In light of recent cyber attacks against government agencies and affiliations, the Department of Homeland Security released a statement warning organizations to keep alert for potential cyber attacks from hacktivist groups Anonymous and LulzSec.
The bulletin, which was released by DHS’ National Cybersecurity and Communications Integration Center, aims to provide accurate situational awareness for federal organizations’ leaders and warns them of the groups’ recent harassment of public and private sector entities using “rudimentary exploits and tactics, techniques, and procedures commonly associated with less skilled hackers referred to as ‘script kiddies.'”
“Some members of LulzSec have demonstrated moderately higher levels of skill and creativity that include using combinations of methods and techniques to target multiple networks,” NCCIC wrote in the six-page bulletin. “This does not take into account the possibility of a higher-level actor providing LulzSec or Anonymous more advanced capabilities.”
The hacking groups have gained recent notoriety following their intrusions into several large organizations’ internal infrastructures, including those of Lockheed Martin, Booz Allen Hamilton, ManTech International, AT&T and PayPal, as well as those of government agencies such as NATO and the CIA.
Because Anonymous claims to have no centralized operational leadership, officials have had difficulties in their attempts to restrain their actions. “With that being said, we assess with high confidence that Anonymous and associated groups will continue to exploit vulnerable publicly available web servers, web sites, computer networks, and other digital information mediums for the foreseeable future,” the agency warned.
Included in the report was the government’s speculation of anticipated future targets. Officials explained Anonymous declared “war” with the intelligence community and has identified it as a potential target because it views it as violating its core belief in total freedom of information.
Additionally, following the release of government email account data from the July 2011 Booz Allen compromise, an Anonymous operator stated on Twitter that, “We are working on two of the biggest releases for Anonymous in the last 4 years. Put your helmets on. It is war.”
NCCIC offered several recommendations in its report. To protect against potential threats, federal agencies and private sector partners should implement proper communication processes to notify their leadership and network operators should their organization becomes a possible target by hacktivists or other malicious actors.
Also, should a cyber attack occur, DHS recommends organizations “ensure backup and recovery procedures are in place and enabled,” and that they prepare a defensive plan that includes “contact information for external sources to draw on for assistance.”