Information Security News mailing list archives
Dissecting a Hacktivist Attack
From: InfoSec News <alerts () infosecnews org>
Date: Tue, 6 Mar 2012 00:06:43 -0600 (CST)
http://www.bankinfosecurity.com/interviews.php?interviewID=1446 By Eric Chabrow Bank Info Security March 5, 2012Imperva would neither confirm nor deny it helped defend the Vatican website from an hacktivist assault last year, but the IT security provider's director of security, Rob Rachwald, explains how such an attack was constructed and defended.
Rachwald, in an interview with Information Security Media Group, discusses a 25-day assault by the hacktivist collective Anonymous in 2011, revealing the processes hackers used to pick victims, recruit members and conduct reconnaissance. Published reports identify the Vatican as the target of an failed digital assault Imperva details in its study. "We [neither] confirm nor deny that this was the Vatican or any other company for that matter," Rachwald says.
When compared with other, more insidious attacks such as those from nation states or criminal cybergangs, the Anonymous hacks are more akin to a thorn in the neck, causing significantly less damage to the victimized enterprise. But, Rachwald says, "thorns can be painful if you're not ready."
The hack Imperva dissected involved a few sophisticated hackers, with a team of less skilled followers, some recruited through social media sites. And, that lack of sophistication enabled the Anonymous attack to be repelled. The attack Imperva describes and the one on the Vatican website were not successful. "In general, this is not terribly difficult to stop," Rachwald says in the interview that took place at the RSA Conference 2012 security conclave. "It's just a matter of: Are you prepared?"
In the interview, Rachwald also discusses the: [...] ______________________________________________________________________________ Certified Ethical Hacker and CISSP training with Expanding Security gives the best training and support. Get a free live class invite weekly. Best program, best price. http://www.ExpandingSecurity.com/PainPill
Current thread:
- Dissecting a Hacktivist Attack InfoSec News (Mar 05)