Newly released news stories and YouTube videos have surfaced the past couple of weeks that have outlined new attack plans from the collective hacker group known as Anonymous. The #OpIcarus campaign is calling for all Anonymous members to attack the world’s central banking system, with special mention of the NASDAQ and NYSE.
Anonymous has already been successful in taking down the Bank of Greece’s main website and just recently, Bank of England’s internal email server. Experts aren’t expecting these attacks to trickle down to the community and regionally-based banks and credit unions. However, we feel that these smaller banks and credit unions should be on-alert and take some proactive steps to help mitigate and/or minimize the impact of a cyber-attack. Anonymous’ attack of choice for the #OpIcarus campaign appears to be a distributed denial-of-service attack, so we’ll examine some steps to help ready your institution in the event of such an attack.
- Perform regular reviews of your institution’s external firewall and IDS/IPS devices to ensure the proper configurations are in place. Review and confirm the latest firmware version is installed on these devices.
- Ensure that only the appropriate personnel (including vendors!) have physical and logical access to the firewall and IDS/IPS devices and that their access levels are appropriate.
- Verify that your institution’s log management and alerting system is operating as expected. Ensure that alerts are getting to the proper IT personnel and that personnel are appropriately trained to perform their duties.
- Understand your institutions responsibilities during a cyber-attack. Understand who to contact at your Internet Service Provider and any other vendors or law enforcement agencies that may be needed to help protect against a denial-of-service attack.
- Ensure that your institution has a thorough, up-to-date incident response plan that specifically outlines procedures to help mitigate and recover from a denial-of-service attack.
- Review your incident response documentation and conduct lessons learned meetings to identify any gaps that led to the incident and ways to mitigate the issues in the future.
Rebyc Security is committed to working with community and regional banks and credit unions to help provide effective, efficient security services to help strengthen the overall security posture of these institutions.
Contact us today to set up your free 30-minute consultation with one of our consultants! We’ll discuss your current security initiatives, identify any potential gaps, and make recommendations based our discoveries.