Increase in malicious DNS request traffic
With regard to the OpUSA hacktivist campaign, Solutionary discovered that attackers responsible for previous DDoS attacks on the financial sector leveraged a variety of techniques to execute the campaign, including SQL Injection and XSS, in addition to DDoS.
73 percent of sites compromised during OpUSA were hosted on Microsoft IIS Web servers and that 17 percent of the platforms in use were running IIS versions 5.0 or 5.1, which are 10 years older than the current version of IIS (7.5) and no longer supported by Microsoft. This oversight left clear and obvious holes for attackers to exploit.
It is noteworthy to point out that while the United States topped the list of countries with affected servers, at 38 percent, only China stood out from the rest as a target of this campaign.
The NSA PRISM project has dominated the news since The Guardian first broke the story. Reaction among security professionals, industry members and the public has been mixed. An NSA statement claims, in part, that PRISM collects data directly from the servers of U.S. service providers, including Microsoft, Yahoo!, Google, Facebook, PalTalk, AOL, Skype, YouTube and Apple, however, at this time while Solutionary has noted concerns about the security and privacy of information, especially from non-US organizations, but has not noted any impact on client operations.
Solutionary also summarized the significant increase in malicious DNS requests and DoS activity. Again, the U.S. and China were the top two countries of origin, registering 57 percent and 30 percent, respectively, followed by France and the Russian Federation. An increase in DDoS attacks is likely, a prediction based on the intelligence gathered from observed reconnaissance and harvesting campaigns targeting private and commercial hosting providers.
“Observations by the Security Engineering Research Team (SERT) over the past several months have led us to conclude that hacktivist attacks are on the rise and that headline-driven security concerns can often take the focus off of fixes that can improve defensive postures,” said Rob Kraus, director of research, SERT. “Security and risk professionals reading this report will find that there are several simple steps that can be taken to better defend against the identified attacks.”