Lessons learned from Anonymous and Operation Last Resort
by Carl Herberger - VP of Security Solutions, Radware - Friday, 29 November 2013.
We have learned that to successfully mitigate against these types of attacks, the deployment of multiple security tools is essential. The following technologies have proven invaluable in repealing these types of attacks and need to be resident in the perimeter of any business network:
  • Anti-DoS and DDoS attack tools (at the network and application layers)
  • Network behavioral analysis tools with real-time signature writing capabilities
  • Intrusion prevention systems
  • Application-level active defense mechanisms such as challenge and response
  • Active emergency counter-attack strategies (Smart Hands/Man-in-the-Loop Capability).
Most of the severely affected organizations appeared to have had inadequate protections against internet-borne attacks, most notably, DoS and DDoS protection. It is recognized that many organizations are not using DoS protection at all and somehow subscribe to the notion that in today’s always-on and interconnected economy that ‘availability’ isn’t that important.

The second key technology ingredient required is behavior analysis, which is geared toward finding ‘anomalous’ activity and can distinguish legitimate from illegitimate traffic and mitigate the nefarious nature of the latter. In today’s world, the new threats are coming at you masquerading as legitimate users and your defenses need to see past these cyber masks.

The lessons we can learn from Operation Last Resort is that this well coordinated cyber attack is an existential threat to many of the federal agencies that were targeted, and it has threatened the fidelity and integrity of the network security that was put in place to protect. We can also deduce that traditional network border devices are no longer sufficient to provide protection of an organization and the comeuppance of application-level threats.

Part of a new security strategy is employing powerful “attack detection and mitigation systems” which include, among many things, anti-DDoS to keep applications up and resilient. These technologies are not the technologies we all think of as tried-and-true. No longer is the firewall the key vanguard protector. The IPS is no longer adequate to find masquerading and marauding actors hidden behind ‘legitimate’ signatures. Today’s attack mitigation systems require technology to unmask automated digital armies cloaked as legitimate connections, and unearth the nefarious and deadly ‘slow’ attacks.

As other breaches have not been made public and the exact number of computer systems that were hacked into is not yet known, the FBI stated in a memo that this is a “widespread problem that should be addressed.”

Given the severity of this breach on our government’s network, it can safely be assumed that legislators will continue to drive prescriptive steps in order to bolster network security and impose greater sentences in order to deter hackers. After all, if these strong and heavily fortified U.S. government computers fell victim to this breach, how can more “ill-prepared” industries such as healthcare providers, educational institutions as well energy and manufacturing, be prepared without dramatic and quick change to their security programs? Who is next? One has to ask themselves if they’re ready for such attacks. If not, then when?


What's the real cost of a security breach?

The majority of business decision makers admit that their organisation will suffer an information security breach and that the cost of recovery could start from around $1 million.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Feb 11th