018
internal network. It should also prevent system access to
malware-infested websites that attempt to execute drive-by
downloads.
Multi-Tier Bot Protection
Protection against bots consists of two phases: detection
and blockage.
To maximize the ability to detect a bot in a network, a
multi-tier bot discovery mechanism is needed to cover
all aspects of bot behavior. A bot detection security
solution should include a reputation mechanism
that detects the IP, URL and DNS addresses that the
remote operators use to connect to botnets. It is also
very important that this protection should include the
ability to detect the unique communication patterns
and protocols for each botnet family. Detecting bot
actions is another critical capability of bot protection.
The solution should be able to identify bot activities
such as sending spam, click fraud, and self-distribution.
The second phase after the discovery of infected machines is
to block outbound bot communication to the Command &
Control servers. This neutralizes the threat and ensures that
the bot agents cannot send out sensitive information nor
receive any further instructions for malicious activity. In
doing so, the bot-related damage is immediately mitigated.
This dual-phase approach enables organizations to maintain
business continuity as system users can work normally,
being confident that bot-specific communications are being
blocked in the background to protect their system and data
without impacting productivity.
Real-time Global Collaboration
The cyberattack problem is too large and too complex for
organizations to self-manage. Organizations have a better
chance of overcoming this growing challenge through
collaboration and professional assistance. As cybercriminals
The global political turbulence that started in 2010
with the uprisings of many Arab countries continued
with different civil protests in other countries.
Not surprisingly, a wave of cyberattacks based on
ideological agendas followed in their wakes. As such,
2012 was marked as a year of hacktivism.
Taiwan-based Apple supplier Foxconn was hacked
by the hacker collective Swagg Security. This group
apparently protested over media reports of poor
working conditions at Foxconn’s factories in China
14
.
Hacktivist group Anonymous claimed it hacked a U.S.
Department of Justice website server for U.S. Bureau
of Justice statistics and released 1.7GB of stolen data.
The group released the following statement about the
stolen data: “We are releasing it to end the corruption
that exists, and truly make those who are being
oppressed free”
15
.
The Vatican also found its websites and internal email
servers under a week-long attack by Anonymous. The
group claimed that its actions were justified because the
Vatican Radio System has powerful transmitters in the
Rome countryside, which allegedly constituted a health
risk. The group claimed that the transmitters caused
“leukemia and cancer” to people living nearby. The
group further justified its attack and claimed that the
Vatican allegedly helped the Nazis by destroying books
of historic value, and that its clergy sexually molested
children
16
.
In yet another cyberattack, Anonymous brought down
the websites of trade groups U.S. Telecom Association
and TechAmerica. These attacks were apparently
conducted because of these organizations’ support for the
cyber security bill proposed by Rep. Mike Rogers. The
bill would allow private companies and the government
to share any information “directly pertaining to a
vulnerability of, or threat to” a computer network
17
.
2012,
a Year of Hackt ivism
