Understanding Opportunistic Attacks

In many of the presentations we give each year we often talk about the concept of an opportunistic attack and for some it might be hard to grasp. With yesterday’s compromises at LinkedIn and eHarmony there is really no better time than now to take a minute an explain it.

Recent Events

Here is a quick synopsis to catch you up if you’re not aware. Yesterday, June 6th, two major social networks – professional and romantic – both reported the likelihood of a compromise within their networks. Within a few hours those reports were confirmed by a number of InfoSec companies and professionals.

  • LinkedIn – Compromised, 6.5 million passwords released into the wild
  • eHarmony – Compormised, 1.5 million passwords released into the wild

What’s important to note about these is that although its known that the passwords were compromised, little is known of the attack and how access was granted. Some are saying this is a very serious concern as the integrity of the networks come into play. Are users safe to resume using the networks? That’s the real question.

Opportunistic Attack

As the name implies, an opportunistic attack is one of opportunity. Whether we think back to last year’s TimThumb outbreak where a vulnerability was found and later exploited affecting 10’s of thousands of website owners, or you look at yesterday’s events.

Opportunistic attacks are attacks in which an attacker has a general idea of what or whom he wants to attack. Source: Hacking: The Next Generation

The idea is always simple, leverage mass hysteria in the hopes of capitalizing in some fashion – whether its monetary gain or increased cause awareness.

For instance, lets look at at the LinkedIn breech. Within hours new attacks were being released into the wild:

This is an example of a new spear-phishing attempt released within the past 24 hours in an effort to capitalize on unsuspecting users with LinkedIn. What’s good to note is that it’s not in anyway tied to the breach, instead it leverages the idea that the probability of the user receiving the email being 1 of the 150 + million users is high enough that an attack is warranted.

It’s important to note that LinkedIn has confirmed that the emails they have released do not contain any links. Specifcis of their guidance can be found here: http://news.softpedia.com/news/Confirmed-Leaked-Passwords-Correspond-to-LinkedIn-Accounts-274126.shtml

Unlike a Targeted attack, where an attack is perpetuated against a known, an Opportunistic attack looks to capitalize on the unknown. Other similar, large-scale, events that have resulted in opportunistic attacks include:

  • Michael Jackson’s Death
  • Verisign Breech
  • TimThumb Vulnerability

This ofcourse a very short list, not because of lack of events, but rather its purpose is to show varying degrees of events from cultural, corporate and technical, each contributing to some large-scale opportunistic attack.


For more information or if you have concerns please do not hesitate to contact us at info@sucuri.net or on twitter at Sucuri Security.

Scan your website for free:
About Tony Perez

I'm a technologist with a passion for the Information Security domain. I am especially interested in malware reverse engineering, incident handling and response as well as offensive counter measures. Catch my personal rants on tonyonsecurity.com and follow on twitter at perezbox.