Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

BLOG: Anonymous targeting Asian government sites

Wade Williamson | Nov. 11, 2013
Hacktivism season seems once again in full swing, so it's crucial to know what you're up against and safeguard your data as much as possible.

Guy Fawkes Day was November 5th, and a variety of loosely affiliated movements from Occupy to Anonymous joined to commemorate the day with a Million Mask March. However, it seems that Anonymous or at least Anonymous affiliated hackers in Asia decided to get an early start on the festivities with a variety of attacks against government websites in Australia, Singapore, and the Philippines.

Thus far, these attacks all bear the unmistakable signs of hacktivism, in that the compromised sites were defaced with political messages. Obviously, these sorts of attacks are nothing new, and we have been seeing a bit of their resurgence in the past few months. Prior to this action from Anonymous, the Syrian Electronic Army or SEA had claimed responsibility for a string of attacks targeting large news media organizations ranging from the New York Times to Twitter.

Whenever one of these attacks makes the news, it always seems to spur questions about how such a thing can continue to happen. I wanted to briefly share some of the more common tactics we are seeing against legitimate websites.

Direct Attack 

First, it's important to realize that websites, and more specifically web servers, are very common targets for attackers. If the website accepts input from an end-user, that site can be subject to a variety of injection techniques that can allow an attacker to compromise data that the website serves, or ultimately compromise the server itself. These attacks will typically exploit a weakness in the way that the website or application validates a user's input, which allows an attacker to send specially crafted input to compromise the webserver or application. These attacks are extremely common, and are generally mitigated through a combination of IPS to detection injection attacks, web-application firewalling to detect specific attacks against web applications, vulnerability testing of websites, and training to ensure secure coding and web development practices.

Password Compromise 

Ultimately, people manage websites, and those people will have passwords to authenticate themselves when managing the site. If an attacker can compromise those credentials, then the attacker gains all the privileges and access of the administrator. This technique was heavily utilized earlier in the year when the SEA was able to steal Twitter credentials for news organizations and was able to send out fake news updates that caused significant movement in financial markets.

This approach can somewhat bridge the gap between hacktivism and the more advanced threats or APTs. To steal a valid user's credentials, attackers will send targeted phishing emails in order to lure the user into entering their credentials into the attacker's website or to deliver malware to the target that will steal the user's password from the local machine. This approach includes some of the basics of an APT, but ultimately the goal is still to gain notoriety for the attacker. Mitigating these attacks requires a complete approach to cybersecurity capable of blocking all types of malicious traffic and content ranging from drive-by downloads, exploits and malware to command and control traffic and malicious URLs, as well as proactive testing of any unknown files or traffic to expose hidden threats. Additionally, end-user training can help users learn to recognize phishing attempts, and two-factor authentication should be implemented to protect web resources from simple password compromises.

 

1  2  Next Page 

Sign up for CIO Asia eNewsletters.