Che Commodore claims groups have already tested which are the most vulnerable sites.
A hacktivist claiming to be affiliated with infamous online collective Anonymous has said the group is planning to DDoS various high profile sponsors of the forthcoming FIFA World Cup this month.
The hacker, who goes under the name “Che Commodore”, told Reuters in a Skype interview from Brazil that Anonymous had already begun planning the campaign, designed to protest the vast sums of money being thrown at the event when the country still suffers severe social inequality.
“We have already conducted late-night tests to see which of the sites are more vulnerable,” he said. “We have a plan of attack.”
The targeted firms on the Anonymous shortlist apparently include Budweiser, Adidas, Emirates and Coca-Cola – all major sponsors of the tournament, the biggest single-event sporting competition in the world.
If it goes ahead, the DDoS campaign will be the second major attack by Anonymous in the region in recent days.
Another hacktivist, known as AnonManifest, used a phishing attack to penetrate the Foreign Ministry’s network last week and exfiltrate over 300 confidential documents which were later posted online, the report claimed.
The ministry’s email system was apparently taken down as a result and 3,000 account holders told to change their passwords.
Civil unrest directed mainly at the Brazilian government has marred the build-up to a World Cup which has already cost £9 billion – money they think would be better spent on improving things like social welfare and public services.
In June 2013, over one million people took to the streets of more than 100 cities in violent protests against the spiralling costs of the tournament.
David Howorth, VP at Alert Logic, said that the threat of attack during a major tournament like the World Cup is heightened due to the global exposure it gives hacktivists.
He urged high profile sponsors to work with their network vendors to plan a DDoS prevention strategy; ensure all apps are up-to-date and patched; and that firewall, IDS and web application firewalls are configured correctly.
“Make sure you have expertise that can monitor, correlate and analyse the security threats to your network and applications across your on-premise and cloud infrastructure 24×7 for continuous protection – this should be done now as the hackers are already testing the vulnerabilities in the infrastructure in preparation of their attacks,” he added.
“Finally, remember that hackers are creative – don’t just focus on one attack vector as the attacker will try multiple ways to cause damage.”