The hacking collective Anonymous has claimed responsibility for the defacement of 14 Thai police websites. The affected websites displayed the iconic Anonymous mask coupled with the text “Failed Law. We want Justice. #BoycottThailand.” Also displayed was the name of a hacker group associated with Anonymous “Blink Hacker Group.”
Anonymous stated that the attacks are in protest against the death sentences handed to two individuals from Myanmar found guilty of murdering two British nationals in 2014. This operation is in addition to the ongoing Anonymous activity protesting against the implementation of a single gateway for Internet access in Thailand.
Organizations need to be aware that they may become the target of a technically proficient hacking group with little notice. Keeping systems fully patched remains a first line of defense; however, systems may still contain misconfigurations, logic or implementation flaws that allow attackers to breach systems and cause high profile embarrassing breaches.
Deploying a defense in-depth strategy, coupled with monitoring of key systems, can deter attackers who may simply move on to an easier target or help detect an attack and prevent harm from being incurred.
The BlackEnergy Trojan has been associated with the recent disruption to power supplies in the Ivano-Frankivsk region of Ukraine. The power outage occurred on December 23 and lasted for a few hours. The incident is still under investigation and the exact role (if any) of the malware cannot be established.
The Trojan is modular in nature, allowing modules with additional functionality to be included in attacks if required. The malware associated with the attack against the energy sector is reported to include a SSH backdoor, allowing attackers to execute commands on infected machines, and KillDisk, a wiper function that wipes key files and sectors from the drives of infected machines.
Determined and well-resourced malware writers are some of the most difficult threat actors to protect against. Their malware may be sophisticated and written as a bespoke project for a particular target, complicating detection. Organizations that manage critical infrastructure, such as the energy industry, need to be aware of the risk that such threat actors pose to their systems and the potential consequences of attackers gaining access to those systems.
|188.8.131.52 - NEW||184.108.40.206 - NEW|
|220.127.116.11 - NEW||18.104.22.168 - NEW|
|22.214.171.124 - NEW||126.96.36.199 - NEW|
|188.8.131.52 - NEW||184.108.40.206 - NEW|
|220.127.116.11 - NEW||18.104.22.168 - NEW|
|22.214.171.124 - NEW||126.96.36.199 - NEW|
|188.8.131.52 - NEW||184.108.40.206 - NEW|
|220.127.116.11 - NEW||18.104.22.168 - NEW|
|22.214.171.124 - NEW||126.96.36.199 - NEW|
|188.8.131.52 - NEW||184.108.40.206 - NEW|
These IPs are collated from the most frequent IP addresses that are detected as having attempted to attack our customers. Occasionally this list may include the IP addresses of legitimate penetration testers who have been contracted to launch cyber attacks against an organization as part of an exercise. These attacks are identical to those sent from criminals. They are detected, blocked, and processed in the same way as any other cyber attack. We aim to remove the IP addresses from known penetration testing companies, even though they represent the source of some of our most frequent attacks. Occasionally such IP addresses escape our vigilance and are included in the list. Recipients of this list should take their own steps to verify the validity and relevance of the content before blacklisting.
Want to learn about Alert Logic products in more detail? Call us direct at +1.877.484.8383, for the UK call +44 (0) 203 011 5533, or complete this form. An Alert Logic representative will contact you soon.