1-15 April 2015 Cyber Attacks Timeline

Spring is sprung, but unfortunately the nice season is not enough to keep the crooks’ hands off their keyboard, as the growing trend continues, and this first half of April has shown a sustained number of attacks.

The most illustrious victim is Lufthansa, whose frequent-flyers website has been hacked, with the attackers able to harvest miles from the unaware victims. Other noticeable events, always related to cyber crime, include the compromise of Linux Australia, and the discovery of Operation Buhtrap, a campaign targeting Russian banks.

But it’s maybe the cyber espionage front, the one that offered the most interesting events over the past two weeks. Chronicles reports a Russian intrusion inside the White House, the discovery of APT30, a decade-long state-sponsored campaign targeting South-East Asian assets, and the first example of an APT-to-APT campaign, something fairly more complex than a simple skirmish between Hellsing and Naikon, two enemy gangs.

Last but not least the Hacktivism has offered some remarkable events either. The most devastating has happened in France, where Pro-ISIS hackers have taken off TV5Monde, a national broadcast. And that’s not been the only one, since other minor defacements, carried on by Islamist hackers, have interested targets all over the world. Among the victims of this tide of attacks there is also the official Vatican website, despite the reason of the attack is a retaliation against the words of Pope Francs, who used the term ‘genocide’ to refer the mass killing of Armenians by Turks.

The 7th of April was also an important date for the hacktivists all around the world. Each year in this day, they reunite their efforts against a single target: Israel, which becomes the victim of the so-called OpIsrael. Of course this punctually happened, but just like the past year, the damages were marginal.

If you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014 and now 2015 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

1-15 Apr 2015 Cyber Attacks Timeline Read more…

March 2015 Cyber Attacks Statistics

Country DistributionIt’s time to aggregate the two Cyber Attack Timelines for March 2015 (Part I and Part II) into statistics.

As always, let’s start from the Country Distribution chart, which, similarly to March, sees the United States on top, followed by the United Kingdom and Australia.

After a slow start, the Daily Trend of Attacks chart shows an heterogeneously growing trend, at least up to March 29th, where the monthly peak is achieved, after which, a sudden drop appears and continues until the end of the month.

Daily Trend March 2015

We have been used to see Cyber Crime on top of the Motivations Behind Attacks chart, and March inevitably confirms this trend, with a percentage that slightly drops to 69% from 73.8% of February. Hacktivism is in line with the previous month, (20.7% vs 19%), as also Cyber Espionage is (8% vs 7.1% of February). I have also recorded a couple of events related to Cyber Warfare.

Motivations March 2015

The technique behind the 19.5% of the attacks remains uncertain, however, once again SQLi ranks on top of those known, even if the percentage drops to 16.1% from 25.3% on March. Defacements and Accounts Hijackings complete the podium of the known attacks, swapping their positions in comparison to March. The others follow…

Techniques March 2015

For the seventh month in a row, industry ranks on top of the Distribution of Targets chart with 27.6%, a value slightly increasing, but comparable with 26.2% of the previous month. Organizations show up in second place with 17.2%, ahead of Governments, at the third place, with 12.6%.

Targets March 2015

Again, the Industry Drill Down chart is extremely fragmented, the only constant is the terrible moment for the E-Commerce sites, which rank on top, well above the other categories. On the other hand, the Law Enforcement institutions are the preferred targets for the Organizations, as reported in the corresponding Drill Down chart.

Industry March 2015Org March 2015

As usual, the sample must be taken very carefully since it refers only to discovered attacks included in my timelines, aiming to provide an high level overview of the “cyber landscape”.

If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014 and now 2015 (regularly updated). You may also want to have a look at the Cyber Attack Statistics.

Of course follow @paulsparrows on Twitter for the latest updates, and feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

16-31 March 2015 Cyber Attacks Timeline

I am back in business after a short vacation period (now and then it happens!), just in time to publish the second Cyber Attack timeline of March (the first one is here), which confirms the growing trend we have been experiencing in 2015.

Two weeks packed with events, started in the worst possible way, with the massive cyber attack against Premera Blue Cross (11 million customers affected), and continued with the same baffling trend, since the list of organizations targeted by massive breaches, includes other primary companies such as British Airways, Slack and Twitch (an Amazon-owned game video streaming service).

Two weeks that also saw a sustained DDoS attack against GitHub, the discovery of several campaigns (Operation Woolen-Goldfish, the Trojan.Loziak malware targeting oil and gas companies, and the Volatile Cedar campaign originating in Lebanon), and also an official statement issued by the South Korean government, blaming North Korea for the network intrusions that stole data from Korea Hydro and Nuclear Power (KHNP).

In background, the usual sea of smaller events driven by hacktivism or cybercrime.

If you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014 and now 2015 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

16-31 Mar 2015 Cyber Attacks Timelines Read more…

Categories: Cyber Attacks Timeline, Security Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

1-15 March 2015 Cyber Attacks Timeline

Spring is at the door, and finally the endless winter is coming to an end. I am just wondering if the crooks are starting to enjoy the first rays of sun, given the relatively low level of attacks in the first half of March.

Effectively, for the first time since several months, no massive breaches have been recorded. But don’t get carried away: the second half of March has begun in the worst possible way with the gigantic breach suffered by Premera (definitely a deja vu).

In any case, during the first half of the month, there have been several remarkable attacks driven by criminal intentions, however none of them has achieved the levels we have been used to in the previous months (not for long unfortunately).

Shifting to hacktivism, the Pro-Palestinian collective Anonghost was back in action, and even the Anonymous were back from stealth mode. However the most active actors have been the pro-isis hackers, who have defaced hundreds of Western sites, forcing the FBI to investigate these incidents. It is impossible to count all the victims, so just a special mention for them.

The Cyber Espionage has maybe offered the most peculiar attack, consisting in the hijacking of the internet traffic for 167 important British Telecom customers (including a UK defense contractor) towards Ukraine, before reaching their final destination. Even if the key question probably remains unsolved: was this a gigantic routing blunder or a very large scale attack?

If you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013 and now 2014 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

1-15 Mar 2015 Cyber Attacks Timeline Read more…

February 2015 Cyber Attacks Statistics

March 9, 2015 7 comments

Country Feb 2015Here we go with the aggregated statistics extracted from the Cyber Attacks Timelines of February 2015 (Part I and Part II).

As we normally do, let’s start from the Country Distribution Chart, which is led, as usual, by the United States. All the other countries are essentially aligned on the same level, with the sole exception of the United Kingdom, which slightly emerges over the others.

The Daily Trend of Attacks  shows quite a heterogeneous distribution throughout the month. After a slow start, two peaks emerge on the 10th and the 14th.

Daily Trend Feb 2015

Even in February, Cyber Crime is on top of the Motivations Behind Attacks Chart, increasing its percentage to 73.8% from the 67.4% of January. Hacktivism slows down to 19% (from 29.2%), whereas Cyber Espionage jumps to 7.1% (was 1.1% in January).

Motivations Feb 2015

For the second month in a row SQLi ranks on top of the Attack Technique Distribution Chart with 25.3% (was 33.7% on January). Account Hijackings and  Defacements swap their positions and complete the podium for the known attacks despite the third place of Defacements is in co-location with Targeted Attacks (quite a remarkable result).

Techniques Feb 2015

For the sixth month in a row, industry ranks on top of the Distribution of Targets chart with 26.2%, a value comparable to the 28.1% of the previous month). Single Individuals rank at number two (13.6%) and Organizations at number three (11.9%). Curiously this month Governmental targets are outside the podium, slightly ahead of  Educational (and Financial) targets.

Targets Feb 2015

The Industry Drill Down chart is extremely fragmented, however the terrible moment for the E-Commerce sites continues. On the other hand, the Non-Profit institutions are the preferred targets for the Organizations, as reported in the corresponding Drill Down chart.

Industry Drill Down Feb 2015Organization Drill Down Feb 2015

As usual, the sample must be taken very carefully since it refers only to discovered attacks included in my timelines, aiming to provide an high level overview of the “cyber landscape”.

If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013 and now 2014 (regularly updated). You may also want to have a look at the Cyber Attack Statistics.

Of course follow @paulsparrows on Twitter for the latest updates, and feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

1-15 February 2015 Cyber Attacks Timeline

February 17, 2015 Leave a comment

I was delivering to Anthem the very unwelcome prize for the first massive breach of 2015, when the Operation Carbanak has brought an unexpected tail to this first half of February.

These two events have undoubtedly characterized this timeline and overshadowed all the others: on one hand, a massive cyber attack (allegedly carried on by Chinese hackers) targeting one of the largest US ensurers, able to scoop up 80 million records. On the other hand, a sophisticated long lasting campaign, stealing more than $300 million on 100 banks in 30 nations.

It is very hard to choose which one deserves the (not so) coveted prize, in any case a consideration is worth: there could not have been a worst way to begin this 2015 Infosec year.

Moving on along the timeline, other interesting events appear, such as the compromising of the Forbes web site (again Flash is on the spot) by a Chinese APT Group dubbed Codoso, a “mobile tail” of the Operation Pawn Storm, now spreading to iOS devices, and eventually an unprecedented campaign targeting Syrian rebels using a combination of fake social media and Skype accounts associated with fictional female characters.

In background, as usual, multiple events driven by hacktivism, whose most remarkable one is undoubtedly the massive campaign carried on by the Anonymous collective, aimed to erase hundreds of pro-ISIS accounts and profiles from the Cyber Space (in particular from Facebook and Twitter).

If you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013 and now 2014 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

1-15 Feb 2015 Cyber Attacks Timeline Read more…

Follow

Get every new post delivered to your Inbox.

Join 3,710 other followers