TK Keanini, CTO at Lancope writes: "Regardless of threat profile, an event of this magnitude must have a heightened level of readiness to a physical or cyber security related event. By the time a group like this makes a public announcement, much of the infiltration phase has already been done. These threat actors are smart and they don’t start to show their cards until they are well into the operational phase of their campaign. Events like this require hundreds of interconnected businesses and every one of those businesses need to be prepared. Honestly, if your business is connected to the Internet you should be prepared for cyber security events because it is likely to have already happened, you just don’t have the tools and technique to detect it.
When we consider the world cup, and the level of talent competing, it helps us frame the challenges many face in cybersecurity. It is not as much about the technology (the shoes, the ball, etc), it is about the game play and talent where as soon as one side makes a mistake, it is exploited by the other team. This is the same thing that happens in cybersecurity and in some cases, the adversaries have an overwhelming advantage in terms of talent. Businesses have to have this gaming frame of mind when they build their cybersecurity practice – it is about the game play, not the technology."
Tom Cross, director of security research at Lancope says: "Distributed Denial of Services attacks often come into play in public controversies and protests and its no secret that there is a great deal of controversy surrounding the World Cup in Brazil. At this point, preparation for Denial of Service attacks should be standard practice for any organisation with a large, mission critical presence on the web. However, every organisation with an Internet network can do their part to make sure that they don't have services running on their network that can be leveraged by attackers for traffic reflection and amplification. DNS servers, NTP servers, SNMP services, Voice of IP Services and XML-RPC ping back services in particular should be checked to make sure that they don't provide a spring board for denial of service attacks."
Sean Power, Security Operations Manager at DOSarrest says: “Anon is a face that any hacktivist can masquerade behind. The composition of a team from one OP to the next will vary greatly - with a predictable effect on the sophistication of the attack. That being said under normal operation any event as much in the public eye should be wary of DoS attacks, if threats have already been levied, that concern should be increased, not dismissed out of hand.”
David Howorth, VP at Alert Logic writes: "Whether the threat from Anonymous is all or talk or not, the threat from other hackers is still very real: corporate names are big business for hackers and the world-cup provides a global event for global exposure. Companies should review their security practices assuming an attack could take place:
Be vigilant: make sure all employees (including and perhaps more importantly, senior execs) are aware of your internal security policy and best practices (don’t open emails from people you don’t know; don’t open attachments from people you do know but weren’t expecting; APTs target key individuals like this via social engineering so be cautious); employees should change passwords to more secure passwords, don’t use the same passwords for multiple applications.
Make sure all systems and applications are up-to-date and patched: hackers will always uncover the weakest technical link. They have already shared that they have been testing sites for weaknesses and vulnerabilities; make sure firewall, IDS, web application firewalls configured correctly
Work with your network vendor to detect spoof traffic to hit your network and agree a plan to prevent a DDOS attack
Make sure you have expertise that can monitor, correlate and analyse the security threats to your network and applications across your on-premise and cloud infrastructure 24x7 for continuous protection - this should be done NOW as the hackers are already testing the vulnerabilities in the infrastructure in preparation of their attacks
Finally, remember that hackers are creative - don’t just focus on one attack vector as the attacker will try multiple ways to cause damage."