OpAbdiMohamed

Abstract

The hacktivist group New World Hackers is currently targeting the capital and most populous city of Utah, Salt Lake City, as part of a new operation, OpAbdiMohamed. New World Hackers, the same group involved in OpAfrica, is now relying on cyber-assaults to bring attention to the shooting of a teenage boy, Abdi Mohamed.ⁱ Abdi Mohamed is a 17-year-old that was shot by Salt Lake City police while holding a broomstick.

Background

 
Figure 1: SLC Airport website down

On the morning on March 13, 2016, the New World Hackers (NWH) began OpAbdiMohamed via a series of DDoS attacks on several targets in and around Salt Lake City area, including the SLC police department, SLC airport and Regions bankⁱⁱ. NWH claim that they have more major attacks planned for this operation and will be launching these attacks as soon as tonight, March 14th 2016 (see Figure 1 & 2).

 
Figure 2: New World Hackers claim larger attacker are soon to come

The New World Hackers have recently attacked a number of major sites. Targeted sites include Donald Trump, Xbox, HSBC, BBC, and the YMCA. They have also been core participants in numerous Anonymous operations including, OpISIS, OpNimr OpKorea, OpAfrica, OpChina, OpParis and others.

Reasons for Concern

This group is known for its pure network power. Their attack against the BBC was rumored to be 602Gbps. When the New World Hackers join an operation they usually take down everything included on the target list. At the moment they are supporting OpAbdiMohamed and BlackLivesMatter.

 
Figure 3: FirstUtahBank.com

What's Expected Next

It's expected these attacks will continue as a greater audience becomes aware of the events surrounding the Abdi Mohamed shooting. It's expected that attackers will release information about the SLC police officers – and perhaps other police departments involved in similar cases - and conduct both digital and physical protests around the police department.

Recommended Steps for Organizations at Risk

• A security solution that can protect its infrastructure from multi-vector attacks including protection from network and application based DDoS attacks as well as volumetric attacks that can saturate the Internet pipe.
• A hybrid solution that includes on premise detection and mitigation with cloud-based protection for volumetric attacks. This provides quick detection, immediate mitigation and protects networks from volumetric attacks that aim to saturate the Internet pipe.
• A solution that provides protection against sophisticated web-based attacks and web site intrusions to prevent defacement and information theft.
• A cyber-security emergency response plan that includes an emergency response team and process in place. Identify areas where help is needed from a third party. Monitoring security alerts and examine triggers carefully. Tune existing policies and protections to prevent false positives and allow identification of real threats if and when they occur.

In addition to Radware products, we recommend that you review your network patch your system according. Maintaining and inspecting your network often is necessary in order to defend against these types of risks and threats.

Under Attack and in Need of Expert Emergency Assistance?

Radware offers a full range of solutions to help networks properly mitigate attacks similar to these. Our attack mitigation solutions provide a set of patented and integrated technologies designed to detect, mitigate and report todays most advanced cyber threats. With dedicated hardware, fully managed services and cloud solutions that protect against attacks, Radware can help ensure service availability. To understand how Radware's attack mitigation solutions can better protect your network contact us today.

• ⁱ http://www.nydailynews.com/news/national/teen-shot-slc-identified-17-year-old-abdi-mohamed-article-1.2546558
• ⁱⁱ https://www.hackread.com/salt-lake-city-police-airport-websites-ddos-attacks/