The hackers which organized the #opPetrol operation in 2013, are going to attack the same targets again on June 20, 2014.
The AnonGhost hackers claim that they are going to hack the companies in Kuwait-Suadi Arabia as they are supporting Israeli companies and affiliations.
It is known as black gold. AnonGhost has published a new operation that will attack the Petroleum industry on June 20, 2014.
The operation seems to have an Islamic mindset as the operation founders are not happy with the fact that the currency that is being used to exchange the petroleum.
Users should note that June 20 is only the day that most attacks are expected to occur and/or be made public. It is also not uncommon for these activities to be used as a distraction to mask other attacks. Based on the collateral damage recorded from previous operations and data leaks outside publicized attack dates, their targeting and timing aren’t always precise either.
Before June 20:
- Ensure all IT systems (OSs, applications, websites, etc.) are updated.
- Ensure IT security systems are current, have as wide a view as they can, and can inspect deeply. Can they detect and prevent phases of attack plan and can they be integrated into part of a kill-chain? Can they observe indicators over the network, on disk, and in memory?
- Ensure relevant third party vendors are aware and accessible.
- Probe any anomalous network and system behavior and examine it. Reconnaissance phases of the attack are already in play. Opportunities for exploit are being logged and credentials are already being stolen. Solutions such as Trend Micro Deep Discovery can help you examine dubious network activities.
- Remind your users to be particularly careful and watch out for phishing and spear-phishing emails.
- Plan or review your incident response procedures with all necessary parties (not only IT groups). Explore how the planned response differs among DDoS, defacement, and disclosure.
- Have IT Security, Attorneys, and External Communications departments prepare or review public statements in the event your organization is affected. Ask the question of “how your statements and response might differ if it wasn’t a hacktivist group, but a criminal, nation state, insider, or terrorist?”
- Monitor the many Anonymous sources for any changes in targeting, tools, or motives, lists of accomplishments, or data dumps.
On June 20:
- Note that attackers may attack across different time zones, so it can last longer than the 24 hours in your time zone.
- Continue to monitor the Anonymous’ sources for any changes in targeting, tools, motives, lists of accomplishments, or data dumps.
- Exercise a high level of awareness of your IT and IT Security systems and their logs; continue to apply questioning curiosity to anything interesting.
- If you think your organization is affected, assume that you are affected by DDoS, defacement, and disclosure – and not just one of them.
After June 20:
- Continue to monitor Anonymous’ sources for any lists of accomplishments or data dumps.
- If you’ve made it into Anonymous’ news, you’ll be remediating and designing against future occurrence.
- If you didn’t make it in Anonymous’ news, review for any sign of breach, compromise, or excessive probing.
- Remain vigilant, especially if you’re in the target list. The attacks may not be over.
Similar to how DDoS, defacement, and disclosure tactics can distract and mask each other, so can threat actors. A hacktivist group’s activity can mask or distract criminal, nation state, insider, or even terrorist activity.