US-CERT is advising both government agencies and the private sector to be vigilant against the continued threat of denial of service via malware in targeted attacks.
The advisory comes one week after multiple distributed denial of service (DDoS) attacks were launched against entertainment industry and US government websites by Anonymous supporters in an operation dubbed "OpMegaupload".
The attacks caused disruptions for several websites, including those operated by the Justice Department, the FBI, the US Copyright Office, Universal Music, BMI, and the RIAA.
OpMegaupload was a response to Justice Department indictments issued against executives at the file sharing website Megaupload.com for copyright infringement and piracy, as well as in general opposition to the Stop Online Piracy Act (SOPA) and the Protect Intellectual Property Act (PIPA) legislative bills currently being considered by Congress.
"This action is among the largest criminal copyright cases ever brought by the United States and directly targets the misuse of a public content storage and distribution site to commit and facilitate intellectual property crime," an FBI press release stated.
The crowd-sourced DDoS attacks have largely diminished, but US-CERT has received reports of attacks using emails designed to infect systems by way of malware-laden attachments.
"US-CERT is aware of public reports of ongoing distributed denial-of-service attacks against entities in the government and private sector. According to the reports, these attacks are being attributed to the hacker group Anonymous," the advisory states.
US-CERT, administered by the National Cyber Security Division (NCSD) at the Department of Homeland Security (DHS), recommends adherence to the following guidelines:
- Do not open attachments in email messages from unknown sources.
- Install anti-virus software and keep virus signatures files up to date.
- Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams.
- Refer to the Avoiding Social Engineering and Phishing Attacks document for information on social engineering attacks.
- Refer to the Recovering from Viruses, Worms, and Trojan Horses document for additional information on how to recover from malware.
- Refer to the Continuing Denial of Service Threats Posed by DNS recursion (v2.0) (pdf) document and Understanding Denial-of-Service Attacks document for additional information on denial-of-service attacks.