Cybersecurity in Asia Pacific: prepare against hacktivism!
In the last days, global hacktivist group 'Anonymous' have claimed responsibility for a number of attacks within the Asia Pacific region. Their motivations range from protests against Internet censorship, alleged government corruption, and state-sponsored spying on foreign soil.
Let’s take a quick look at what has happened so far:
cyberattacks against Singaporean government
Singapore Government was targeted on Thursday 31/10 by an individual (or group of individuals) called “The Messiah” who claims to represent the Anonymous collective. About 19 government sites suffered several hours while the website of Singapore’s biggest newspaper, Straits Times was defaced.
cyberattacks against Philippines government
Philippines government has had a number of its Websites defaced and is dealing with a group claiming to be part of the anonymous collective. Anonymous Philippines claimed on its Twitter page that they disrupted accessibility to two government websites.
cyberattacks against Australia government
A hacking group with links to Anonymous has claimed responsibility for attacks against government websites in response to allegations of the Australian government spying against Indonesia. Further, Anonymous’ Indonesian members claimed that they defaced over 170 Australia-based websites.
who is Anonymous?
Based on what has been published so far, the Anonymous operations across the region appear not to be related to each other, yet their attack methods are largely the same – attack insecurely configured Websites and deface them to promote their political message.
Key observations and trends are that 'successful' attacks are somewhat indiscriminate, with 'anons' moving onto the ‘softer’ targets to achieve their objective and obtain publicity for their cause. Initial reports reveal that many of the compromised systems are as a result of exploiting ‘un-patched’ and insecurely configured Websites as opposed to more sophisticated techniques as seen in targeted attacks.
what methods do they use?
Hackivists, unlike cyber criminals or other forms of cyber adversaries, are about creating awareness of their political campaigns. Most often this is through launching ‘Denial of Services’ attacks and defacing Websites. Sometimes though, they use various methods (Application & Infrastructure Layer Attacks) to obtain sensitive data to publicly embarrass their target. The lines, however, between a hacktivist and a cybercriminal can quickly blur when the data obtained has significant commercial value in cyber-criminal communities.
how to protect yourself
Distributed Denial-of-service(DDoS) attacks are considered to be a deliberate effort by an attacker to prevent genuine users of a service from accessing that service. They follow through with their attack by either crashing the service completely or flooding it to the point where those real users can no longer access the site. Typical indications that you have been hit by a DDoS attack are usually reflected by an abnormally slow network performance. If you own a website that has been running smoothly for some time, then suddenly you are receiving extremely slow speeds, then it’s possible that you are being targeted. Denial of service attacks also essentially lead to the complete unavailability of a website.
There are several ways that your Domain Name Servers (DNS) may contain vulnerabilities that could be taken advantage of by potential attackers. An assessment of your DNS vulnerabilities would be highly warranted if you suspect that you are a potential target.
Having a full understanding of how your perimeter defense works is a great start to protecting yourself from possible DDoS attacks. It’s important to remember that you should have more than one layer of defense, because experienced attackers will find other opportunities to evade those particular blocks.
There are myriad of solutions in the market that can help enterprises to mitigate risks, but there is no silver bullet that solves it all. Enterprises have different risk appetite and may already have some form of DDOS counter measures in place.
However, its key to conduct a baseline assessment of what are your existing exposures, risk appetite and defense mechanism in order to plug the insidious gap.