The ongoing media coverage around hacking groups and cyber-terrorism highlights that no matter what size your organisation, you are still at risk and you have got to be ready for an attack when it comes.
According to Arbor Networks' 10th annual Worldwide Infrastructure Security Report, the top three motivations for committing cyber-attacks over the past few years are vandalism, online gaming and ideological hacktivism. In particular, political and ideological motivated cyber-attacks are on the rise and as a result, these types of attacks are now the norm, rather than the exception. Last year political and ideological attacks accounted for 36 percent of DDoS attack motivations. Also of interest is the continued growth in the proportion of respondents who have seen criminal extortion, financial market manipulation or diversion.
The Ashley Madison attack – which involved attackers threatening to release personal information about users if the site was not shut down – shows that ideological motivated attacks are often very targeted and sophisticated with the goal of data theft and extortion. The attack on Ashley Madison is testament to the fact that companies need to be doing more as attackers become more motivated.
Additionally, politically motivated attacks will only continue to play an increasingly strategic role when it comes to conflict, as a forceful method of driving through political objectives either by, or against, governments. The North Korea attack in 2014 is just one example of this, which saw the nation's web and internet infrastructure go down for roughly 9 ½ hours.
Many believe that the US government was behind the attack although the cyber-terrorist organisation Lizard Squad ultimately took credit. Again when Thai government websites were hit by DDoS attacks in October last year, these appeared to be a protest against the government's plan to limit access to sites that were deemed inappropriate.
To prepare for attacks such as this, organisations and government agencies need to be proactive when it comes to their security and availability posture.
Firstly, they need to have multi-layered security in place. These solutions comprise of a network or data-centre perimeter component to proactively block all forms of attack as soon as they are identified. Together with the cloud or service provider element, which deal with high-magnitude attacks saturating Internet connectivity, these provide the best form of protection and can be activated automatically depending on whether an attack escalates.
As well as this, organisations need both broad and deep visibility within their networks to identify suspicious communications wherever they occur. Businesses need to be able to use the right kind of threat intelligence data to identify and augment detections with context around the nature of the threat.
Finally, organisations need to augment their existing event driven incident response process with a more proactive threat hunting approach – allowing the security team to spend more time hunting for threats which otherwise might evade detection. The more advanced organisations are hiring not just skilled political and human intelligence specialists to train teams, but also visual thinkers and experts who can visually craft the connection points of an attack.
In today's threat landscape it's essential for any organisation or public body that stores valuable data to understand their risk to a political or ideological attack. By having a proactive security defence and also the ability to detect and contain threats quickly, businesses will be able to stop attackers achieving their goals before it's too late.
Contributed by Dan Holden, director of ASERT, Arbor Networks