Recently today Anonymous Sudan group has shared post in their Telegram group that they have temporarily paused their cyber attacks due to the shortage of Internet connection at the moment in Sudan. Any how all organizations which were declared to be the target are recommended to stay alerted and vigilant . Also recommending the organizations to follow the precautionary steps:
- It is important to ensure that both your internal and external security teams, as well as your SOC, are on high alert.
- Contact your ISP/service provider to tighten all protection measures, ensure monitoring is on high alert, and activate DDOS controls if available. If DDOS protection services are not available, it is highly recommended to consider obtaining them.
- Stay vigilant and monitor all suspicious activities and alerts, as DDoS attacks may be used as a cover for other intrusions or attacks that can go unnoticed.
- Activate your Incident Response (IR) plan and crisis management procedures to minimize the impact of any attacks.
- Keep your management informed and aligned so that you can quickly take coordinated actions in response to any attacks on your network.
- Instruct your threat intelligence team to gather and transfer any relevant information to your SOC team for monitoring, detection, and blocking of Indicators of Compromise (IOCs).
- Ensure that your IT and business/operations teams are monitoring for suspicious activities and alerts and report them to you immediately to allow for timely action.
- Review all IOCs and Tactics, Techniques, and Procedures (TTPs) and take appropriate measures to detect, respond to, and block them.
- Create or activate a hotline to communicate with all relevant stakeholders in the event of abnormal traffic or suspicious attacks, enabling a swift response.
- It is crucial to be aware that DDOS attacks can take different forms, such as volumetric or application-centric, and to have proper controls in place to detect and prevent such attacks.