In a recent cyberattack targeting a financial institution in the United Arab Emirates, a distributed denial-of-service (DDoS) attack was carried out by the pro-Palestinian hacktivist group BlackMeta, also known as DarkMeta. This attack set records for both the duration of the attack and the sustained volume of requests, lasting a total of six days with multiple waves of web requests lasting anywhere from four to 20 hours.

According to cybersecurity firm Radware, the attack averaged 4.5 million requests per second over the course of more than 100 hours in total. This represents a significant departure from traditional hacktivist denial-of-service attacks, which typically last only a few minutes. Pascal Geenens, director of threat intelligence for Radware, noted that in this particular attack, the financial institution was targeted for 70% of the six-day period, highlighting the sophistication and tenacity of the attackers.

BlackMeta, also known as SN_BlackMeta, is not a newcomer to the cyberattack scene. The group has a history of targeting organizations in Israel, the United Arab Emirates, and the United States. In recent months, they have claimed responsibility for attacks on various entities, including the San Francisco-based Internet Archive and the Israel-based infrastructure of the Orange Group.

Leading up to the cyberattack on the financial institution, BlackMeta announced their intent on Telegram, a messaging platform. The attack flooded the institution’s website with requests, causing the percentage of legitimate requests to plummet. The attackers utilized a cybercrime service called InfraShutdown, which allows attackers to target sites for a fee ranging from $500 to $625 per week.

BlackMeta’s primary motivations stem from a pro-Palestinian ideology, with anti-Western sentiments and apparent links to Russia. The group targets critical infrastructure, banking systems, telecommunication services, government websites, and major tech companies in an effort to disrupt entities they view as complicit in or supportive of their adversaries.

The group is believed to be a rebrand of Anonymous Sudan, another hacktivist group that previously targeted Israeli organizations and the messaging service Telegram in 2023. Anonymous Sudan advertised its DDoS attack service during previous attacks, suggesting that they profit from their “hacktivism.”

In response to sustained application-layer attacks like those orchestrated by BlackMeta, rate-limiting bandwidth may not be an effective solution. Geenens explained that when attackers shift their focus to Layer 7 (the application layer), traditional network protection measures may not be sufficient to differentiate between legitimate and malicious requests.

Overall, the cyberattack on the financial institution in the UAE serves as a sobering reminder of the evolving tactics and motivations behind cyber threats. As groups like BlackMeta continue to carry out sophisticated and sustained attacks, organizations must enhance their cybersecurity defenses to effectively mitigate the risks posed by these malicious actors.

Source link