2024-03

This month, Israeli financial institutions and services experienced a significant uptick in distributed denial of service (DDoS) attacks. One financial services site faced its largest application-layer DDoS attack to date, enduring an hour-long onslaught that peaked at 3.5 million requests per second (RPS), indicative of a well-coordinated effort involving a vast botnet of over 13,000 unique IP addresses. Across multiple incidents, over 3200 IPs were identified as overlapping among the attacks, strongly suggesting a coordinated campaign against these sites. These attacks, targeting sites that have been repeatedly attacked throughout the year, highlight the persistent and evolving threat of politically or financially motivated cyber aggression towards Israeli financial sectors.

Take action:
Imperva DDoS Protection secures all your assets at the edge for uninterrupted operation.

This month, an Italian telecommunications site was subjected to an aggressive account takeover (ATO) campaign, witnessing nearly 8 million attempted logins in a sophisticated brute force attack lasting almost 24 hours. Remarkably, the attack came exclusively from within Italy, utilizing bots for the vast majority of login attempts. This localized nature of the attack suggests a highly targeted approach, possibly indicating the presence of a formidable botnet operation within the country. Notably, less than 10% of the credentials attempted were from previously leaked datasets, implying that the attackers were relying heavily on generating combinations to breach accounts. This incident highlights the escalating challenge of securing digital identities against the backdrop of increasingly automated and localized cyber threats.

Take action:
Imperva Account Takeover prevention uses multi-layered detection to block fraud.

This month, a prominent US-based entertainment website experienced severe remote code execution (RCE) attacks, attempting to exploit several vulnerabilities including CVE-2022-21371. With the attacks generating over 10 million requests per day, the scale of this attack is noteworthy. The offensive was launched from IP addresses–primarily leveraging tools written in Go– located within the US, suggesting the possible use of a regional botnet or a deliberate strategy to obscure the attackers' true geographical origins or bypass georestrictions. This incident not only underscores the vulnerability of entertainment platforms to sophisticated cyberattacks, but also highlights the complexity of attributing such attacks in an increasingly interconnected digital landscape.

Take action:
See how Imperva Web Application Firewall can help you defend against attacks like RCE..

Following this year’s trend of increasing DDoS attacks, a Romanian retail website was the target of an application-layer distributed denial of service (DDoS) attack, peaking at just over 4 million requests per second (RPS). In addition to being this year's second-largest DDoS attack, this is the largest attack we’ve ever seen on Romania, up from a previous average of 27,000 RPS. Originating from approximately 2,000 IP addresses, with a notable concentration in both Romania and China, this incident not only highlights the global scale and coordination behind such cyberattacks but also raises concerns about the potential involvement of international cybercriminal networks. This attack underscores the critical need for robust cybersecurity defenses in the retail sector, which is increasingly becoming a focal point for high-scale DDoS campaigns.

Take action:
Imperva DDoS Protection secures all your assets at the edge for uninterrupted operation.