Security Research
Showing results for 
Search instead for 
Do you mean 

#OpUSA Lessons Learned

SR-FI_Team ‎05-08-2013 02:27 PM - edited ‎05-08-2013 02:57 PM

Like many other security companies, we’ve been tracking #OpUSA. Prior to the event (May 7, 2013), we didn’t anticipate that this operation would garner much support given the lack of attention it received in the community (as depicted in the graph below).




We anticipated that the attacks would be similar to what the financial industry has already experienced over the last several months dealing with #OpAbabil. In fact, we felt that the most notable actor in this operation would be the Cyber Fighters. The moment we learned that the Cyber Fighters backed out of the operation, we felt strongly that this operation would be for the most part a failure. Failing to hack or disrupt the high profile targets and financial companies listed as targets.  So far, these predictions have been accurate.


While #OpUSA has shown signs of life here and there, most of the interest around the event has tapered off. So now is a good time to ask some important questions:


  • Did your company prepare for #OpUSA?
  • How much time and resources were spent handling this threat?
  • Is there such a thing as being overly prepared?
  • How can you predict the impact of the next threat?


Attacks from actors such as the Cyber Fighters have proven to be very real and have a significant impact. If a target is not prepared, they will most likely feel the effects of a DDoS attack at the very least. While the attacks are not necessarily new, they are difficult to defend against. If you don’t have the right mix of experience, products and partnerships, now is a good time to revisit your security posture.


The guidance provided by the government to mitigate threats such as #OpUSA are summarized below:


  1. Compromised hosts should be wiped and restored to a known good image. Users and administrators should be vigilant about applying the latest patches and anti-virus updates. An infected host endangers the availability, confidentiality,and integrity of data on networks. 
  2. DEP – Data Execution Prevention (DEP) should be enabled where ever possible (to help prevent buffer overflow exploits).
  3. Defend against compromised CA and web site certificates. 
  4. Have layers of defense to mitigate phishing and drive-by downloads.
  5. Make sure strong authentication has been enforced wherever possible and limit remote access.
  6. Harden your infrastructure. For instance: remove unused network interfaces, keep gear patched, ensure strong authentication, limit management access to internal devices, etc.
  7. Be prepared to minimize the effect of SQLi and XSS attacks.
  8. Verify that firewall rules are tuned and that unused rules are removed for both IPv6 and v4 networks.


In addition to the federal recommendations, we recommend the following (high level summary):


  1. Make sure to use a CDN for external web presence. CDN's help mitigate  DDoS threats substantially.
  2. Be prepared ahead of time. Work with your up-stream Internet provider to ensure they can redirect and scrub DDoS related traffic or be prepared to redirect traffic to a company such as Prolexic.
  3. Ensure that all DDoS features are tuned and enabled across all security and infrastructure devices. Firewalls, routers, IPS, gateways, etc.  Each of these has a part in defending against the attack and each have specific strengths.
  4. Be prepared to identify and block zero day threats.
  5. Using your visibility solutions, vigilantly monitor for exfiltration and anomalous behavior. Expect that someone will penetrate your perimeter.


Even though #OpUSA was a failure, it's a good indicator of the potential threats that could soon come. Review your defense posture and be prepared for the next threat that could be real.



0 Kudos
About the Author


on ‎05-13-2013 12:29 PM
27 Feb - 2 March 2017
Barcelona | Fira Gran Via
Mobile World Congress 2017
Hewlett Packard Enterprise at Mobile World Congress 2017, Barcelona | Fira Gran Via Location: Hall 3, Booth 3E11
Read more
Each Month in 2017
Software Expert Days - 2017
Join us online to talk directly with our Software experts during online Expert Days. Find information here about past, current, and upcoming Expert Da...
Read more
View all