Living with the threat of announced hacking activities targeting industries like #OpPetrol are part and parcel of conducting business online. If Internet chatter is to be believed, #OpPetrol v2 might be in the works. While it is difficult to predict whether this will turn out to be true, the warnings are a good reason for network defenders to review what has happened in the past and formulate some insights that they can use to holistically bolster resilience and countermeasures against targeted attacks.
An estimated 1,000 websites, 35,000 email credentials, and over 100,000 Facebook accounts have been claimed as compromised since the announcement of #OpPetrol v1. These defacements and disclosures are consistent with what has been seen in recent operations, where the attacks did not seem to get much traction
“Announced operations like these with their relative open disclosure of tactics, tools, and procedures are golden opportunities for evaluation and improvement of countermeasures in real world scenarios. Taking advantage of these opportunities helps train people, process, and technology to recognize signals of a targeted attack regardless whether it is publicly disclosed or covert,” said Dhanya Thakkar, Managing Director, India & SAARC, Trend Micro.
What can we learn from these observations?
Timing: Attacks begin at least as soon as the operation is announced. It is more likely that at least vulnerability scanning and reconnaissance has already occurred prior to an announcement. Attacks will occur over time and not necessarily on one given day. The announcement of a follow-up attack demonstrates that it’s never really "over."
On becoming a target: While it is clear that politics or financial benefit alone can make you a focused target. Simply having vulnerable systems can make you a target of opportunity or part of collateral damage, regardless whether you or your industry is the advertised target. It is also common for the official target list to evolve, so this should be monitored. The amount of resources you spend on monitoring and managing announced attacks should be commensurate to your relation to the named targets.
Threat actors: According to the communications and damage claims, #OpPetrol v1 had many of the same Anonymous participants as #OpIsrael and #OpUSA. Offensive tactics, tools, and procedures in future attacks, like v2, shouldn’t vary too much, but political causes can attract different participants with different skills and motivations at different times.
What can be done in the future?
Targeted attacks happen all the time; and everyone is, at some point, a target. This is bigger than Anonymous’ operations. There are a number of ways to holistically bolster resilience and countermeasures against targeted attacks, regardless of the specific threat actor and motivation.
These actions can help prepare your environment regardless whether it is a small business, global enterprise, or country. What people, processes, & technology can you invest in today to make your organization more resilient for when you are the target? If hacktivist, criminal, or other threat actors have specifically targeted you and you noticed, you should assume some level of compromise has already occurred and already be in the process of enhancing your security portfolio.
Trend Micro has multiple configurations of detection and prevention solutions available for businesses of all sizes. Many of our solutions are built specifically to provide countermeasures against targeted attacks.
While activities related to hacker collective operations represent a real threat to enterprises, Trend Micro encourage all defenders to view these as reasons to invest in security that can detect targeted attacks, regardless of threat actor or motivation.
After all, while everyone is a target sometime, not everyone has to be a victim.
Comments
Post a Comment