Trend Micro Urges Enterprises to Embrace Advanced Threat Detection Security Solutions
[Taipei, 20 June, 2013] – Leading global security company Trend Micro Incorporated (TYO:4704) has documented anomalous malicious activity that indicates the hacktivist group Anonymous has launched its attacks on the oil industry – June 20, 2013.
Anonymous claim that they intend to launch a series of attacks on the world’s oil industry, under the operation codename #OpPetrol, as a response to the fact that oil is traded with the US dollar instead of the currency of the country where it was harvested. While June 20th is the day that most attacks are expected to occur and be made public, the group has already begun mobilising since last month.
According to Anonymous, approximately 1,000 websites, 35,000 email credentials, and more than 100,000 Facebook accounts have been compromised as a part of the #OpPetrol operation. In addition, Trend Micro has found that compromised systems (botnets) are already hitting websites of the intended targets, possibly as part of a distributed denial-of-service (DDoS) attack.
The particular malware being used to direct infected systems to attack the intended targets is a backdoor trojan known as CYCBOT, which allows attackers unauthorized access and control of an affected computer. After a computer is infected, the trojan connects to a specific remote servers – also known as Command & Control (C&C) servers, to receive commands from attackers. The trojan allows attackers to perform backdoor functions such as launching a DDoS attack or retrieve information from the infected computer. Most importantly, the trojan can disable security-related processes that are running on the system.
Trend Micro researchers have found a significant number of government websites in Kuwait, Qatar, and Saudi Arabia – sites that were in the #OpPetrol target list -- have already gone offline. Trend Micro recommends that organizations should partner with local telecommunication service provider to monitor and mitigate a DDoS attacks, and look for any sign of a breach or network compromised by monitoring for C&C communications inside their network.
“The IT threat landscape has evolved – cyber- attacks are now targeted, customized and persistent," according to Richard Sheng, Sr. Director of Enterprise Security, Trend Micro Asia Pacific. “While hacktivist makes announcements of their attack campaign, most cyber-crimes and espionages goes undetected by conventional security controls such as firewall, antivirus or intrusion detection systems. Organizations need to assume they will be compromise, and redefine their IT security with that mental model."
Gaps and Challenges with Conventional Security Controls
Best Practices Against Targeted Cyber Attacks
Under the assumption that we will be compromised, organizations must improve detection capabilities that provide visibility of a breach, and establish an incident response process/plan that can quickly mitigate and minimize the impact.
Trend Micro Deep Discovery provides visibility, insight, and control over networks to defend against targeted threats. Deep Discovery uniquely detects and identifies evasive threats in real-time and provides customizable sandbox analysis and actionable intelligence to prevent, discover, and reduce risks.
For further information on this threat, please see the following
Trend Micro blog posts:
Anonymous’ #OpPetrol: What is it, What to Expect, Why Care?
Anonymous’ #OpPetrol: Leading into June 20
To learn about targeted attacks and recommendations for corporate IT, please see: http://apac.trendmicro.com/apt
To learn about Trend Micro, please visit: http://apac.trendmicro.com/apac/index.html