Recent distributed denial-of-service (DDoS) attacks against global brands by the Anonymous group have led to corporates worrying about being hit and how to mitigate the effort.
A source close to SC Magazine revealed that their company was concerned about being hit ‘as we have interests in the US'. According to Prolexic, even large organisations are unprepared for a DDoS attack and do not know what is going on when they are being attacked.
Paul Sop, CTO of Prolexic, said: “So far the attacks related to the WikiLeaks phenomenon have by no means been the largest we have seen. What is really wreaking havoc with these enterprises is how often the attackers can rotate the attack vectors. Many organisations that believe themselves to be protected from web attacks are in fact unable to respond to the diverse methods being used.
“Denial-of-service is devastating for any organisation, causing the collapse of its website and potentially huge loss of income. Individuals who have consciously downloaded malware to make their PC part of the Anonymous DDoS armoury are complicit in illegal activity that carries a prison sentence in many countries including the US and UK.”
The past few weeks have seen a number of DDoS attacks against those deemed to be against WikiLeaks, with the Amazon, MasterCard, PayPal and Visa websites all attacked and taken down in some instances.
Rob Cotton, CEO of NCC Group, claimed that there is a major cyber security threat for the British Government due to pro-WikiLeaks attacks, especially with founder Julian Assange being held in the UK.
“Whitehall is likely to be ramping up security measures under concern that it will become the victim of the Anonymous group. Should the group strike, it is likely to target the websites of Government bodies where an outage will cause the most disruption to online public services,” he said.
“High profile organisations must focus on improving their website load capacity and bandwidth if they are to effectively defend against simple DDoS attacks. The only form of defence is improvement and high profile sites which have previously had an affiliation with WikiLeaks or its founder, as well as organisations that have become involved in the dispute like the UK Government, must assess and upgrade their load capacity if they want to avoid potentially damaging downtime.”
“DDoS attacks are very simple to execute but incredibly difficult to combat. No amount of firewalls or software can resist them. Large website load capacity is key in combating this threat. In this context, it is a particularly dangerous weapon, with amateur hackers able to download an application and launch an intense attack which could cause a website significant downtime, resulting in both financial and reputational damage.
“We would advise organisations with any previous links to WikiLeaks to stringently load test their sites to ensure that they will not crash under heavy loads brought about by DDoS attacks.”
Also, a report by the Guardian claimed that the Metropolitan Police is to investigate the recent DDoS attacks after examining a number of alleged criminal offences by Anonymous for several months.
The Met said: “Earlier this year the Metropolitan Police received a number of allegations of DoS cyber attacks against several companies by a group calling themselves Anonymous.
“We are investigating these criminal allegations and our investigation is ongoing. The Metropolitan Police service is monitoring the situation relating to recent and ongoing denial-of-service attacks, and will investigate where appropriate.”