How to prepare for a hacktivist attack
- 13 July, 2012 11:20
Sony, News Corp and NATO. What do these organisations have in common? They have all been targeted by the hacktivist super group, Anonymous.
However, these attacks could have been avoided, or at least the impact reduced, with monitoring of social media and installation of Web application firewalls, according to one security expert. Speaking at SecureSydney 2012, Imperva Australia and New Zealand principal security architect, Paul Steen, walked delegates through the timeline of an Anonymous attack on one of its customers which took place in 2011. For security reasons, he did not name the company.
In-depth: Information security 2011 Research Report.
The company’s website was subjected to numerous application attacks followed by an estimated 500,000 to 600,000 distributed denial of service (DDoS) attempts over approximately four days.
According to Steen, Anonymous was unsuccessful in its attempts to crack the website and, fortunately, the organisation knew the attack was coming before it happened.
“They rang us up and said there was evidence on the internet that Anonymous would be targeting us,” he says.
According to Steen, there are four steps organisations can take to avoid appearing on the Anonymous hit list.
Monitor social media
“Follow yourself on Google and set up alerts on Google to notify you when your organisation pops up in communication across the internet on sites such as Twitter,” he says.
“You need to be proactively monitoring so you know when an attack is coming.”
Even though Anonymous has been very successful at attacking numerous organisations, it virtually always announce that it is coming on social networking sites such as Twitter, says Steen.
According to Steen, application security is important. This should include Web application firewalls (WAFs), vulnerability assessment and code reviews.
“Every attack that Anonymous has mounted where data has been stolen is through the Web application," he says.
Prepare for DDoS attacks
“Anonymous typically likes to steal data and then take down the website if they can,” he says.
“Analyse the alert messages generated by your security device and read the logs. We often have plenty of security devices deployed but no one is paying attention to the devices.”
Internet protocol (IP) reputation
According to Imperva’s monitoring of the attack on its customer, a high percentage of the skilled hackers were operating from an unknown IP source.
“They were using anonymous proxies so by having security in place that identifies and can give you information on the IP reputation, you can mitigate this problem before the attack even takes place,” Steen says.
Finally, he adds that Anonymous are “opportunists” and will go after an organisation that is vulnerable. “If it’s interesting, then they attack the organisation and then after the fact make up some cause of why they did it,” he says.
Follow Hamish Barwick on Twitter: @HamishBarwick
Follow CIO Australia on Twitter: @CIO_Australia
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.
Why change management doesn’t work
Larry Page wants to see your medical records
Dual-Persona Smartphones Not a BYOD Panacea
After two-year hiatus, EFF accepts bitcoin donations again
CIOs struggle to deliver timely mobile business apps: survey
Batten Down the Hatches! A Guide to Protecting Data in Motion
The risks facing high-speed data networks and unencrypted data while in motion are very real and on the rise. As information becomes one of the most valuable ‘off balance sheet’ assets, protection of that information and the investment in it is a paramount obligation of office-holders and management. Read now for a better understanding of the risks to data in motion.
Best Practice in BYOD
The key trend affecting enterprise mobility today can be summarized in four letters: BYOD – Bring Your Own Device. As the number of end-users bringing devices into your organization grows, so does the need for an effective Enterprise Mobility Management (EMM) solution. Learn how to manage devices across multiple platforms all from a single, centralised and unified management console. Download for more!
Implementing A Security Analytics Architecture
According to the 2012 Verizon Data Breach Investigations report, 99% of breaches led to data compromise within “days” or less, whereas 85% of breaches took “weeks” or more to discover. This presents a significant challenge to security teams as it grants attackers extended periods of time within a victim’s environment. More “free time” leads to more stolen data and more digital damage. Principally, this is because today’s security measures aren’t designed to counter today’s more advanced threats. Read on.