"That sort of probe-based, pre-attack reconnaissance is something new that we've seen in the phase three section," Summers said.
Given the group's constant shift in targets and growing sophistication, security experts did not expect the attacks to end anytime soon. "All projecting current trends forward, it's not clear they have any intention of stopping," Summers said.
From the start, the attackers have used a botnet of Web servers compromised using the Brobot DDoS tool, also known as "itsoknoproblembro." In March, the botnet was linked to DDoS attacks against three online role-playing sites used by gamers, BankInfoSecurity reported. The attacks led some security experts to speculate that either the botnet was hijacked or rented out.
Scott Hammack, chief executive of Prolexic, said the company has seen Brobot traffic used against energy companies and organizations in Europe. However, Hammack did not know who was behind the attacks, but believed it was more than one group.
"It's difficult to say, but yes, that would be my guess," he said.
The Islamic group claims they are acting in protest of a YouTube video mocking the Prophet Muhammad. They vow to continue the attacks until the video, called the Innocence of Muslims, is removed from the site. U.S. government officials have said they believe the attacks are originating from Iran.
Read more about malware/cybercrime in CSOonline's Malware/Cybercrime section.
Sign up for CIO Asia eNewsletters.