DHS Dismisses Anonymous Members as Script Kiddies, But Equates Attacks with APT
Recently, United States (U.S) Department of Homeland Security (DHS) released a security bulletin on improving the situational awareness among the management and security administrators. The bulletin attempts to provide insights on the background and operations of Anonymous and associated attack groups. DHS refers to Anonymous and related groups such as Lulz Sec as ‘Script Kiddies’, who utilize scripts and programs designed by others to compromise computer systems and deface websites. While members of Anonymous cite political and social reasons for attacks, those of Lulz Sec indicated amusement as the reason for launching attacks. For instance, the former launched attacks on various Turkish government sites in protest against country’s move to set-up Internet filters. Anonymous also launched a tirade of attacks on several Orlando city websites protesting against a law, which requires organizations to seek prior permission to hold mass feeding programs on public space. Lulz Sec, on the other hand even reportedly launched a hotline briefly to allow their fans to suggest target companies.
Both the groups are infamous for frequent distributed denial-of-service (DDoS) attacks. DHS opines that while attacks by Anonymous appeared to embarrass the targets, some of the attacks by Lulz Sec involved use of combination of different methods, and indicated moderately higher capabilities. Security certifications and online university degree programs may help IT professionals in tackling rapidly evolving threats in the IT environment.
Over the last few months, there have been a series of attacks on several government, defense, security, media and other organizations. Lulz Sec launched a hurricane of attacks on various organizations including Sony, Fox, PBS, Central Intelligence Agency (CIA), InfraGard, an affiliate of Federal Bureau of Investigation (FBI), U.S Senate, Arizona Department of Public Safety and several gaming sites. Lulz Sec and Anonymous announced a joint operation called ‘AntiSec’ to target government bodies and organizations with corrupt practices. Lulz Sec disbanded the group after a 50 day ordeal after threats from the rival attack groups to expose identities of their members and publication of Instant Relay Chat (IRC) logs in the media. Some members of the group reportedly joined Anonymous and other attack groups.
While the DHS opines that attacks by the Anonymous may continue to lack advanced capabilities, the department has warned against further attacks by the group on critical infrastructure facilities, key resource companies and government bodies. Organizations must focus on improving the cyber security practices by devising e-learning programs, including sessions during the induction program and encouraging employees to constantly improve their skills through online degree programs.
Again, even while using simple techniques, the group has been successful in executing attacks on the target firms and generating publicity at par with advanced persistent attacks. One of the characteristics of the recent attacks has been the publication of extracted sensitive data, files and documents online on third-party file sharing sites. The attack groups are leveraging social media sites to announce their targets, declaring successful attacks and propagating their campaigns. Professionals qualified in computer science degree program may help organizations in making timely assessment of different security threats and creating a security conscious culture in the organizations. Hiring services of cyber security professionals may help organization in formulating and implementing requisite measures to strengthen the defenses of the IT infrastructure.
Contact Press
EC-Council
Website: http://www.eccuni.us
Email: iclass@eccouncil.org
Tel: 505-341-3228
EC-Council University is based in Albuquerque, New Mexico and offers Master of Security Science (MSS) degree to students from various backgrounds such as graduates, IT Professionals, and military students amongst several others. The MSS is offered as a 100% online degree program and allows EC-Council University to reach students from not only the United States, but from all around the world.
EC-Council is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world.
EC-Council has trained over 80,000 individuals and certified more than 30,000 members, through more than 450 training partners globally. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates the global series of Hacker Halted security conferences.
Processing your request, Please wait....
