On June 20, Anonymous will launch the #OpPetrol campaign against international gas and oil companies. It was announced on May 11, shortly after the campaign called #OpUSA began.
These types of organized attacks are often similar, as we have seen in previous operations, and may include:
- Distributed denial-of-service (DDoS) attacks
- Hacking and defacing social media accounts or posting fake messages
- Hacking and defacing organization websites or stealing information and posting it as "proof" of breach
- Hacking organization servers and attempting sabotage, such as planting disk wiping malware
There are various ways attackers may target these organizations, including using tools like the LOIC (Low Orbit Ion Cannon) or phishing emails to trick recipients into revealing account login details.
Symantec advises organizations to be prepared for attacks in the coming days.
Organizations should monitor for unusual activities in their networks, particularly any attempts to breach the perimeters. Staff members should be specifically trained on social engineering mitigation tactics along with regular security awareness training. As always, we continue to stress the importance implementing a multi-layered approach to defense.
These recommendations apply to all organizations as best practices that should be carried out regularly as most attackers do not provide warnings in advance to targets.
Following on from recent concerted campaigns by Anonymous against Israel on April 7 and Facebook on April 5, the latest target for the online hacktivist collective is the USA and American online interests. Today, hackers and script kiddies of various affiliations are expected to begin a campaign of hack attacks and general online disruption against any target that is related to the USA. From previous activity of this sort, the attackers are generally opportunistic in nature and will aim for the low hanging fruit. Attacks may take various forms including the following:
- DDoS attacks
- Hack social media accounts and deface or post fake messages
- Hack organization websites and deface or steal information and post it as “proof” of breach
- Hack organization servers and attempt sabotage such as planting disk wiping malware
- Less likely but plausible scenarios could include attacks against ICS/SCADA systems causing real-world impacts, for example disruptions of traffic control systems or electrical grid/power generation
Attackers may use any number of means to gain access or carry out their attacks, the favored methods include:
- Password brute-forcing as seen against WordPress sites recently
- Phishing emails to trick recipients into revealing account login details
- Use of distributed botnets to perform DDoS attacks. Recent high-profile attacks against US financial institutions were performed by using web server based botnets running PHP.Brobot allowing for increased attack bandwidth. Opportunistic attackers will use tools such as LOIC to participate in DDoS attacks.
- Traditional targeted attack methods involving the use of emails with exploit laden attachments or links to exploit kit websites
OpUSA was first announced back in April and it is quite possible that attackers have been preparing for this event for some time. For example, the recent mass attacks against WordPress sites may have netted attackers a large number of compromised webservers which may now be leveraged to perform large scale attacks for an event such as this one. The initial pastebin announcement included a wish-list of targets, indicating that US government and financial related sites are high on the agenda. We know that other US organizations will also be targeted as a large number of participants may not have the necessary skills or wherewithal to perform attacks against high-profile targets. These attackers with limited skills may perform opportunistic attacks against less protected organizations using basic techniques or toolkits widely available.
The much publicized activities of OpIsrael has shown that these concerted campaigns can have some level of success. Clearly, OpIsrael never lived up to its claim of “wiping Israel off the internet” but it did result in an increased number of organizations coming under attack. Another observation from OpIsrael is that attacks often started earlier than planned as some hacktivists either jump the gun or perhaps May 7 comes earlier for them depending on where they are based in the world. The same thing is happening this time and already some reports of site defacements and database leaks are trickling in.
Organizations with American interests should be prepared for attacks in the coming days and monitor for unusual activities in their networks and any attempts to breach their perimeters. Staff should also be trained on social engineering mitigation tactics and provided security awareness training. As usual, increased vigilance and a multi-layered approach to defense should help to ward off all but the most determined attackers.