What will actually happen in (or to) cyberspace on May 7, 2013? Is this the new normal in cyber threats?
What will actually happen in (or to) cyberspace on May 7, 2013?
That is the question that many are asking as they prepare for a promised attack from the hacktivist groups this coming week. According to an announcement in an April 24 Pastebin threat to US and Israeli Governments, “We gonna launch a big attack against The USA Network and we gonna make some Damages.”
Some sources say that this is a serious threat, and government and banking enterprises need to be prepared. Govinfosecurity.com reported:
“Security experts say that OperationUSA, a coordinated online attack against banking and government websites slated for May 7, is a serious threat. As a result, organizations should be upping their distributed-denial-of-service attack mitigation strategies to guard against the attacks, which are being coordinated by the hacktivist group Anonymous.
Experts advise that call-center staff should be educated about DDoS attacks, in case customers call in about online outages or experience difficulty accessing accounts. And network and security teams should actively monitor Internet traffic on May 7 and take steps to block specific IP addresses.”
A look at the Twitter-feed or OpUSA yields some interesting tweets, links to anti-USA videos and more. Here is one of those tweets from Cisco Security @CiscoSecurity: “Stay informed about the planned #OpUSA cyberattacks against government and banking infrastructure http://cs.co/9001Xc4N #security”
Is the OpUSA Threat Overblown?
And yet, Krebs on Security reported that the threat may be “more bark than bite.” Brian
“A confidential alert, produced by DHS on May 1 and obtained by KrebsOnSecurity, predicts that the attacks ‘likely will result in limited disruptions and mostly consist of nuisance-level attacks against publicly accessible webpages and possibly data exploitation. Independent of the success of the attacks, the criminal hackers likely will leverage press coverage and social media to propagate
an anti-US message….’
In an interview with Softpedia, representatives of Izz ad-Din al-Qassam said they do indeed plan to lend
their firepower to the OpUSA attack campaign.”
A copy of the full DHS alert is available here.
So what is Michigan government doing? While I won’t list every step taken here, I can say that we are hoping for the best, while preparing for potential issues to occur. There are a variety of scenarios, but I believe that governments need to be prepared for Distributed Denial of Service (DDoS) attacks and possibly worse. In my opinion, this is now the new normal in cyber threats, and enterprises must be prepared.
I tend to also agree with DHS and Krebs that this may not be as big an issue on Tuesday as some predict. Nevertheless, we must treat this in the way that police regularly investigate other types of serious security threats.
Another observation is that this may become the “new normal” regarding cyber threats. Government enterprises need to have procedures in place to react to these cyber threats and potential attacks. There are services that can be purchased from your ISP to address DDOS, and there are also other security steps that enterprises can take regarding people, process and technology improvements. Michigan has experienced a DDoS attack before, and we will likely see similar cyber attacks again.
One final thought. The bad guys use these type of announcements to test our cyber defenses. They see what we do to mitigate risks or raise the alert levels on Tuesday. This information could be used in the future for unannounced online attacks.
For that reason, I suggest that cyber teams deploy only the defense tool needed, when they are needed. We need to have adaptive cyber defenses that are appropriate for the specific attack situation. Or more simply, don’t openly “show your hand” to the adversary.
What are you doing to prepare for Tuesday? Do you think these cyber threat announcements are becoming the new normal around the world?