14 DAY TRIAL // Back in May, Anonymous hackers announced OpPetrol, a campaign aimed at gas and oil companies from all over the world. The operation is set to start today, June 20, 2013.
According to a message posted on Twitter a few hours ago by the campaign’s initiators, OpPetrol will start soon, and Saudi Arabia is on top of the list.
In the meantime, security experts have shared some insight on what we should expect from this Anonymous campaign.
Symantec is advising organizations to monitor their networks for unusual activities, particularly for attempts to breach perimeters. Employees should be on the lookout for social engineering tactics.
The security firm says we should expect distributed denial-of-service attacks, website and social media account defacements, data leaks aimed at proving that a breach took place, and even attacks that involve disk-wiping malware.
Trend Micro experts observed something interesting regarding the sites hacked until now, in preparation for OpPetrol.
“We traced malicious activities to the targeted sites and found IPs that have been identified in the past as compromised and being used as C&Cs by bot herders. It appears connections were made to the target sites with the intention of gaining further access or prepping for a DDoS,” Trend Micro Threat Researcher Darin Dutcher noted.
“We also found that the malware CYCBOT is being used to drive the infected systems into the target sites. Initially emerging in 2011, CYCBOT has already been primarily used in the past to drive traffic to sites, particularly ad sites. It is known to be distributed via pay-per-install schemes,” he added.
“A significant number of targeted government websites in Kuwait, Qatar, and Saudi Arabia have gone offline after having received attacks from recently compromised IPs. These IPs historically have never communicated to those government sites.”