Tuesday 23 July 2013

OpUSA and PRISM Investigations : Report

Solutionary, the leading pure-play managed security services provider (MSSP), announced today that its Security Engineering Research Team (SERT) has released its Quarterly Threat Report for the second quarter of 2013.
The report dissects the highly coordinated OpUSA hacktivist campaign executed in early May and addresses concerns stemming from the National Security Agency's (NSA) PRISM project.
With regard to the OpUSA hacktivist campaign, SERT discovered that attackers responsible for previous Distributed Denial of Service (DDoS) attacks on the financial sector leveraged a variety of techniques to execute the campaign, including SQL Injection and Cross-Site Scripting (XSS), in addition to DDoS.
In looking more deeply at the compromised servers, SERT found that 73 percent of sites compromised during OpUSA were hosted on Microsoft IIS Web servers and that 17 percent of the platforms in use were running IIS versions 5.0 or 5.1, which are 10 years older than the current version of IIS (7.5) and no longer supported by Microsoft.
This oversight left clear and obvious holes for attackers to exploit. It is noteworthy to point out that while the United States topped the list of countries with affected servers, at 38 percent, only China stood out from the rest as a target of this campaign.
The NSA PRISM project has dominated the news since The Guardian first broke the story. Reaction among security professionals, industry members and the public has been mixed. An NSA statement claims, in part, that PRISM collects data directly from the servers of U.S. service providers, including Microsoft, Yahoo!, Google, Facebook, PalTalk, AOL, Skype, YouTube and Apple, however, at this time while Solutionary has noted concerns about the security and privacy of information, especially from non-US organizations, but has not noted any impact on client operations.
In addition to OpUSA and PRISM investigations, the SERT Q2 Threat Report summarizes the significant increase in malicious Domain Name System (DNS) requests and denial of service (DoS) activity. Again, the U.S. and China were the top two countries of origin, registering 57 percent and 30 percent, respectively, followed by France and the Russian Federation. SERT believes that an increase in DDoS attacks is likely, a prediction based on the intelligence gathered from observed reconnaissance and harvesting campaigns targeting private and commercial hosting providers.
"Observations by SERT over the past several months have led us to conclude that hacktivist attacks are on the rise and that headline-driven security concerns can often take the focus off of fixes that can improve defensive postures," said Rob Kraus, director of research, SERT. "Security and risk professionals reading this report will find that there are several simple steps that can be taken to better defend against the identified attacks."
Key Findings 

  • 73 percent of sites compromised during OpUSA were hosted on Microsoft IIS web servers
  • 17 percent of the compromised OpUSA targets hosted on Microsoft IIS platforms are running IIS versions 5.0 and 5.1, which are over 10 years old and no longer supported by Microsoft 

  • 68 percent of sites compromised by OpUSA attacks were hosted outside of the United States 

  • Increased malicious DNS-request traffic was observed originating from global sources 
  • NSA PRISM has heightened concerns about privacy and data access by the United States Government
To access a copy of the complete report, please visit Threat Reports page.

No comments:

Post a Comment