73 Percent Of OpUSA Compromised Sites Were Hosted In Microsoft IIS Web Servers

Solutionary's Security Engineering Research Team (SERT) has released its Quarterly Threat Report for the second quarter of 2013

July 23, 2013

4 Min Read

PRESS RELEASE

OMAHA, NE--(Marketwired - Jul 23, 2013) - Solutionary, the leading pure-play managed security services provider (MSSP), announced today that its Security Engineering Research Team (SERT) has released its Quarterly Threat Report for the second quarter of 2013. The report dissects the highly coordinated OpUSA hacktivist campaign executed in early May and addresses concerns stemming from the National Security Agency's (NSA) PRISM project.

Tweet This: @Solutionary Q2 Threat Report: OpUSA targets MSFT IIS Web servers 17% running unsupported versions 10+ years oldhttp://goo.gl/854gS1

With regard to the OpUSA hacktivist campaign, SERT discovered that attackers responsible for previous Distributed Denial of Service (DDoS) attacks on the financial sector leveraged a variety of techniques to execute the campaign, including SQL Injection and Cross-Site Scripting (XSS), in addition to DDoS. In looking more deeply at the compromised servers, SERT found that 73% of sites compromised during OpUSA were hosted on Microsoft IIS Web servers and that 17% of the platforms in use were running IIS versions 5.0 or 5.1, which are 10 years older than the current version of IIS (7.5) and no longer supported by Microsoft. This oversight left clear and obvious holes for attackers to exploit. It is noteworthy to point out that while the United States topped the list of countries with affected servers, at 38%, only China stood out from the rest as a target of this campaign.

The NSA PRISM project has dominated the news since The Guardian first broke the story. Reaction among security professionals, industry members and the public has been mixed. An NSA statement claims, in part, that PRISM collects data directly from the servers of U.S. service providers, including Microsoft, Yahoo!, Google, Facebook, PalTalk, AOL, Skype, YouTube and Apple, however, at this time while Solutionary has noted concerns about the security and privacy of information, especially from non-US organizations, but has not noted any impact on client operations.

In addition to OpUSA and PRISM investigations, the SERT Q2 Threat Report summarizes the significant increase in malicious Domain Name System (DNS) requests and denial of service (DoS) activity. Again, the U.S. and China were the top two countries of origin, registering 57% and 30%, respectively, followed by France and the Russian Federation. SERT believes that an increase in DDoS attacks is likely, a prediction based on the intelligence gathered from observed reconnaissance and harvesting campaigns targeting private and commercial hosting providers.

"Observations by SERT over the past several months have led us to conclude that hacktivist attacks are on the rise and that headline-driven security concerns can often take the focus off of fixes that can improve defensive postures," said Rob Kraus, director of research, SERT. "Security and risk professionals reading this report will find that there are several simple steps that can be taken to better defend against the identified attacks."

Key Findings

· 73% of sites compromised during OpUSA were hosted on Microsoft IIS web servers

· 17% of the compromised OpUSA targets hosted on Microsoft IIS platforms are running IIS versions 5.0 and 5.1, which are over 10 years old and no longer supported by Microsoft

· 68% of sites compromised by OpUSA attacks were hosted outside of the United States

· Increased malicious DNS-request traffic was observed originating from global sources

· NSA PRISM has heightened concerns about privacy and data access by the United States Government

To access a copy of the complete report, please visit our Threat Reports page.

Visit our blog at http://www.solutionary.com/resource-center/blog/.

Follow us on Twitter.

About Solutionary

Solutionary is the leading pure-play managed security services provider. Solutionary reduces the information security and compliance burden, delivering flexible managed security services that align with client goals, enhancing organizations' existing security program, infrastructure and personnel. The company's services are based on experienced security professionals, global threat intelligence from the Solutionary Security Engineering Research Team (SERT) and the patented, cloud-based ActiveGuard® service platform. Solutionary works as an extension of clients' internal teams, providing industry-leading customer service, patented technology, thought leadership, years of innovation and proprietary certifications that exceed industry standards. This client focus and dedication to customer service enables Solutionary to boast one of the highest client retention rates in the industry. Solutionary provides 24/7 services to mid-market and global enterprise clients through multiple security operations centers (SOCs) in North America. For more information, visit www.solutionary.com.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights