Organised ‘hacktivist’ attacks from groups like Anonymous can be mitigated and defended against, Tal Be’ery of Imperva has told delegates to AusCERT. However, companies that might be targets for such attacks need to understand that hacktivists are no longer primarily concerned at launching a DDoS against their target site.Be’ery said while the threat of an “Internet blackout” by Anonymous earlier this year reinforces the stereotype that denial-of-service is the hactivists’ purpose, if they are able to successfully penetrate their target’s security, they have the ability to create much more lasting damage (for example, by deleting files or publishing business secrets).A successful exploit, he said, “damages data availability, privacy and integrity” while DDoS merely makes a site unavailable while the attack lasts.Hence, potential targets should consider the risk of a successful intrusion “first and foremost”, because even a successful DDoS attack is still the “last refuge” of the hacktivist. The attack Be’ery described was launched using the “mobile LOIC” (Low Orbit Ion Cannon), with attack traffic spiking on the last two days of the attack – however, prior to the attack, Imperva had already seen precursors, both in the form of scanning traffic, but also simply by seeing itself discussed in social media feeds attributed to Anonymous.“[Social media]can be used to set up an early warning system,” Be’era pointed out: “and it doesn’t have to be sophisticated. Even a very simple Google alert will tell you if they’re talking about you the wrong way.” Be’ery said the company found itself, in the lead-up to the attack, seeing recoinnasance-style traffic that identified the tool being used as the Iranian Havij tool, which provides automated SQL injection and data harvesting.“This part of the attack was conducted by a small, dedicated technical group,” Be’ery said – a common pattern, with a larger crew of DDoS volunteers being drawn in as supporters only when the first attack failed.When the attack was escalated to DDoS, he said, it came from the “mobile” LOIC (Low Orbit Ion Cannon), which is designed to overload the target not just by flooding it with low-layer packets, but by crafting URLs designed to overload the application. This, he said, isn’t blocked by strategies that focus on TCP/IP-level denial-of-service.The key mitigation/protection strategies Be’ery highlighted include “checking yourselves and your application vulnerabilities on Google; create blacklists; deploy a Web application firewall; and block automated traffic.”#auscert2012Follow @CSO_Australia and sign up to the CSO Australia newsletter. Related content news Multibillion-dollar cybersecurity training market fails to fix the supply-demand imbalance Despite money pouring into programs around the world, training organizations have not managed to ensure employment for professionals, while entry-level professionals are finding it hard to land a job By Samira Sarraf Oct 02, 2023 6 mins CSO and CISO CSO and CISO CSO and CISO news Royal family’s website suffers Russia-linked cyberattack Pro-Russian hacker group KillNet took responsibility for the attack days after King Charles condemned the invasion of Ukraine. By Michael Hill Oct 02, 2023 2 mins DDoS Cyberattacks feature 10 things you should know about navigating the dark web A lot can be found in the shadows of the internet from sensitive stolen data to attack tools for sale, the dark web is a trove of risks for enterprises. Here are a few things to know and navigate safely. By Rosalyn Page Oct 02, 2023 13 mins Cybercrime Security news ShadowSyndicate Cybercrime gang has used 7 ransomware families over the past year Researchers from Group-IB believe it's likely the group is an independent affiliate working for multiple ransomware-as-a-service operations By Lucian Constantin Oct 02, 2023 4 mins Hacker Groups Ransomware Cybercrime Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe