Hactivists, and others intent on sabotage such as disgruntled employees, are expanding their tactics beyond Distributed Denial of Service (DDoS) attacks. So warns Dell SecureWorks’ Enterprise Brand and Executive Threat Surveillance team
Rick Hayes, Sr. Manager, Security and Risk Consulting for Dell SecureWorks, said: “Unfortunately, in today’s attack climate, if you are an organisation which is likely to be a target of hacktivism and you do not have an intelligence team monitoring the Internet on your behalf, you have to be prepared for far more than just one attack strategy. The cyber campaigns being launched by hacktivists today aren’t merely consisting of a Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks (where large amounts of Internet traffic are directed at a website in hopes of knocking it offline). But rather, we are seeing hackers launch a barrage of different cyber-attacks at their target including everything from DDoS attacks to website defacements, web application attacks, and spear phishing attacks looking to steal valuable customer and employee data to the hijacking of corporate Twitter credentials.”
In addition to DoS/DDoS attacks, the IT firm says they are seeing hacktivists launch the well-known, but still very successful SQL Injection and Cross-Site Scripting attacks against organisation’s web applications. Using these tactics, the hackers hope to find a hole in the web applications so they can enter the target network and ultimately gain access to the company’s back-end databases, where valuable customer and /or employee data is often housed, or they use their access to deface the website, leaving damaging messages for all website visitors to see.
If the web application attacks don’t work, social engineering continues to be one of the most successful ways of getting a foothold into a company’s network. Threat actors will begin by researching an organisation and its employees, often finding a plethora of valuable data about their victims, from their corporate website, as well as popular social and corporate networking sites. From here, the cyber hackers will determine the victim they want to target.
Depending on the data they want to steal, the target could be the VP of Finance, the Network Administrator, or the CEO. The ‘threat actors’ in the IT jargon will send well-crafted emails or tweets, often spoofing the email address, Facebook, or Twitter account of a colleague or friend. The subject of the message will be one the victim is familiar and interested in. The message will contain a malicious link or attachment. If clicked on and the user’s device is vulnerable to the exploit then their computer or mobile device will be silently infected, giving the hacker access to their computer. From there, the hacker can often traverse to other parts of the corporate network where customer and/or employee data is housed.
It can lead to the public posting of
Another mode of attack often mounted alongside these latter attacks, is the hijacking of corporate twitter accounts. In April 2013, hactivists got access to the credentials of a news wire’s corporate twitter account and sent out a fake tweet
Protecting against
If an organisation is in a high profile industry, then it is important the IT firm says for the entity to consider the cyber risks it faces, not just from cyber criminals looking for financial gain but from those groups looking to sabotage or disrupt the business. In addition to having security monitoring what is being said across the internet about and by an organisation’s personnel, the It firm suggests security layers so an organisation is not vulnerable should it be hit by a surprise attack.
Defences for DDoS Attacks
· Implement a bogon (bogus IP address) block list at the network boundary to drop bogus IP traffic.
· Separate or compartmentalise critical services, including public and private services; intranet, extranet, and Internet services; and create single-purpose servers for services such as HTTP, FTP, and DNS.
A dedicated firewall for each of the services mentioned, eg: service specific control, such as a web application firewall. Implementing a load balancer is another good tactic.
· Keep contact information for your ISP, Intrusion Detection, Network Administrators, and Firewall teams close at hand so that in case of an attack you can contact the parties who need to know about the attack and who can help to mitigate the issues. Scrambling around for this information last minute can lead to unneeded downtime.
· Evaluate and implement dedicated DDoS mitigation technologies. Having dedicated hardware for mitigating DDoS and DoS-styled attacks can help keep strain off targeted systems and provide your DDoS response team with much needed time to find and eliminate the attack.
· Run a Denial-of-Service Preparedness Assessment
Identifies risk exposure
Highlights ability to withstand attacks
Ensures a tested response methodology (An Incident Response Plan) is in place.
Hayes said: “Although we continue to see cases where hackers are breaking into organisations by entering through their vulnerable web applications. The good news is we are seeing an uptick from small and medium businesses asking for our Web Application Scanning Service. I believe they have learned from some of the large and expensive public breaches, which have been a result of web application attacks, that it is cheaper in the long run to employ regular scanning of web applications and fix the vulnerabilities immediately so as to keep a company’s assets secure.”
Defences for social engineering attacks
Educate employees and partner vendors to be on alert for cyber criminals trying to social engineer them into clicking on a malicious link in an email, tweet, or Facebook message. The scammers often spoof the “from email” to make it look like it is coming from a colleague or friend. Never click on a link or attachment, always check with the sender first.
Employees and partner vendors should be wary of social media messages they receive, especially around breaking news stories. Hackers take advantage of these types of events. These often appear to be from a friend or colleague. Because the character limitations, a shortened URL will be included in the message, which in reality is a malicious link in disguise, once clicked on, if vulnerable to the malware the recipient could be compromised but will never know it, until it is too late.
Organisations with highly valuable informational assets, should consider implementing a Malware Protection System, which will review and scrub each email for malicious content before it is delivered to the recipient and will block malicious web content from being delivered to the computer user. These Malware Protection Systems also detect and block other obfuscated attacks before they can compromise their targets.
Corporate Twitter account hijacking
Consider dedicating a secure computer to only doing your Twitter activity. That dedicated computer or virtualized desktop would not be used for any other activities, such as sending and receiving emails or surfing the web. Malicious email and web exploits are two of the key malware infection vectors.
Educate your computer users to NEVER click on links or attachments within emails from untrusted sources or even trusted sources. Even if the user recognises the sender, they should confirm that the sender has sent the specific email or social media message to them before clicking on any links or attachments.
Online computer users should avoid using weak or default passwords for any online site, including their Twitter account.
Corporate twitter account holders should utilise two factor authentication.
Make sure your anti-virus and security protections for your users’ computer systems (including for third party plugins), is current, up-to-date and can protect against the latest exploits. Patch management is key. It is critical that as soon as the updates become available you install them for your applications and for your computer’s operating system.
