Threat of cyber activist group attack on Qatar fails
The cyber activist group Anonymous announced that it would launch a cyber attack in June aimed at major energy producers in the Middle East, including Qatar in an operation named #OpPetrol. So what impact did this have on Qatar?
It seems the operation has had little to no impact with regards to energy production in the region. However, in a press release in June from Trend Micro, a security software company, stated that a significant number of government websites in Kuwait, Qatar and Saudi Arabia had gone offline. The company made the recommendation that the organisations should partner with local service providers to monitor and mitigate distributed denial of service attacks (DDoS), whereby multiple systems flood the network of a targeted system to make it unavailable to others. Soon after the announcement of the upcoming attacks by Anonymous, ictQatar released an Internet Infrastructure Guideline report that stated Internet service providers (ISPs) should apply detection and prevention technologies to ensure that the Internet feeds are free “as much as possible” from malicious activity.
Having world-class strategic companies such as Qatar Petroleum makes Qatar an attractive target, not just for hacktivists but competitors and some governments of unfriendly states, explains Cyril Viosin, chief security advisor for Microsoft Gulf. The danger to Qatar’s companies and national security was explored in the June issue of The Edge.
“Organisations need to assume they will be compromised and redefine their IT security.” - Richard Sheng, Trend Micro.
However, recent developments such as the threat from Anonymous have shown companies within the country stepping up their efforts to protect their IT infrastructure.
MEEZA, an IT service provider recently announced the creation of the first Commercial Security Operations Center (SOC) in the country aimed at protecting critical information assets. “Organisations should focus on increasing their resilience to be able to survive any attack or incident,” Viosin told The Edge. This requires assessing the risks, mitigating them, planning for continuity and practising drills to be able to react and recover when an incident occurs. “It is a serious topic that should not be left to the critical organisations themselves,” he furthers, “the best approach is to mandate at the national level that the critical national infrastructures have to follow some best practices, and to be audited by independent third parties.”
Richard Sheng, senior director of enterprise security, Trend Micro Asia Pacific said cyber attacks are now targeted, customised and persistent. While hactivists make announcements of their attack campaign, most cyber crimes and espionage goes undetected by conventional security controls, he explained. “Organisations need to assume they will be compromised and redefine their IT security with that mental model,” explained Sheng. These advance persistent threats (APTs) create huge challenges for IT service providers, said Ghada Philip El Rassi, MEEZA’s deputy CEO.
According to El Rassi, the company plans to start offering its clients penetration testing and cloud vulnerability scanning in the next quarter of this year. The outcome of penetration testing will be to identify and assess IT security vulnerabilities within the target environment, said El Rassi. “The penetration report will classify the risks, giving the client a framework to mitigate or remove the issue before being exploited,” she explained.
Local threat assesment
El Rassi also told The Edge that their organisation plans to gather local threat intelligence data that documents the types of cyber attacks happening within the country and the region to make sure companies have the correct security strategy in place to defend themselves. Organisations with IT security functions will often share knowledge through bilateral agreements, she explained, “Obviously this won’t be in-depth corporate IT security data. However, it will include information pertaining to attack profiles, types of attacks increasing such as phishing or meta-data extracted from attack codes.”
In large organisations, the probability of a successful spear phishing scam is close to certainty, said Viosin from Microsoft. To mitigate risks, people should only have access to what they need to know, and not more, he added. People with privileges should be only a few and trained not to indulge in risky behaviours such as browsing the Internet with their administrator rights.
Recently, Ooredoo chief operating officer Waleed Al Sayed announced at a press conference that Qatar had one of the fastest roll-outs of fibre optic networks in the world, showcasing the country’s commitment to increasing connectivity in order to aid economic development. He also announced that Ooredoo Business Fibre would be rolled out in the coming months, targeted towards small and medium businesses. As businesses increase their connectivity in Qatar and virtualise business functions, it becomes vital that they also do so with an understanding of the risks and challenges it brings.
In order to be a more difficult target, organisations should put a security programme in place. Many times, organisations that are victims of security attacks do not want to report these attacks, which, said Viosin, is only helping attackers. In case your organisation is compromised your first point of call should be Q-CERT at http://call.qcert.org/ that will help end users clean up their machines.