Rewterz Threat Update – Russian-Backed Anonymous Sudan Targets Alabama with DDoS Attack

Severity

High

Analysis Summary

The state of Alabama has been targeted by a Russian-backed hacktivist named Anonymous Sudan, which resulted in a massive network disruption. Days later, Alabama seems to have trouble recovering from the network disruption caused by the cyberattack that targeted both the local and city governments.

Although according to government officials, there was no network breach or data stolen, services and workers have faced tremendous difficulties due to the disturbance of the network.

The incident came when in Birmingham, one of the biggest cities in Alabama, there apparently appeared to be separate computer network issues that had been causing service problems for days, affecting transactions involving permitting, licensing, and taxing. It also affected police departments in some areas, blocking authorities from verifying stolen vehicles or whether someone has an outstanding warrant.

Additionally, Anonymous Sudan, a Russian-backed hacktivist group that targets organizations for political reasons, launched a distributed denial-of-service (DDoS) upon the government of Alabama. The mysterious group claimed responsibility for the attack on their social site.

One of the cybersecurity experts called the attack ‘effective’ but not sophisticated as it only caused disruption in companies and services but no data was stolen or exposed. He also added that regardless of the target these attacks are a nuisance and cause inconvenience that cannot be ignored. 

Impact

• Operational Disruption
• Network Disturbance

Remediation

• Enable antivirus and anti-malware software and update signature definitions on time. Using multi-layered protection is necessary to secure vulnerable assets
• Keep devices’ firmware and software up to date to ensure that known vulnerabilities are patched.
• Employ tools that can identify unusual behavior or traffic patterns that might indicate a DDoS attack or a compromised device.
• Follow security best practices, such as disabling remote management if not needed and enabling security features provided by the device manufacturer.
• Deploy intrusion detection and prevention systems (IDS/IPS) to monitor for anomalous or malicious network activity.
• Set up alerts for unusual traffic patterns that might indicate a DDoS attack or a compromised device.
• Develop a detailed incident response plan that outlines the steps to be taken in the event of a DDoS attack.