cybercrime might be rampant, but the good guys (i.e. security companies, service providers and mobile operators) are winning the war.
Allot Communications is a global bandwidth management and security solutions company.