Tag Archives: stop ddos attacks

DDoS Attacks via TFTP Protocol Become a Reality After Research Goes Public

Almost three months after researchers from the Edinburgh Napier University published a study on how to carry out reflection DDoS attacks by abusing TFTP servers, Akamai is now warning of real-life attacks. Akamai SIRT, the company’s security team, says its engineers detected at least ten DDoS attacks since April 20, 2016, during which crooks abused Internet-exposed TFTP servers to reflect traffic and send it tenfolds towards their targets, in a tactic that’s called a “reflection” (or “amplification”) DDoS attack. The crooks sent a small number of packets to TFTP servers, which contained various flaws in the protocol implementation, and then sent it back multiplied to their targets. The multiplication factor for TFTP DDoS attacks is 60, well above the regular average for reflection DDoS attacks, which is between 2 and 10. First instances of TFTP reflection DDoS attacks fail to impress Akamai says the attacks they detected employing TFTP servers were part of multi-vector DDoS attacks, during which crooks mixed different DDoS-vulnerable protocols together, in order to confuse their target’s IT department and make it harder to mitigate. Because the attack wasn’t pure, it never reached huge statistical measurements. Akamai reports the peak bandwidth was 1.2 Gbps and the peak packet volume was 176,400 packets per second. These are considered low values for DDoS attacks, but enough to consume the target’s bandwidth. Akamai SIRT says they’ve seen a weaponized version of the TFTP attack script circulating online as soon as the Napier University study was released. The crooks seem to have misconfigured the attack script The attack script is simple and takes user input values such as the victim’s IP, the attacked port, a list of IP addresses from vulnerable, Internet-available TFTP servers, the packet per second rate limit, the number of threads, and the time the script should run. In the attacks it detected, Akamai says the crooks ignored to set the attacked port value, and their script send out traffic to random ports on the target’s server. Back in March, Napier University researchers said they’ve found over 599,600 publicly open servers that had port 69 (TFTP) open. Akamai warns organizations to secure their TFTP servers by placing these servers behind a firewall. Since the 25-year-old TFTP protocol doesn’t support modern authentication methods, there is no good reason to have these types of servers exposed to the Internet. Source: http://news.softpedia.com/news/ddos-attacks-via-tftp-protocol-become-a-reality-after-research-goes-public-504713.shtml#ixzz4AH801pER

More:
DDoS Attacks via TFTP Protocol Become a Reality After Research Goes Public

UK-Based Llyod’s Bank Sees Decrease in Cyberattacks

Swimming against the torrent of relentless headlines highlighting the lack of cybersecurity among banks, government agencies, and popular websites, the Lloyds Banking Group has seen an 80-90% drop in cyberattacks. The reason? “Enhanced” cybersecurity measures. While banks around the world begin to accept the uncomfortable reality wherein a $81 million cyber-heist is entirely plausible whilst relying on the global banking platform (SWIFT), one UK-based bank has seen a drop in cyber-attacks. UK-based Llyods Banking Group has seen a drop of between 80% to 90%, even though there has been an increase in cyberattacks targeting the UK this year. The revelation was made by Miguel-Ángel Rodríguez-Sola, the group director for digital, marketing & customer development. One of the most common attack vectors remain Distributed Denial of Service (DDoS) attacks. “There had been an increase in the UK in terms of cyber attacks between June and February this year,” Rodríguez-Sola stated. He added “However, over the last two months, I have had five-times less than at the end of last year.” Speaking to the Telegraph , he claimed a greater collaborative effort with law enforcement agencies. More notably, he spoke about the enabling of additional layers of cyber-defenses, without going into specifics. In statements, he said: We needed to re-plan our digital development to make sure that we put in new defences, more layers. [The number of cyberattacks] is now one-fifth or one-tenth of what it was last year. The news of a decrease in cyberattacks faced by the banking group comes during a time when a third bank was recently revealed to be a victim of the same banking group which was involved in a staggering $81 million dollar heist involving the Bangladesh Central Bank. Increasing reports of other member banks of the SWIFT network falling prey to cyberheists has spurred SWIFT to issue a statement, urging banks to report cybercrimes targeting member banks. Source: https://hacked.com/uk-based-llyods-bank-sees-decrease-cyberattacks/

View article:
UK-Based Llyod’s Bank Sees Decrease in Cyberattacks

Anonymous is 2016’s top trending hacktivist group

Anonymous emerges as the leader in 2016’s Trending Hacktivist Groups Anonymous continued to remain at the top in the top trending hacktivist group, says SurfWatch Labs based on the data collected on threat intelligence and social media hype. The hacktivist group was followed by Turk Hack Team (THT), New World Hacking (NWO), and Ghost Squad Hackers. In comparison to other years, the data shows that hacktivism has decelerated and lost its impetus but still has managed to cause enough damages to gather mainstream media attention. The government agencies were hit the most by hacktivism campaigns says the security firm with the most publicity having been created around the now-notorious COMELEC hack by Anonymous Philippines and Lulzsec Philippines, during which information for around 50 million Filipino voters were disclosed. Other than this incident, at the start of the year, the hacktivist groups created a lot of attention to their causes via the massive DDoS attack on BBC, the DDoS attacks on Donald Trump’s websites part of #OpTrump, the DDoS attacks on the Bank of Greece part of #OpIcarus, and the ones on Nissan part of #OpKillingBay. The Bank of Cyprus, the pulling down of ISIS Twitter profiles followed by the Belgium attacks, and the leak of data from NASA’s internal network were some of the other small hacktivism incidents that also managed to garner a lot of attention to causes and the groups behind them. During the first months of 2016, the top five hacktivism campaigns were #OpTrump, #OpKilling Bay, #OpWhales, #OpIsrael, and #OpAfrica. Since #OpIcarus was supposed to last for the entire month of May, it was not included in the list. However, the campaign is sure to become a support in Anonymous’ standard operations. Former big names such as the Syrian Electronic Army (SEA) and Lizard Squad seem to have disappeared with no or little activity from its members, points out SurfWatch Labs in its report. Looks like the SEA group members are perhaps busy avoiding getting arrested considering that the US has filed former charges against members of the group. Source: http://www.techworm.net/2016/05/anonymous-2016s-top-trending-hacktivist-group.html

See the original article here:
Anonymous is 2016’s top trending hacktivist group

Japanese teens DDoS attack takes out 444 school websites

A Japanese teenager was charged on May 11 for allegedly launching a DDoS attack against the Osaka Board of Education, which shut down 444 school websites. The 16-year-old faces obstruction of business charges for the attack, which was carried out last November, and marked the first time in Japan’s history that a cyber attack was launched against a local government, according to Japan Today. The teen said he launched the attack to remind his teachers “of their own incompetence,” according to the publication. The student reportedly told police he wanted to join the hacking collective Anonymous and that he didn’t know that schools other than his own would be impacted. He faces up to three years in prison and a 500,000 yen fine. Source: http://www.scmagazine.com/japanese-teen-launches-massive-ddos-attack-to-remind-teachers-they-are-incompetent/article/496756/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+SCMagazineHome+%28SC+Magazine%29

View article:
Japanese teens DDoS attack takes out 444 school websites

Protect your apache server from WordPress Pingback DDoS attacks

A security researcher at SANS Technology Institute put out an advisory around 8 months ago when he discovered that WordPress’s “pingback” functionality contains an exploit allowing it to request a result from any server that an attacker wishes. This vulnerability means that there are thousands of WordPress installations that can be effectively weaponized to conduct floods against any target site of someone’s desire. This particular attack is dangerous because many servers can be overwhelmed with only 200 blogs “pingbacking” their site, clogging up their limited connections and/or resources. To confirm if you are under wordpress pingback ddos attack, check your access logs. $ sudo tail -f /var/log/apache2/access.log Logs will look like this: 74.86.132.186 – – [09/Mar/2014:11:05:27 -0400] “GET /?4137049=6431829 HTTP/1.0? 403 0 “-” “ WordPress /3.8; http://www.mtbgearreview.com” 143.95.250.71 – – [09/Mar/2014:11:05:27 -0400] “GET /?4758117=5073922 HTTP/1.0? 403 0 “-” “ WordPress /4.4; http://i-cttech.net” 217.160.253.21 – – [09/Mar/2014:11:05:27 -0400] “GET /?7190851=6824134 HTTP/1.0? 403 0 “-” “ WordPress /3.8.1; http://www.intoxzone.fr” 193.197.34.216 – – [09/Mar/2014:11:05:27 -0400] “GET /?3162504=9747583 HTTP/1.0? 403 0 “-” “ WordPress /2.9.2; http://www.verwaltungmodern.de” To block wordpress pingback attack in Apache use this configuration. $ sudo nano /etc/apache2/apache2.conf Options -Indexes AllowOverride All Require all granted BrowserMatchNoCase WordPress wordpress_ping BrowserMatchNoCase WordPress wordpress_ping Order Deny,Allow Deny from env=wordpress_ping Source: https://sherwinrobles.blogspot.ca/2016/05/protect-your-apache-server-wordpress.html

See original article:
Protect your apache server from WordPress Pingback DDoS attacks

Anonymous Threatens Bank DDoS Disruptions

Follows Collective’s ‘Total War’ Against Donald Trump After earlier this year declaring “total war” against U.S. Republican presidential candidate Donald Trump, the hacktivist group Anonymous is now threatening global banks with 30 days of distributed denial-of-service attack disruptions. As a preview, on May 2, the group claimed to have disrupted the website of Greece’s central bank. “Olympus will fall. A few days ago we declared the revival of Operation Icarus. Today we have continuously taken down the website of the Bank of Greece,” the group said in the video posted on You Tube and delivered in the classic Anonymous style via a disembodied, computerized voice. “This marks the start of a 30-day campaign against central bank sites across the world,” it adds. “Global banking cartel, you’ve probably expected us.” Of course, banks have previously been targeted en masse by DDoS attackers. Beginning in 2012, for example, attacks waged by a group calling itself the “Izz ad-Din al-Qassam Cyber Fighters” continued to disrupt U.S. banks’ websites as part of what it called “Operation Ababil.” In March, the Justice Department unsealed indictments against seven Iranians – allegedly working on behalf of the Iranian government – accusing them of having waged those attacks. Regardless of who was involved, it’s unclear if Anonymous could bring similar DDoS capabilities to bear for its Operation Icarus. A Central Bank of Greece official, who declined to be named, confirmed the May 2 DDoS disruption to Reuters , though said the effect was minimal. “The attack lasted for a few minutes and was successfully tackled by the bank’s security systems. The only thing that was affected by the denial-of-service attack was our website,” the official said. Greek banks have been previously targeted by DDoS extortionists, demanding bitcoins. “It would have been better if no disruption occurred, but it is good that the attack – if that is what caused the disruption – was handled so quickly,” says information security expert Brian Honan, who’s a cybersecurity expert to the EU’s law enforcement intelligence agency, Europol. A “World Banking Cartel Master Target List” published by Anonymous to text-sharing site Pastebin early this month lists the U.S. Federal Reserve, as well as Fed banks in Atlanta, Boston, Chicago, Dallas, Minneapolis, New York, Philadelphia, Richmond and St. Louis. Also on the target list are websites for the International Monetary Fund, the World Bank as well as 158 central banks’ websites. In a related video missive issued March 31, Anonymous urged its members to “take your weapons and aim them at the New York Stock Exchange and Bank of England,” promising that “this is the operation to end all others.” The planned Anonymous operation follows elements of the collective earlier this year declaring “total war” against Trump, and on April 1 temporarily disrupting several of Trump’s websites, The Hill reports. Since then, of course, Trump has become the only Republican presidential candidate left standing after his massive win in this week’s Indiana primary. Banks: Beware DDoS Threats While the Anonymous bark doesn’t always equal its bite, in the wake of this alert, “banks in the United Kingdom, United States and Latin America should be very prepared” against potential attacks, says Carl Herberger, vice president of security for DDoS-mitigation and security firm Radware. “In the same vein as someone yelling ‘bomb’ at an airport or fire at a movie theater, cyber-attack threats – whether idle or not – are not to be taken lightly,” he says, although he adds that the number of threatened DDoS attacks outweighs the quantity of actual attacks. Herberger says in light of the new threat, all banks should review their DDoS defense plans, keeping in mind that DDoS attackers do continue to refine their tactics, as seen in the disruption of Geneva-based encrypted email service ProtonMail. “As the attacks on ProtonMail in November 2015 have demonstrated … attackers change the profile of their attacks frequently and leverage a persistent and advanced tactic of revolving attacks geared to dumbfound detection algorithms,” he says, dubbing such tactics “advanced persistent DoS.” Maintain a DDoS Defense Plan Security experts have long recommended that all organizations have a DDoS defense plan in place. The U.K.’s national fraud and cybercrime reporting center, ActionFraud, for example, recently issued the following advice to all organizations: Review: “Put appropriate threat reduction/mitigation measures in place,” tailored to the risk DDoS disruptions would pose to the organization. Hire: If DDoS attacks are a threat, seek professional help. “If you consider that protection is necessary, speak to a DDoS prevention specialist.” Prepare: All organizations should liaise with their ISP in advance of any attack. “Whether you are at risk of a DDoS attack or not, you should have the hosting facilities in place to handle large, unexpected volumes of website hits.” DDoS Extortions Spike The guidance from ActionFraud, released April 29, also warned that the center has recently seen a spike in DDoS extortion threats from an unnamed “online hacking group” demanding the equivalent of $2,250 to call off their planned attack. “The group has sent emails demanding payment of 5 bitcoins to be paid by a certain time and date. The email states that this demand will increase by 5 bitcoins for each day that it goes unpaid,” ActionFraud’s alert states. “If their demand is not met, they have threatened to launch a [DDoS] attack against the businesses’ websites and networks, taking them offline until payment is made.” ActionFraud advises targeted organizations: “Do not pay the demand.” That echoes longstanding advice from law enforcement agencies globally. ActionFraud also urges organizations to keep all copies of DDoS extortion emails – including complete email headers – as well as a complete timeline for the threats and any attacks, and to immediately report threats or attacks to authorities. Investigators say that keeping complete records – including packet-capture logs – is essential for helping to identify perpetrators. Or as ActionFraud advises: “Keep a timeline of events and save server logs, web logs, email logs, any packet capture, network graphs, reports, etc.” Masquerading as Armada Collective? CloudFlare, a DDoS mitigation firm, reports that related attacks began in March and have been carried out under the banner of Armada Collective, as well as potentially Lizard Squad, although it’s not clear if those groups are actually involved. It’s also unclear if the threatened DDoS disruptions have ever materialized. “We’ve been unable to find a single incident where the current incarnation of the Armada Collective has actually launched a DDoS attack,” CloudFlare CEO Matthew Prince says in a blog post. “In fact, because the extortion emails reuse bitcoin addresses, there’s no way the Armada Collective can tell who has paid and who has not. In spite of that, the cybercrooks have collected hundreds of thousands of dollars in extortion payments.” Source: http://www.bankinfosecurity.com/anonymous-threatens-bank-ddos-disruptions-a-9085

See the article here:
Anonymous Threatens Bank DDoS Disruptions

New Jaku Botnet Already Has 19,000 Zombies, Ideal for Spam and DDoS Attacks

Group has ties to the Darkhotel APT attacks Security researchers from Forcepoint say that a new botnet has slowly risen and grown to contain over 19,000 zombies all over the world, but predominantly in Asian countries. Named Jaku ( Star Wars reference alert — Jakku ), the botnet has made most of its victims in countries such as Japan and South Korea, which count 73 percent of all infections. Nevertheless, security experts claim they detected infections with Jaku’s malware in 134 different countries, even if sometimes they comprised one or two users. Jaku is one of the most sophisticated and resilient botnets around Researchers say that first signs of the botnet appeared last September, and in a six-month timeframe, Jaku grew tremendously compared to other similar threats. The group behind Jaku controls the botnet through multiple C&C (command-and-control) servers, most of which are located in countries in the APAC region, such as Singapore, Malaysia, and Thailand. In ordered to stay hidden from sight, the Jaku group deployed three different C&C mechanisms but also used obfuscated SQLite databases on the client-side to store configuration files. The Jaku botnet can be used to deliver spam, to launch DDoS attacks, but also to implement other types of malware. This second-stage delivery process occurs with the help of steganography, which crooks use to bundle their malicious code inside image files. Jaku infects users via poisoned torrent files Forcepoint says that infections usually takes place via malware-laced files shared via BitTorrent. The group usually goes after high-value targets but doesn’t mind if other users are infected as well. Security researchers say the group has shown interest in international Non-Governmental Organizations (NGOs), engineering companies, academic institutions, scientists and government employees. “The Jaku campaign has clear connections with the TTPs used by the threat actors discussed by Kaspersky in the Darkhotel investigations from November 2014,” Forcepoint researchers point out. The Darkhotel group was later known as Dark Seoul , and has recently been connected to hackers in North Korea, part of the Lazarus Group . Source: http://news.softpedia.com/news/new-jaku-botnet-already-has-19-000-zombies-ideal-for-spam-and-ddos-attacks-503689.shtml

Read the original post:
New Jaku Botnet Already Has 19,000 Zombies, Ideal for Spam and DDoS Attacks

Businesses pay $100,000 to DDoS extortionists who never DDoS anyone

In less than two months, online businesses have paid more than $100,000 to scammers who set up a fake distributed denial-of-service gang that has yet to launch a single attack. The charlatans sent businesses around the globe extortion e-mails threatening debilitating DDoS attacks unless the recipients paid as much as $23,000 by Bitcoin in protection money, according to a blog post published Monday by CloudFlare, a service that helps protect businesses from such attacks. Stealing the name of an established gang that was well known for waging such extortion rackets, the scammers called themselves the Armada Collective. “If you don’t pay by [date], attack will start, yours service going down permanently price to stop will increase to increase to 20 BTC and will go up 10 BTC for every day of the attack,” the typical demand stated. “This is not a joke.” Except that it was. CloudFlare compared notes with other DDoS mitigation services and none of them could find a single instance of the group acting on its threat. CloudFlare also pointed out that the group asked multiple victims to send precisely the same payment amounts to the same Bitcoin addresses, a lapse that would make it impossible to know which recipients paid the blood money and which ones didn’t. Despite the easily spotted ruse, many businesses appear to have fallen for the scam. According to a security analyst contacted by CloudFlare, Armada Collective Bitcoin addresses have received more than $100,000. “The extortion emails encourage targeted victims to Google for the Armada Collective,” CloudFlare CEO Matthew Prince wrote. “I’m hopeful this article will start appearing near the top of search results and help organizations act more rationally when they receive such a threat.” Source: http://arstechnica.com/security/2016/04/businesses-pay-100000-to-ddos-extortionists-who-never-ddos-anyone/

Continue Reading:
Businesses pay $100,000 to DDoS extortionists who never DDoS anyone

South Korea no 1 origin point for DDoS attacks

South Korea has taken the top spot as the largest origin point for DDoS attacks in 2016. Imperva documented DDoS attacks coming out of South Korea at a rate nearly triple that of Russia, which came in second. In fact, South Korea attained a proportion of global DDoS responsibility greater than the next three countries combined. DDoS attacks are one of the more popular tools in the hacker’s toolkit. DDoS, or distributed denial of service attacks, work by essentially flooding the target with traffic. Attackers will normally employ botnets to do this, making it seem as though millions of people are all visiting the same site at the exact same second. Though a favourite of hacktivists, the attack is also employed by cyber-criminals, often using it as a smokescreen to distract defenders while stealing information from the parts of networks that are left undefended. The blackmail group DD4BC, for example, would relentlessly DDoS websites until the unfortunate victims coughed up a couple of bitcoins. Ewan Lawson, a Royal United Services Institute fellow and expert in cyber-security, offered insight as to why South Korea might have reached this zenith. Lawson told SCMagazineUK.com , “It feels like it is in part a reflection of the networked nature of [South Korea] but there are other countries with similar degrees of penetration or greater.” South Korea has one of the highest internet penetration rates in the world and also enjoys one of the faster internet speeds, last year rated at an average of 23.6 Mbps. “It would therefore suggest”, said Lawson, “that there is some vulnerability in the gateways and/or servers that are being exploited by the DDoS enabling malware.” Igal Zeifman, senior manager at Imperva, told SC , “As a rule, botnets thrive either in regions with high Internet connectivity or in emerging Internet markets with a high prevalence of unsecured connected devices.” Zeifman added, “South Korea certainly fits the former scenario, with botnet shepherds benefiting from the organic evolution in connection speeds—something that also improves the attacking (upload) capabilities of compromised devices.” Botnets have been growing rapidly in South Korea over the past year. The South Korean DDoS activity primarily comes from two botnets – Nitol and PCRat – both of which offer remote control over the infected devices. Where they differ is their attack traffic signatures, Zeifman told SC. Nitol, for example, is a Chinese botnet and will probably send out attack disguised as search engine crawlers from Baidu, an immensely popular Chinese website. Jarno Limnell, professor of cyber-security at Aalto university in Finland, explained to SC that both of these botnets are Windows based: “A typical ‘member’ of a botnet is, therefore, a Windows PC. The easiest way to do it – non-updated (and possibly illegal) Windows with the appropriate vulnerability. I guess that in South Korea there a lot of these kind of PCs available to build botnets.” Russia and Ukraine came second and third respectively. Though beaten by South Korea, Zeifman told SC that the two countries owe much of their increased activity to “the emergence of new botnets built out of Windows OS devices compromised with the Generic!BT malware”. Zeifman added this may be indicative of poor security in those countries: “The fact that a known, and pretty outdated, type of malware is successfully being used points to inefficient security measures on the part of device owners.” Meanwhile, and perhaps unsurprisingly, the United States was the most DDoSed country in the world over the last quarter, far outpacing the combined total of the other nine most DDoSed countries. Some of the report’s other findings included the fact that DDoS attacks, are “upping their game” when it comes to botnets. Imperva’s report says this, “this was best exemplified by an increase in the number of DDoS bots with an ability to slip through standard security challenges, commonly used to filter out attack traffic.” Over the first quarter of this year, the number of these kinds of bots “mushroomed” from 6.1 percent to 36.6 percent, as a proportion of total bots. What makes them different is that some of these bots can hold cookies while others can spot javascript, making for a deadly combination. DDoS attackers are also narrowing their gazes. Imperva notes that while DDoS attacks may have once been brutish and crude, the company is seeing far more finesse in the deployment. Attackers have been experimenting with new methods and vectors, which the reports says suggests “that more perpetrators are now re-prioritising and crafting attacks to take down DDoS mitigation solutions, rather than just the target.” Source: http://www.scmagazineuk.com/south-korea-no-1-origin-point-for-ddos-attacks/article/491220/

More:
South Korea no 1 origin point for DDoS attacks

Anonymous Conducts Usual DDoS Attacks on Israel for #OpIsrael

“Anonymous” vows to carry on its annual assaults on Israeli infrastructure linked to its #OpIsrael campaign on April 7, 2015 — However, it seems more hype than harm The first attacks in connection with #OpIsrael occurred in 2013, wherein some divisions of the Anonymous hackers mutually launched multiple organized cyber-attacks against Israeli websites on the eve of the Holocaust Remembrance Day, on April 8. From 2013 onwards, the group carried out such attacks consistently same date every year, and in a recent video statement, it has pledged to continue these attacks in 2016. However, this year, Holocaust Remembrance Day is on May 4, but the attacks will still occur on April 7. Israel has planned a hackathon on ironically the same day: In recent years, these cyber attacks contained DDoS attacks, database leaks, website defacements, and social media account hijacking but aAfter the recent spasms against Ukraine’s electrical power grid, this year, the Israeli government has also arranged a hackathon with over 400 participants who will take on against the potential cyber-attack on the country’s power grid, transportation system, and government IT networks. This potential threat based hackathon is also scheduled for today. History of some high-profile cyber attacks against Israel: 1. In 2013, Israel’s major traffic tunnel was hit by a cyber-attack, causing huge financial damages. 2. In 2014, Izz al-Din al-Qassam Brigade of Hamas successfully hacked the ongoing transmission of famous Israeli Channel 10 and replaced it with images of wounded Palestinian families. 3. In April 2015, several computer networks belonging to the Israeli military were penetrated by Arabic-speaking hackers under a four-month spying campaign by using provocative images of IDF’s women soldiers. 4. In January 2016, Israeli power authority network was hit by a sophisticated ransomware. 5. In February 2016, pro-Hezbollah hackers took over country’s security camera systems. Data leak and DDoS attacks conducted by Anonymous and pro-Palestinian hackers: The hacktivists are already targeting Israeli government and civilian websites. In the latest attacks, hundreds of government-owned websites have been under DDoS attacks forcing them to stay offline. There are several tweets containing Pastebin links in which attackers are claiming to dump credit card data of several Israeli citizens. One hacktivist group going with the handle of RedCult has leaked a list of about 1000 alleged Facebook users from Israel containing emails and their clear-text passwords. The websites that have been taken offline include Israel Defense Forces, Israeli ministry of justice, Israeli Immigration, Israel Police Department, Israel Airport Authority, Israeli ministry of justice, rights and services for Holocaust survivors and other top government websites. Source: https://www.hackread.com/anonymous-cyber-attack-on-israel/

See original article:
Anonymous Conducts Usual DDoS Attacks on Israel for #OpIsrael