5 Questions for Web Admins as Attacks on Hong Kong Government Sites Continue
Now that hacktivist groups have entered the fray supporting mass protests in Hong Kong, online attacks against organizations have escalated in a matter of days. As agents of the online hacktivist movement continue to target the websites of government, education, health, and other industries, what can web administrators do to prepare for them?
From what we have seen of hacktivist attacks, there are a variety of political agendas that perpetrators may support. In the past, they have backed movements tackling issues with the petroleum industry and American foreign policy.
To dig deeper, we tracked the whereabouts of certain hacktivist groups, and have seen that some have claimed to have declared cyber war against authorities, and have found traces of the attack machinery spreading across well-known social, upload, and hacker sites. We also looked into recent news of sites reportedly compromised to deliver malware.
Indeed, the list of target sites is long and, for web admins, full of terrors. Thousands of emails, passwords, and files were reported to have already been leaked to various online forums. As far as the hackers are concerned, leaking sensitive data appear to be a priority. With online postings that detail steps and provide tools on how to perform web defacements, DDoS, and data breach attacks, do web administrators stand a chance?
To survive the blow of having to deal with hacktivist attacks, organizations should be able to answer yes to all these questions:
- Did you update all your systems?
One basic step to avoid being exploited is by ensuring that all IT systems (OSs, applications, websites, etc.) are updated. Moreover, it makes a huge difference for companies if security systems are up-to-date and comprehensive. Security solutions should be able to detect attacks across various endpoints in real time.
- Did you probe your network back and forth?
Various network indicators will show you if an attack is happening. Collect and study network logs to know anomalies when you see them. A global data mining protection network exists in various security technologies that can help you catch threats as they happen.
- Did you prep your people properly?
For the longest time, spear phishing emails and social engineering methods have been used to gain entry into company sites and networks. Don’t fall for the same trick that have managed to fool thousands. Make sure relevant third party vendors know these too!
- Do you have an incident response plan in case things go south?
Make sure incident response plans are transparent across all necessary parties. Make the plan comprehensive enough to cover a variety of scenarios, including DDoS attacks, web defacements, and data leaks. Also prepare well-reviewed public statements that you can use in case of an attack by a hacktivist group, a criminal, a nation state, an insider, or a terrorist.
- Did you check if you’re already a victim?
Many hacktivist groups post a list of their target sites along with those they have already stolen data from. Check if your organization is on those lists by monitoring their posts, statements, and data dumps. If you’re not in any of these, continue monitoring in case of changes and review your networks for signs of breach or compromise.
We have learned from past incidents that the best time to prepare for hacktivist attacks is always now. Even as hackers announce the date of their attacks, these can’t always be trusted and can put vulnerable sites at risk. Always be ready even if your industry isn't being targeted, as even those out of the usual lists can be hit.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
- Ransomware Spotlight: Trigona
- Steering Clear of Security Blind Spots: What SOCs Need to Know
- Understanding the Kubernetes Security Triad: Image Scanning, Admission Controllers, and Runtime Security
- Preempting Threats to Connected Cars: The Importance of Cybersecurity in a Data-Driven Automotive Ecosystem
- Your Stolen Data for Sale