Monday, March 28, 2011

March 2011 - the hardest hit month on record for hacktivist attacks

March is being hailed the most active Hacktivist month on record. So far this month we have seen:
  • March 3rd, DDoS attack on Korean e-Commerce and government institutions
  • March 4th, DDoS attack on
  • March 6th, attack on the French government’s interest in the G20
  • March 9th, DDoS attack on Codero managed hosting provider – disrupting Twitter
  • March 9th, group Anonymous declares “Operation Payback” against and calls for sustained and disabling attacks from its members
These attacks have prompted the Financial Services – Information Security Advisory Council (FS-ISAC) to issue an advisory (2011-03-24) warning all financial service member companies of a possible Denial-of-Service attack. In preparation it has republished the national CERT guidance.
Those identified as being at high risk include: large financial institutions—banks, service providers, government financial regulatory entities, non-affiliated technology infrastructures and critical infrastructure (e.g. electric, gas, internet Service Providers and National Power grid providers.
Radware has devised a checklist to help these institutions secure their networks more effectively.

1) Architecting the perimeter for attack mitigation
  • Use a security-in-depth approach to fully prepare for attacks. Employ an anti-DDoS security strategy to alert to, and mitigate, all attack traffic and “clean the pipe” – at the very edge of the organisational network.
  • Ensure the solution has perimeter-specific capabilities to detect anomalous reconnaissance and intrusion activities as they happen; repelling all application-level attacks; discriminating between legitimate and illegitimate traffic, and a logging/correlation system to collect detailed attack data and quickly report
2) The need for complementary security technologies
  • In addition to basic IPS and firewall protection, deploy a multi-faceted security solution to ensure the mitigation of known and unknown attacks successfully. These should include:
    • Anti-DoS and DDoS attack tools (at the network and application layers) to prevent network flood attacks
    • Network behavioural analysis tools with real-time signature writing capabilities to defend against application misuse attacks and zero-day attacks
    • Intrusion prevention systems to guard against known application vulnerabilities
    • Application-level active defence mechanisms – such as challenge & response
    • Active emergency counter-attack strategies (Smart Hands / Man-in-the-Loop Capability)
3) Be prepared for a counter-attack
  • Devise a plan to include skilled technicians in the event of attack to ensure the tools, alerts, correlation and mitigation are being handled properly.
  • Ensure the teams are ready to provide immediate assistance and active mitigation or counter-attacking defence actions as soon as the system is under attack.
  • Active defence is the concept of a proportional counter-attack to smoulder last vestiges of the DDoS attack and to provide for some necessary closure to a painful incident.


  1. Hello! I realize this is somewhat off-topic but I had to ask.

    Does running a well-established blog like yours require a large
    amount of work? I'm completely new to blogging however I do write in my diary
    every day. I'd like to start a blog so I will be able to share my personal experience and thoughts online.
    Please let me know if you have any kind of ideas or tips for brand new aspiring blog
    owners. Thankyou!

    my webpage :: site keeps going