The Solutionary Security Engineering Research Team (SERT) has been monitoring hacktivist activity that has generated a series of focused campaigns over the last month. Several hacktivist groups have reportedly joined forces and are threatening to launch a dedicated campaign of targeted cyberattacks against U.S. companies and government agencies beginning May 7, 2013. The campaign is known as OpUSA.

Solutionary encourages all organizations to prepare by ensuring that they have an incident response plan in place in the event that a compromise does occur. Since many of the  hacktivist groups that are reported to be participants in OpUSA have been responsible for past Distributed Denial of Service (DDoS) attacks in 2013, organizations should also take measures to mitigate against DDoS attacks (see the SERT white paper “In Denial? Follow Seven Steps for Better DoS and DDoS... read more >

As always, there have been lots of interesting cyber security and incident reports in the media this week. While most typically report on a major train wreck that has already occurred, every once in a while we get a warning that has had zero impact that we should all nonetheless start thinking about. One of this week’s big thought provokers was reported by Antone Gonsolves in CSO. In Mobile devices set to become next DDoS attack tool, he reports on how an analyst from Javelin Strategy & Research is convinced that smartphones and tablets are expected to become a significant launching pad for distributed denial of service (DDoS) attacks against corporate websites. Although there hasn’t been a reported case of this yet,... read more >

Recently, the Fraud Action Research Lab at RSA, released information pertaining to an impending cyber attack targeting 30 U.S. based banks. The orchestrators of the attack are actively recruiting upwards of 100 botmasters to help unleash their nefarious plot. In a nutshell, the intended attack will probably be large, with multiple coordinated and timed efforts from around the world. The attack is expected to occur sometime in the next 30 to 60 days. As of yet, RSA has not disclosed the potential targets. In reality, if your bank is not targeted today, it does not mean it will not be targeted tomorrow. But until we see “the list” you as the computer user and/or potential target do not have to live in fear.

One of the motivating theories behind the attack is to take advantage of the weak state of security surrounding banks, specifically U.S. banks. Solutionary highly recommends banks review authentication procedures for wire transfers. If not already in... read more >

Once upon a time, I was watching ESPN and they were doing this story on a basketball player named Allen Iverson. Usually when they do cover stories, it is because of something good they player did. In this case… ehhhh… not so much. Allen Iverson missed his NBA team’s practice and was questioned about it during a news interview. His response is pretty classic -- “We talking about practice? Not a game, not a game, not a game, we talking about practice? Not a game, not the game that I going out there and die for and play every game as if it was my last, we talking about practice.” It goes on for a whole 2:23... read more >

The Internet Crime Complaint Center (iC3) has released a Fraud Alert detailing increased fraudulent wire transfer activity observed across the financial services sector. Although we urge close review of the report and its recommendations, the Solutionary Security Engineering Research Team (SERT) provides a brief summary below.

The alert is based on FBI reports of increased activity of fraudulent wire-transfers occurring just prior to large-scale Distributed Denial of... read more >