Arabian hacktivists have attacked nine websites in response to the anti-Islamic film "Innocence of Muslims." An email sent to Al Arabiya News Channel says that the army of four hackers--calling themselves the Arab Electronic Army--are from Syria, Morocco, and Saudi Arabia.
Cyber attacks from the Middle East are not anything new. Bank of America, Chase, and Citigroup have all been attacked several times in the past year. Those attacks were blamed on economic sanctions against the Iranian government, but the attacks by the Arab Electronic Army are clearly motivated by religion.
Midsize Insider reported, "Security vendor Bit9 had over 1,800 IT professionals respond to its 2012 Cyber Security Survey, and the end result was that 64 percent of the respondents believe their companies will be attacked in the next six months. In fact, 61 percent think the attackers will be hacktivists."
IT professionals must not get caught up in the security-through-obscurity mentality. Assume the attack is going to happen--and soon. These types of hackers want to embarrass the company they attack. They will usually notify the press, or the target company, several weeks in advance, but the details will not be divulged. Typically, when they issue the threat, it is already too late. Stolen data and account information is then displayed for the world to see.
Nimmy Reichenberg, vice president of business development for AlogSec said, "Muslim hackers are doing a better job at joining forces and sharing information. Put the best lock on the door that you can." And this is true. Although the countries have boundaries, religion does not. Muslim hackers are forming stronger hacker groups and coordinating them effectively.
CSO explains how easy it is to become a target. It is not necessarily who the company is, or even what they represent, but a spokesperson or television commercial that sparks the hackers into action. It can be an actor or actress who portrayed the company's interests perfectly onscreen, but whose personal life offends a group in another country. Hackers can't really go after the person, so they start looking at the chain of command for a target.
IT managers at midsize firms may want to back off a little on making sure their IT audit checklists are in order, and coordinate an emergency response plan instead. Audits are important, and they make upper management happy, but it is better to stop an attack or have the site up and running immediately after an attack.
The question is no longer, "Is there a threat?" The question is, "How fast can the system get online after an attack occurs?"