May 7th 2013: OpUSA Banks Face Uncertain Threat DDoS Attack

Banks may be about to endure yet another cyberattack by hacktivist groups.

The hacker collective Anonymous has joined with groups throughout the Middle East and North Africa to vow a series of so-called denial of service attacks this Tuesday against financial institutions, other U.S. firms and government agencies.

The campaign, which hacktivists have dubbed OpUSA, comes in retaliation for what backers say are U.S. war crimes in Iraq, Afghanistan and Pakistan.

“Anonymous will make sure that this May 7th will be a day to remember,” the group wrote in a message posted April 24 on Pastebin, a website used by programmers.

The threat follows a similar campaign against commercial and government targets in Israel by Anonymous, which has claimed responsibility for a series of attacks on financial networks and online sites in that country.

The attacks are expected to consist mostly of “nuisance-level attacks against publicly accessible webpages and possibly data exploitation,” the U.S. Department of Homeland Security warned on May 1 in a bulletin obtained by Krebs on Security. “The criminal hackers behind the OpUSA campaign most likely will rely on commercial tools to exploit known vulnerabilities, rather than developing indigenous tools or exploits.”

“Independent of the success of the attacks, the criminal hackers likely will leverage press coverage and social media to propagate an anti-U.S. message,” DHS added.

No major online sites had been adversely affected as of Monday afternoon, according to Radware, a digital security firm that is monitoring the threat.

Experts say publicly announced attacks can vary in credibility and are sometimes just a bid for attracting attention. “If the attackers follow the same patterns as previously witnessed during the [Operation Israel] attacks, then targets can expect a mixture of attacks,” including “denial of service attacks and web application exploits,” Mike Schiffman, a security researcher at Cisco, wrote recently. “Given the lack of specific details about participation or capabilities, the exact severity of the attack can’t be known until it (possibly) happens.”
For protection against your eCommerce site click here.