Hacker buzz is increasing over the last few days, with various groups announcing their participation in an upcoming #OpSaveAlAqsa DDoS campaign scheduled for the week of November 17, 2014 on Israeli websites, as reported by our cyber-intelligence colleagues at Sensecy.
We are following the preparations for the campaign and will be providing our customers with updates as it evolves.
Sensecy has not spotted major players in this campaign such as the SEA or ICR, while over a thousand FB users already have confirmed participation. The attack, as similar ones preceding it, is expected to target government, financial and security institutions. The proposed tools are DDoS-related as observed in previous campaigns.
Our Intelligence sources and experience indicate that the motivation behind the #OpSaveAlAqsa is high and the recommendation is to stay on the watch and take the necessary security measures in prep for potential DDoS attacks.
Sentrix was first to report the upcoming attack to its customers last week, before the press, based on cyber intelligence sources and trends identified by the Sentrix solution.
Our customers have been made aware of the potential attack. Their websites are protected by default by the Sentrix cloud platform and they need not take any major actions.
We are refreshing the 2 simple actions, which Sentrix customers should take once receiving our alert:
- Enable the Sentrix Dashboard that will provide attack status visibility
- Observe the Dashboard and the push notifications that will arrive from the Sentrix NOC. Blocked attacks are indicated in red.
Sentrix will monitor the website’s health and performance and will respond to the attack automatically including, for example:
- Elastically adding cloud servers, which will contain any scale of DDoS attack
- Block unwanted traffic
- Ensure that the original DMZ will only receive legitimate requests.
THERE IS NO NEED TO DO ANY OF THE FOLLOWING:
- Set up situation rooms
- Scramble red teams and initiate emergency response plans
- Work 24/7 shifts
- Review log files
- Notify your ISP
- Monitor traffic for malicious requests, block unwanted geo-locations and IP addresses
- Monitor CPU load, bandwidth etc.
All these will be handled by the Sentrix cloud solution that will ensure continuous availability.
We’ll keep reporting as the attack evolves and welcome security admins to contact us for information.