March 2015 Cyber Attacks Statistics

Country DistributionIt’s time to aggregate the two Cyber Attack Timelines for March 2015 (Part I and Part II) into statistics.

As always, let’s start from the Country Distribution chart, which, similarly to March, sees the United States on top, followed by the United Kingdom and Australia.

After a slow start, the Daily Trend of Attacks chart shows an heterogeneously growing trend, at least up to March 29th, where the monthly peak is achieved, after which, a sudden drop appears and continues until the end of the month.

Daily Trend March 2015

We have been used to see Cyber Crime on top of the Motivations Behind Attacks chart, and March inevitably confirms this trend, with a percentage that slightly drops to 69% from 73.8% of February. Hacktivism is in line with the previous month, (20.7% vs 19%), as also Cyber Espionage is (8% vs 7.1% of February). I have also recorded a couple of events related to Cyber Warfare.

Motivations March 2015

The technique behind the 19.5% of the attacks remains uncertain, however, once again SQLi ranks on top of those known, even if the percentage drops to 16.1% from 25.3% on March. Defacements and Accounts Hijackings complete the podium of the known attacks, swapping their positions in comparison to March. The others follow…

Techniques March 2015

For the seventh month in a row, industry ranks on top of the Distribution of Targets chart with 27.6%, a value slightly increasing, but comparable with 26.2% of the previous month. Organizations show up in second place with 17.2%, ahead of Governments, at the third place, with 12.6%.

Targets March 2015

Again, the Industry Drill Down chart is extremely fragmented, the only constant is the terrible moment for the E-Commerce sites, which rank on top, well above the other categories. On the other hand, the Law Enforcement institutions are the preferred targets for the Organizations, as reported in the corresponding Drill Down chart.

Industry March 2015Org March 2015

As usual, the sample must be taken very carefully since it refers only to discovered attacks included in my timelines, aiming to provide an high level overview of the “cyber landscape”.

If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014 and now 2015 (regularly updated). You may also want to have a look at the Cyber Attack Statistics.

Of course follow @paulsparrows on Twitter for the latest updates, and feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

16-31 March 2015 Cyber Attacks Timeline

I am back in business after a short vacation period (now and then it happens!), just in time to publish the second Cyber Attack timeline of March (the first one is here), which confirms the growing trend we have been experiencing in 2015.

Two weeks packed with events, started in the worst possible way, with the massive cyber attack against Premera Blue Cross (11 million customers affected), and continued with the same baffling trend, since the list of organizations targeted by massive breaches, includes other primary companies such as British Airways, Slack and Twitch (an Amazon-owned game video streaming service).

Two weeks that also saw a sustained DDoS attack against GitHub, the discovery of several campaigns (Operation Woolen-Goldfish, the Trojan.Loziak malware targeting oil and gas companies, and the Volatile Cedar campaign originating in Lebanon), and also an official statement issued by the South Korean government, blaming North Korea for the network intrusions that stole data from Korea Hydro and Nuclear Power (KHNP).

In background, the usual sea of smaller events driven by hacktivism or cybercrime.

If you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014 and now 2015 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

16-31 Mar 2015 Cyber Attacks Timelines Read more…

Categories: Cyber Attacks Timeline, Security Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

1-15 March 2015 Cyber Attacks Timeline

Spring is at the door, and finally the endless winter is coming to an end. I am just wondering if the crooks are starting to enjoy the first rays of sun, given the relatively low level of attacks in the first half of March.

Effectively, for the first time since several months, no massive breaches have been recorded. But don’t get carried away: the second half of March has begun in the worst possible way with the gigantic breach suffered by Premera (definitely a deja vu).

In any case, during the first half of the month, there have been several remarkable attacks driven by criminal intentions, however none of them has achieved the levels we have been used to in the previous months (not for long unfortunately).

Shifting to hacktivism, the Pro-Palestinian collective Anonghost was back in action, and even the Anonymous were back from stealth mode. However the most active actors have been the pro-isis hackers, who have defaced hundreds of Western sites, forcing the FBI to investigate these incidents. It is impossible to count all the victims, so just a special mention for them.

The Cyber Espionage has maybe offered the most peculiar attack, consisting in the hijacking of the internet traffic for 167 important British Telecom customers (including a UK defense contractor) towards Ukraine, before reaching their final destination. Even if the key question probably remains unsolved: was this a gigantic routing blunder or a very large scale attack?

If you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013 and now 2014 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

1-15 Mar 2015 Cyber Attacks Timeline Read more…

February 2015 Cyber Attacks Statistics

March 9, 2015 7 comments

Country Feb 2015Here we go with the aggregated statistics extracted from the Cyber Attacks Timelines of February 2015 (Part I and Part II).

As we normally do, let’s start from the Country Distribution Chart, which is led, as usual, by the United States. All the other countries are essentially aligned on the same level, with the sole exception of the United Kingdom, which slightly emerges over the others.

The Daily Trend of Attacks  shows quite a heterogeneous distribution throughout the month. After a slow start, two peaks emerge on the 10th and the 14th.

Daily Trend Feb 2015

Even in February, Cyber Crime is on top of the Motivations Behind Attacks Chart, increasing its percentage to 73.8% from the 67.4% of January. Hacktivism slows down to 19% (from 29.2%), whereas Cyber Espionage jumps to 7.1% (was 1.1% in January).

Motivations Feb 2015

For the second month in a row SQLi ranks on top of the Attack Technique Distribution Chart with 25.3% (was 33.7% on January). Account Hijackings and  Defacements swap their positions and complete the podium for the known attacks despite the third place of Defacements is in co-location with Targeted Attacks (quite a remarkable result).

Techniques Feb 2015

For the sixth month in a row, industry ranks on top of the Distribution of Targets chart with 26.2%, a value comparable to the 28.1% of the previous month). Single Individuals rank at number two (13.6%) and Organizations at number three (11.9%). Curiously this month Governmental targets are outside the podium, slightly ahead of  Educational (and Financial) targets.

Targets Feb 2015

The Industry Drill Down chart is extremely fragmented, however the terrible moment for the E-Commerce sites continues. On the other hand, the Non-Profit institutions are the preferred targets for the Organizations, as reported in the corresponding Drill Down chart.

Industry Drill Down Feb 2015Organization Drill Down Feb 2015

As usual, the sample must be taken very carefully since it refers only to discovered attacks included in my timelines, aiming to provide an high level overview of the “cyber landscape”.

If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013 and now 2014 (regularly updated). You may also want to have a look at the Cyber Attack Statistics.

Of course follow @paulsparrows on Twitter for the latest updates, and feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

1-15 February 2015 Cyber Attacks Timeline

February 17, 2015 Leave a comment

I was delivering to Anthem the very unwelcome prize for the first massive breach of 2015, when the Operation Carbanak has brought an unexpected tail to this first half of February.

These two events have undoubtedly characterized this timeline and overshadowed all the others: on one hand, a massive cyber attack (allegedly carried on by Chinese hackers) targeting one of the largest US ensurers, able to scoop up 80 million records. On the other hand, a sophisticated long lasting campaign, stealing more than $300 million on 100 banks in 30 nations.

It is very hard to choose which one deserves the (not so) coveted prize, in any case a consideration is worth: there could not have been a worst way to begin this 2015 Infosec year.

Moving on along the timeline, other interesting events appear, such as the compromising of the Forbes web site (again Flash is on the spot) by a Chinese APT Group dubbed Codoso, a “mobile tail” of the Operation Pawn Storm, now spreading to iOS devices, and eventually an unprecedented campaign targeting Syrian rebels using a combination of fake social media and Skype accounts associated with fictional female characters.

In background, as usual, multiple events driven by hacktivism, whose most remarkable one is undoubtedly the massive campaign carried on by the Anonymous collective, aimed to erase hundreds of pro-ISIS accounts and profiles from the Cyber Space (in particular from Facebook and Twitter).

If you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013 and now 2014 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

1-15 Feb 2015 Cyber Attacks Timeline Read more…

January 2015 Cyber Attacks Statistics

February 5, 2015 6 comments

Country DistributionIt is time to summarize the data collected into the January 2015 Cyber Attacks timelines (Part I and Part II) into valuable statistics.

Many readers keep on asking where the information used to create the stats comes from. The answer is always the same: the statistics are created elaborating the timelines that I collect (approximately) on a bi-weekly basis and I publish on this blog (see also the Cyber Attacks Master Index).

I cannot be exhaustive, but at least my intention is just to provide an overview of the Threat Landscape, reporting the attacks that gained space in the media.

Moving to the data, as usual, the United States lead the Country Distribution chart for each category. The surprises of this month are France and UK, which win the “silver medal” having suffered an unusual number of cyber attacks by Pro-Islamist hacktivists, but also a number of “more traditional” attacks related to cyber crime, a number well above the average.

The Daily Trend of Attacks Chart shows an initial peak, a new concentration of activity in the middle of the month, followed by a decreasing trend with a partial revamp towards the end.

Daily Trend Jan 2015

Cyber Crime is always on top of the Motivations Behind Attacks Chart, even if with a small decrease in comparison with December (67.4% vs 72.6%). All in favor of hacktivism, which bumped up to 29.2% from 17.8%. On the opposite site, Cyber Espionage is well below the noticeable 8.8% of December.

Sometimes it comes back! I am obviously talking about SQLi, which, after several months in the shadow, ranks on top of the Attack Technique Distribution Chart (and even with quite an important value (33.7%). Defacements and Account Hijackings complete  the podium for the known attacks.

For the fifth month in a row, industry ranks unchallenged on top of the Distribution of Targets chart (but the 28.1% recorded this month is notably smaller than the 47.9% reported in December). Governmental targets rank at number two, and educational institutions are at the third place exactly just like one month ago.

Once again, E-commerce leads the drill-down chart for the industrial targets, whereas Non-Profit are on top of the corresponding chart for organizations.

Ind Drill Down Jan 2015 Org Drill Down Jan 2015

As usual, the sample must be taken very carefully since it refers only to discovered attacks included in my timelines, aiming to provide an high level overview of the “cyber landscape”.

If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013 and now 2014 (regularly updated). You may also want to have a look at the Cyber Attack Statistics.

Of course follow @paulsparrows on Twitter for the latest updates, and feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

Follow

Get every new post delivered to your Inbox.

Join 3,686 other followers