Due to recent events in the news there are reports of increased cyber-attacks as an act of retaliation by several Hacktivist groups in Asia. Hacktivism is the act of hacking, or breaking into a computer system, for politically or socially motivated purposes.
These groups are using their sophisticated hacking capabilities to disrupt organisations not only in the US but also in the UK.
Attacks often start as social media takeovers whereby Twitter and Instagram accounts are hacked to spread propaganda. But this isn’t the only tactic. Other activities include website defacement and Denial of Service. Both of which have the potential to seriously affect an organisation’s business and reputation.
Understand the threat profile and know what to look for
Advanced persistent threats (APTs) are often multi-phase attacks on an organisation’s network. They are challenging because they are complex and use a variety of tools. And once the hackers are in, they will act to avoid detection.
APT34 for example, are just one Advanced Persistent Threat Group whose activities often focus on smaller organisations linked to their actual target. They look for insecure websites to take over and then ultimately hack into their prime targets.
What are the tell-tale signs of an attempted cyber-attack? Look out for odd user account activity, unusual database activity, especially involving large amounts of data, and any unusual data files. It’s important to be vigilant.
How CANCOM is monitoring the attacks
Through the advanced capabilities within CANCOM’s Security Operations Centre (SOC) we’re monitoring the attacks used within the recent APT34 toolkit which was released to the public. Rest assured, our solutions work to pre-empt and prevent security risks and attacks, which are monitored 24/7.
Actions you can take TODAY to protect your organisation and yourself
#1 stay vigilant and change passwords to ensure they’re secure. Make your passwords complex to include the use of CAPS, special characters and numbers.
#2 Enable Two Factor Authentication wherever possible.
#3 Ensure that endpoint systems are up to date, this includes all software such as web browsers, printing software, etc.
#4 Ensure that server-based applications are up to date, especially those applications that are present to the WWW.
#5 Ensure that webservers are patched and have some form of logging and security around them.
#6 Ensure local firewalls are enabled and AV protection is also enabled.
#7 Be vigilant on emails or other sources of communication that you may receive.
If you’d like further information on Hacktivist Groups, or would like help to protect against security threats, please get in touch.