About these ads

November 2014 Cyber Attacks Statistics

December 8, 2014 Leave a comment

CountryIt’s time for the statistics derived from the Cyber Attacks Timelines of November (Part I and Part II).

Let us begin with the Country Distribution chart that, easy predictable, shows the US on top of all categories. However, globally, even Italy, Canada and UK show up, respectively for Hacktivism (the first two countries) and Cyber Crime (the latter).

The Daily Trend of Attacks chart shows a moderate activity with a peak on the 10th, and a plateau between the 13th and 14th. Despite the 5th of November is a day felt by Hacktivists, no noticeable operations have been recorded this year.

November 2014 Daily Trend

Once again Cyber Crime leads the Motivations Behind Attacks chart with 55.8% substantially in line with the previous month (was around 60%). Hacktivism ranks at number two with 28.6%, a remarkable increase compared to 13.8% of October. Whereas Cyber Espionage remains quite high (13%, despite in decrease compared to the record value of 17.2% recorded in October.

November 2014 Motivations

Defacements lead the Attack Techniques chart with 20.8% (among the known attacks). SQLi ranks at number two with 13.0% very close to DDoS, at number three with 11.7% (a consequence of the hacktivism driven hacking spree recorded in November). Targeted attacks rank at number four with 10.4%, still quite an important value, even if in decrease compared to 13.8% of October.

November 2014 Techniques

For the third month in a row, industry ranks on top of the Distribution of Targets chart (28.6%, nearly identical to October when it was 28.7%). As always governmental targets rank at number two (23.4%). While organizations are back at number three (14.3%).

November 2014 Targets

Again, targets belonging to E-Commerce rank on top of the Industry Dill Drown chart, while political organizations lead the Organization Drill Down chart.

Industry Drill Down November 2014Org Drill Down November 2014

As usual, the sample must be taken very carefully since it refers only to discovered attacks included in my timelines. The sample does not pretend to be exhaustive but only aims to provide an high level overview of the “cyber landscape”, or at least of the ones that gained space in the media (yes, using an abused expression this is just the tip of the Iceberg).

If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013 and now 2014 (regularly updated). You may also want to have a look at the Cyber Attack Statistics.

Of course follow @paulsparrows on Twitter for the latest updates, and feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

About these ads

16-30 November 2014 Cyber Attacks Timeline

December 2, 2014 Leave a comment

The Cyber Monday has just gone, and here we are with the second Cyber Attacks Timeline of November (Part I here).

Even if no massive breaches against retailers have been discovered so far (however do not get carried away since they will probably need several weeks to surface!), this month equally shows some remarkable events for Cyber Crime, Hacktivism and Cyber Espionage.

Actually I just really did not know where to begin, since each sector shows at least one noticeable events. However, after scrolling down the list, I believe that the crown of the month is all for the powerful Regin, the brand new cyber weapon discovered by Symantec. If you believed that the complexity of Stuxnet, Flame and Duqu was a closed page, you will have to change your mind.

This event has overshadowed the massive attack against Sony Pictures Entertainment, allegedly traced to North Korea, in the wake of the release of the comedy “The Interview”, which has been deemed discriminatory against the country and inciting to terrorism. This attack, which has more then one similarity with the infamous Dark Seoul, has completely blocked the Sony internal IT network and is making happy many individuals worldwide, since several Gigabytes of unreleased material are being leaked in these hours.

Last but not least the hacktivists are back! Not only the Syrian Electronic Army has exited stealth mode, with an attack to Gigya, an identity management platform, which has affected many illustrious victims worldwide, but also the Anonymous have been the authors of several attacks, just like the good old days, in the wake of the controversial decision of the Ferguson grand jury decision.

If you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013 and now 2014 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

16-30 November 2014 Cyber Attacks Timeline Read more…

Fortune 500 Cyber Attacks Timeline

November 25, 2014 3 comments

For the Infosec professionals, this troubled 2014 will be remembered for the trail of gigantic breaches unleashed nearly exactly one year ago, when the real outcome of the infamous Target breach became to emerge. The real extent of the breach was yet to be known, like also the fact that it would not have been an isolated case, but just the beginning of a nightmare.

However this is not the only example of a Fortune 500 company deeply hit, and thanks to a very smart hint by @bufferzone, I took the opportunity to collect in this timeline all the main cyber incidents involving Fortune 500 and Fortune 500 Global companies since 2011 to nowadays.

The adopted selection criteria take into considerations only incidents involving a direct impact on end users, so defacements have not been taken into consideration.

Fortune 500 Global companies are characterized by a blank value in the Rank column, whereas Fortune 500 companies are characterized by a red value. Also, when possible I inserted both values if the targeted company belongs to both charts and, in those cases in which a subsidiary company has been targeted, I have obviously inserted the rank of the parent company.

Fortune 500 Cyber Attacks TImeline Read more…

1-15 November 2014 Cyber Attacks Timeline

November 17, 2014 Leave a comment

The first half of November is gone, so it’s time for the list of the main cyber attacks occurred during these fifteen days.

Confirming the trend of the last months, the activity has been quite sustained. For sure, the most remarkable attack has targeted the Turkish branch of HSBC, and has affected 2.7 million customers, whose credit cards have been compromised (and apparently the bank has decided not to issue new cards for the impacted users).

Again the operations related to cyber espionage have played an important role: some new campaigns have come to light (for instance Darkhotel), and also several noticeable attacks have been discovered, like the one against the United States Postal Service (600,000 users affected) or the one against the National Oceanographic and Atmospheric Administration.

Even hacktivists have been quite active: the RedHack collective has reemerged from several months in stealth mode (they claim to have deleted 650,000 USD worth 0f electricity power debt), and some hackers claiming to be affiliated to the Anonymous collective have performed similar operations in Italy (in parallel with the delicate social and economical period) and the Philippines.

If you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013 and now 2014 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

1-15 November 2014 Cyber Attacks Timeline Read more…

Categories: Cyber Attacks Timeline, Security Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

October 2014 Cyber Attacks Statistics

November 10, 2014 Leave a comment

CountriesHere we are with the statistics extracted from the October cyber attacks timelines (part I and part II).

I have already stressed this concept many times, but some readers keep on asking where the data is scraped from. The answer is simple and always the same: I compile the timelines each month, quoting the sources in the footnotes. Each month I elaborate the data trying to represent them in charts, which of course cannot be exhaustive, but just give an idea of what’s going on in the cyberspace.

That said, this month I added again an old acquaintance: the graph related to the Country Distribution of attacks divided into categories: of course US rank of top, except for Cyber Espionage operations, which privilege multiple countries.

Instead, the Trend of Attacks chart shows an overall high level of activity throughout the month, with a prominent peak around the 9th, corresponding to the spree of attacks between India and Pakistan.

Daily Trend Of Attacks

As usual Cyber Crime leads the Motivations Behind Attacks chart with nearly 60% (10 points below the previous month, but always at a remarkable level). Cyber Espionage jumps at number two with a new record (17.2%). Hacktivism ranks at number three with a “modest” 13.8%. You will notice also a small presence of attacks related to Cyber War (9.2%). I decided to classify in this group the events behind India and Pakistan and an alleged (unconfirmed) attack to the Warsaw Stock Exchange, for which an hacker affiliated to IS claimed responsibility.

Distribution Oct 2014

And for the first time after so many months, SQL Injection leads the Attack Techniques chart with 18.4%. Particularly important is also the 13.8% of targeted attacks, which steadily places this category at the third place. On the opposite site, the number of DDoS attacks is constantly decreasing, and this explains its “miserable” 3.4%. I do not remember such a low level for this category.

Attack Techniques Oct 2014

Again, for the second month in a row, industry ranks on top of the Distribution of Targets Chart (28.7%), nearly 7 points ahead of governmental targets (21.8%). Attacks against single individuals are the new entry at number three (10.3%), slightly ahead of organizations (9.2%).

Targets Oct 2014

A deeper look at the distribution of the industrial targets, shows a predominance of E-Commerce (24%), while, as it often happens, political parties lead the chart of the Organizations.

Industry Distribution Oct 2014Organization Distribution Oct 2014

As usual, the sample must be taken very carefully since it refers only to discovered attacks included in my timelines. The sample does not pretend to be exhaustive but only aims to provide an high level overview of the “cyber landscape”, or at least of the ones that gained space in the media (yes, using an abused expression this is just the tip of the Iceberg).

If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013 and now 2014 (regularly updated). You may also want to have a look at the Cyber Attack Statistics.

Of course follow @paulsparrows on Twitter for the latest updates, and feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

16-31 October 2014 Cyber Attacks Timeline

November 3, 2014 4 comments

It’s time for the second timeline of October (Part I here) covering the main cyber attacks between the 16th and 31st: yet another consistent list confirming the growing trend of the last period.

In particular, in these two weeks the most important events have been spotted inside Cyber Espionage, whose chronicles report, among other, a state-sponsored attack to an unclassified network of the White House, a relevant number of operations (APT 28, Operation Pawn Storm, Operation SMN, Operation DeathClick, a tail of the infamous Sandworm), and even a man-in-the-middle attack against Chinese iCloud users.

Cybercrime is also on a roll: the trail of attacks against retailers seems unstoppable (Staples is the latest victim), but chronicles also report a massive breach in South Korea, involving Pandora TV and a gigantic SQL Injection attack, driven by CVE-2014-3704, against every unpatched website running Drupal, existing on this desperate planet. There is also space for a little bit of irony, as in case of Sourcebooks, the publisher hacked few days before releasing the latest book of Brian Krebs.

Israel and Ukraine keep on being two hot fronts for Hacktivism, whereas India is again the cradle of  cyberwar, many events event in this months (despite limited to skirmishes involving defacements of governmental and military websites).

If you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013 and now 2014 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

16-31 October 2014 Cyber Attacks Timeline Read more…

1-15 October 2014 Cyber Attacks Timeline

October 20, 2014 3 comments

Here we go with the first timeline of the main Cyber Attacks happened in October (according to my personal evaluation metric).

Two weeks very active from an information security perspective. The list of attacks is quite long and heterogeneous, with massive breaches (The Snappening and a list of nearly 7.000.000 compromised accounts used to brute-force Dropbox), a rich list of cyber crime and cyber espionage campaigns, a renewed burst of the cyber war between India and Pakistan, and a couple of operations orchestrated by hacktivists.

Digging into Cyber Crime, besides the two above quoted events, we find the Mac.BackDoor.iWorm, a widespread botnet targeting OS X, and trapping 17,000 devices. The list continues with a purported attack against Yahoo, initially believed to be orchestrated exploiting the infamous Shellshock vulnerability, the ATM malware Tyupkin, supposed to have been used for stealing millions of bucks from 50 ATMs in Eastern Europe and Russia, a breach against Kmart, and, last but not least, other two (and a half) waves of leaked photos from the Snappening.

Scrolling down the Cyber Espionage events, we cannot help but notice a similar abundance of operations with a widespread usage of 0-day vulnerabilities. Just to mention several names: Sandworm, Hurricane Panda, and even an old acquaintance like Nitro.

India and Pakistan were very busy in the Cyber Space, with  defacements and leaks against a wide range of mutual targets like also the Anonymous, who kicked off #OPHK, against China and in support of Hong Kong protesters.

If you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013 and now 2014 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

1-15 October 2014 Cyber Attacks Timeline Read more…

Categories: Cyber Attacks Timeline, Security Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
Follow

Get every new post delivered to your Inbox.

Join 3,200 other followers