Researchers reveal OpUSA attackers' MO
Posted on 16 May 2013.
Anonymous' highly publicized Operation USA has not been the resounding success they expected it to be.


Sure, the number of sites sporting a page containing messages from the attackers was big, but they mostly belonged to small businesses and individuals, and some of them not even to U.S. citizens and organizations.

Also, a considerable quantity of the purportedly stolen and leaked information and credentials have been discovered to have been stolen in previous attacks, bogus, or inaccurate because it was not up to date.

By analyzing information provided by the company's Smart Protection Network and the attackers' pastebins, Trend Micro researchers have discovered the prevalent modus operandi of the attackers.

"We first looked at the sites that hackers had compromised as part of the OpUSA campaign. It quickly became apparent that there were patterns in the compromised URLs: the attackers had frequently uploaded files with names like islam.php, muslim.htm, jihad.htm, and usa.htm to the compromised site. A legitimate visitor would never visit or see these particular URLs, as they were completely separate from the main site and, in effect, 'hidden,'" they explained.

This allowed the hackers to compromise sites before the actual start of the operation, but also kept the compromise hidden from most sites' owners until the right time.

The researchers also noted that the attackers visited these pages in the day or two before the official start of the campaign, likely to check whether the pages have been discovered and removed.

Unfortunately, they have been clever and used compromised machines as proxies to access those pages, so that the IP address doesn't lead to them.









Spotlight

How to keep your contactless payments secure

Posted on 19 September 2014.  |  Fraudsters can pickpocket a victimís financial data using low-cost electronics that can fit into a rucksack. Here are the top security threats you should be aware of if youíre using a RF-based card, along with our top safety tips to keep your payments secure.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Mon, Sep 22nd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //