Why Anonymous threats should not be ignored

International hacktivist group Anonymous is causing fear within the business and technology community once again, after a supposed Anonymous spokesperson warned that World Cup sponsors are next on the hit list.

In an interview with Reuters, a masked hacker going by the name of Che Commodore revealed that preparations have already begun for a full-scale cyber-attack on sponsors such as Coca Cola, Budweiser, Emirates Airlines and Adidas.

The hacktivist group, which claims to use cyber-attacks as a method to target social injustice, has been known to target high profile networks in the past, generally relying on DDoS attacks as the weapon of choice. Last year Google Malaysia was targeted by hacktivists who spread the message “Google Malaysia STAMPED by PAKISTANI LEETS”. Similarly, the New York Times website was taken offline by an attack leaving readers unable to access content for several hours.

This time the Anonymous is said to be angry at the Brazilian government for their decision to host the World Cup at the expense of millions, despite the poor social standards of many Brazilian citizens. As previous threats from the hacktivist group have proven to be real, corporations and international governments alike must treat this latest threat with the severity it deserves.

What is most worrying is that Anonymous may have already laid the groundwork of its malicious attack and any organization that hasn’t taken the necessary steps to protect against stealth attacks, could be at serious risk. Che Commodore has already sinisterly claimed to be searching for the back doors into the network having “conducted late-night tests to see which of the sites are more vulnerable.”

Such attacks as those previously carried by Anonymous usually rely on Advanced Evasion Techniques (AETs) to exploit vulnerabilities in network gateways and allow Advanced Persistent Threats (APT) to be delivered. Unless measures have been taken to detect these evasion techniques, it is likely an APT could already have penetrated deep into the network of any organisation targeted by Anonymous.

AETs are methods of disguise used to target networks undetected and deliver malicious payloads. Often, AETs take advantage of rarely used protocol properties in unexpected combinations. Using AETs, an attacker can split apart an exploit into pieces and bypass traditional security methods such as a firewall or IPS appliance. Once inside the network, the attacker can then reassemble the code to unleash malware and continue APT attack.

Most IPS and firewalls are not capable of detecting AETs, as while many can pass industry tests with high ratings, those ratings are based on protection against a limited number of threats. Although the exact number of AETs is unknown, it is close to hundreds of millions – many of which are not covered by standard firewalls. As such, the stealth-like presence of AETs means that they can go undetected on a network for weeks, or even months, at a time.

In a recent study by McAfee, it was uncovered that on average, those who experienced a security breach in the last 12 months reported a cost to their organization of over £600,000, which of course doesn’t taken into account reputational damage As such, those threatened by Anonymous must act fast.

If AETs have been used by the hacktivist group, those targeted by Anonymous may already be compromised. The trap may already be set, with malware lying dormant on organizations’ networks, ready to attack. It is therefore important that these brands take serious measures to identify such threats and remove them as soon as possible, before Anonymous has a chance to strike.