• Skip to primary navigation
  • Skip to content
  • Skip to primary sidebar
  • Skip to footer

Sucuri Blog

Website Security News

  • Products
    • Website Security Platform
    • Website Firewall (WAF)
    • Enterprise Website Security
    • Multisite Solutions
  • Features
    • Detection
    • Protection
    • Performance
    • Response
    • Backups
  • Partners
    • Agency Solutions
    • Partners
    • Referral Program
    • Ecommerce
  • Resources
    • Guides
    • Webinars
    • Infographics
    • SiteCheck
    • Reports
    • Email Courses
  • Immediate Help
  • Login

Understanding Opportunistic Attacks

June 8, 2012Tony Perez

0
SHARES
FacebookTwitterSubscribe

In many of the presentations we give each year we often talk about the concept of an opportunistic attack and for some it might be hard to grasp. With yesterday’s compromises at LinkedIn and eHarmony there is really no better time than now to take a minute an explain it.

Recent Events

Here is a quick synopsis to catch you up if you’re not aware. Yesterday, June 6th, two major social networks – professional and romantic – both reported the likelihood of a compromise within their networks. Within a few hours those reports were confirmed by a number of InfoSec companies and professionals.

  • LinkedIn – Compromised, 6.5 million passwords released into the wild
  • eHarmony – Compormised, 1.5 million passwords released into the wild

What’s important to note about these is that although its known that the passwords were compromised, little is known of the attack and how access was granted. Some are saying this is a very serious concern as the integrity of the networks come into play. Are users safe to resume using the networks? That’s the real question.

Opportunistic Attack

As the name implies, an opportunistic attack is one of opportunity. Whether we think back to last year’s TimThumb outbreak where a vulnerability was found and later exploited affecting 10’s of thousands of website owners, or you look at yesterday’s events.

Opportunistic attacks are attacks in which an attacker has a general idea of what or whom he wants to attack. Source: Hacking: The Next Generation

The idea is always simple, leverage mass hysteria in the hopes of capitalizing in some fashion – whether its monetary gain or increased cause awareness.

For instance, lets look at at the LinkedIn breech. Within hours new attacks were being released into the wild:

This is an example of a new spear-phishing attempt released within the past 24 hours in an effort to capitalize on unsuspecting users with LinkedIn. What’s good to note is that it’s not in anyway tied to the breach, instead it leverages the idea that the probability of the user receiving the email being 1 of the 150 + million users is high enough that an attack is warranted.

It’s important to note that LinkedIn has confirmed that the emails they have released do not contain any links. Specifcis of their guidance can be found here: http://news.softpedia.com/news/Confirmed-Leaked-Passwords-Correspond-to-LinkedIn-Accounts-274126.shtml

Unlike a Targeted attack, where an attack is perpetuated against a known, an Opportunistic attack looks to capitalize on the unknown. Other similar, large-scale, events that have resulted in opportunistic attacks include:

  • Michael Jackson’s Death
  • Verisign Breech
  • TimThumb Vulnerability

This ofcourse a very short list, not because of lack of events, but rather its purpose is to show varying degrees of events from cultural, corporate and technical, each contributing to some large-scale opportunistic attack.


For more information or if you have concerns please do not hesitate to contact us at info@sucuri.net or on twitter at Sucuri Security.

0
SHARES
FacebookTwitterSubscribe

Categories: Security EducationTags: Best Practices

About Tony Perez

Tony is the Head of Security Products at GoDaddy and Sucuri Co-Founder. His passion lies in educating and bringing awareness about online threats to business owners. His passions revolve around understanding the psychology of bad actors, the impacts and havoc hacks have on website owners, and thinking through the evolution of attacks. You can find his personal thoughts on security at perezbox.com and you can follow him on Twitter at @perezbox.

Reader Interactions

Primary Sidebar

Socialize With Sucuri

We're actively engaged across multiple platforms. Follow us and let's connect!

  • Facebook
  • Twitter
  • LinkedIn
  • YouTube
  • Instagram
  • RSS Feed

Join Over 20,000 Subscribers!

Footer

Products

  • Website Firewall
  • Website AntiVirus
  • Website Backups
  • WordPress Security
  • Enterprise Services

Solutions

  • DDos Protection
  • Malware Detection
  • Malware Removal
  • Malware Prevention
  • Blacklist Removal

Support

  • Blog
  • Knowledge Base
  • SiteCheck
  • Research Labs
  • FAQ

Company

  • About
  • Media
  • Events
  • Employment
  • Contact
  • Testimonials
  • Facebook
  • Twitter
  • LinkedIn
  • Instagram

Customer Login

Sucuri Home

  • Terms of Use
  • Privacy Policy
  • Frequently Asked Questions

© 2021 Sucuri Inc. All rights reserved

Sucuri Cookie Policy
See our policy>>

Our website uses cookies, which help us to improve our site and enables us to deliver the best possible service and customer experience.