Summary
Anonymous Sudan on the 1st of August, 2023 announced via their Telegram channel of planned cyber attacks against critical information infrastructures in Nigeria, following Nigeria’s role and involvement in ECOWAS recent directives to the Niger Military in the process of restoring power to the democratically elected government of Niger Republic.
Description & Consequence
About the Group
Anonymous Sudan is a group of religiously and politically motivated hacktivists who have been conducting religiously motivated distributed denial-of-service attacks against several Western countries since January 2023. The group has been making consistent headlines around the world since then. Its attacks have to-date targeted Sweden, Netherlands, Denmark, Australia, France, Israel, Germany, UAE, the US, Iran and most recently Kenya, while affecting critical infrastructure and numerous global sectors including financial services, telecommunications, aviation, education, healthcare, software, and government entities.
Known Method and Modes of Operation
Anonymous Sudan assaults are characterized as Web DDoS attacks involving alternating waves of UDP and SYN flooding. Attacks are launched from tens of thousands of distinct source IP addresses, with UDP traffic reaching up to 600Gbps and HTTPS request floods exceeding several million Requests Per Second (RPS). The group uses rented public cloud server infrastructure to generate traffic and attack floods while hiding and randomizing the source of the attacks with a high load of Layer 7 Web DDoS attacks utilizing cache bypass and slowloris. From the recent Kenya attack, the group employed an army of zombie devices called a botnets, which generally consist of compromised IoT devices, websites, and computers in the attacks.
- The attack can have both economic and security implications on the entire country.
- The attack can be used as a way of extortion and blackmailing. Victims can be asked to pay a ransom for attackers to stop an attack which can lead to huge financial loss.
- The attack can lead to business disruption and reputational damage.
- The attack can deplete the server resources and cause to suffer performance issues or crash the server completely by overwhelming the server’ resources such as CPU, memory or even the entire network.
Solution
- Put in place measures to identify abnormal traffic locations on your servers, and then employ tactics like IP address filtering which can block access from specific traffic locations, or geo-blocking which can block access from geographical regions where specific locations are not known.
- Place your computation resources behind Content Distribution Networks (CDNs) or Load Balancers and restrict direct Internet traffic to certain parts of your infrastructure like your database servers.
- Deploy firewalls or Access Control Lists (ACLs) to control what traffic reaches your applications.
- Deploy DDoS protection services where possible.
- The ubiquitous CAPTCHA test on a website, with its wavy words or images for users to decipher, is another way of protecting resource-hungry endpoints from bots.
- Have server redundancy incase of an attack.
- Limit network broadcasting.
- Implement a robust network security with network segmentation, IDS, anti-malware solutions and web security tools.
Reference
Not Applicable
Revision
