About these ads

Archive

Archive for December, 2012

Browsing Security Predictions for 2013

December 26, 2012 5 comments

The period between November and December is particularly interesting for the Infosec community, since nearly all the main security vendors use to unveil their predictions for the next year, trying to anticipate the trends and the issues that will trouble the system administrators’ sleeps.

Exactly as I did last year, I analyzed the predictions of 7 vendors, choosing the ones that I consider particularly meaningful for the presence of the vendor in the market and for the coverage of their respective solution portfolio. In comparison with the last year, I was not able to find any prediction from Cisco (at least so far). However I was able to include the ones issued by Symantec, that were missing from my initial version. Hence the list of the vendors taken into consideration is the following:

Nearly all the analyzed vendors went through deep transformations during the past year, reflecting the changing trends in the market. Fortinet is considered a vendor focused on UTM Technologies, although it offers a wide portfolio of solutions ranging from endpoint to WAFs. After the acquisition of Astaro, Sophos is expanding its offering from the endpoints to the UTM segment. McAfee covers a wide area: historically focused on the endpoints, the long trail of acquisitions allows the company to be present in all the segments of the security market. Websense went through its historical flagship, the URL filtering, moving its security model to the endpoint. Symantec and Trend Micro have their foundation on the endpoints, but are more and more concentrated on securing the cloud. Kaspersky is still concentrated on the endpoints, although the company has been very active in the last year in the analysis of the cyberwar events, most of all in Middle East.Security Predictions 2013

Yes, the rise of the malware on mobile platforms seems unstoppable, not only it reached unprecedented levels in 2012, but apparently it will be the protagonist even for 2013, at least for 5 vendors on 7. Indeed the vendors are 6 if one considers also the cross-platform malware which is equally a threat for mobile platforms. Furthermore one vendor (Fortinet), considers the role of mobile threats also as a threat vector for APTs in 2013.

Politically motivated attacks rank at number 2, even if with different connotations: Kaspersky and Websense mention explicitly state-sponsored attacks, while Symantec and Trend Micro include also attacks motivated by hacktivism in this category. It is not a coincidence that Kaspersky and Websense include Hacktivism into an explicit prediction.

It is also interesting to notice the ransomware at number 3 with just 3 preferences. Particularly interesting the indication of Sophos that speaks of “Irreversible” malware, since this class of threats is increasingly using encryption to make the compromised content unrecoverable.

The trend is even more visible from the distribution chart, that also emphasizes the role of the cloud, in the double shape of source and target of the cyber attacks.

Security Predictions Distributions 2013

Two vendors (McAfee and Trend Micro) include the proliferation of embedded systems (for instance Smart TV equipped with Android) as one of the main security issues for 2013. Honestly speaking I would have expected a major impact for this threat.

Last but not least, two vendors (Kaspersky and McAfee) believe that Targeted Attacks and Signed Malware will experience a major rise in 2013.

About these ads

1-15 December 2012 Attack Statistics

December 22, 2012 Leave a comment

Let us gave a look to the landscape of Cyber Attacks, during the first half of December 2012. Apparently cybercrooks are taking a break for Christmas, since, according to my selection Criteria, the number of attacks has shown a small decrease in comparison with the previous months.

The Daily Trend shows an inconstant trend with two peaks around respectively the 3rd December and the 11th and 12th (the latter due to the peak of Cyber Attacks against the US Banks).

Daily Trend 1-15 December 2012The Motivations Behind Attacks chart shows, for the first time since August, the overtake of Hacktivism against Cyber Crime. Let us see if this trend will be confirmed until the end of the year.

Motivations 1-15 December 2012

The Distribution Of Attacks chart confirms that SQL Injection confirms to be the weapon preferred by Cyber Attackers with nearly one third of the occurrences (the value reaches nearly the 40% if one sums also the cases in which the attack seems to have been carried on with this technique but no enough evidences have been collected). In my opinion it is also important to notice the presence in the chart of several attacks perpetrated exploiting application vulnerabilities, but also the growing presence of targeted attacks (as usual you can find the details on the corresponding Cyber Attack Timeline.

Distribution 1-15 December 2012

Instead, at least for the first half of the month, the Distribution of Targets chart seems quite fragmented. Governmental targets lead the chart, but Financial, Industrial and Organizational targets are very close. Maybe the fragmentation depends from the partial sample. The second half of December will tell us if cybercrooks will concentrate their attacks against a specific sector.

Targets December 2012

As usual, no need to remind that the sample must be taken very carefully since it refers only to discovered attacks (the so-called tip of the iceberg), and hence it does not pretend to be exhaustive but only aims to provide an high level overview of the “cyber landscape”.

If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 and the related statistics (regularly updated), and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts). To do so, you can use this form.

1-15 December 2012 Cyber Attacks Timeline

December 17, 2012 2 comments

Christmas is coming quickly, we have just passed the first half of December, and hence it’s time for the first update of the Cyber Attacks Timeline for December.

The Team GhostShell has decided to close the year with a clamorous Cyber Attack, and hence,as part of the project ProjectWhiteFox, has leaked 1.6 million of accounts from several organizations all over the world. This is the most important event for this first part of the month that apparently has shown a decreasing trend. Hacktivists are still focusing their attention (and their keyboards) to Israel, and Cyber Criminals are maybe preparing for the Christmas attacks.

However, the main events of the first half of December, are related to hacktivism, besides the above mentioned cyber attack, it worth to mention the new wave of massive DDoS attacks against US Banks (up to 60 Gbps of peak according to Arbor Networks), but also the leak of a ITU document on the future of Deep Packet Inspection and the attacks in Egypt, Mexico and India.

Last but not least: this two weeks also offered a giant attack to the famous Social Platform Tumblr and also the warning of the Switzerland’s national security agency (NDB) that a huge amount of secrets may have been leaked by a disgruntled IT Administrator.

If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 and the related statistics (regularly updated), and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts). To do so, you can use this form.

1-15 December 2012 Cyber Attack Timeline Read more…

Another Wiper Malware Discovered in Iran?

December 16, 2012 Leave a comment

Yet another Sunday, yet another attack in Middle East.

Iran Wiper StatementMaher Center, the Iranian Computer Emergency Response Team / Coordination Center has just released a scant report concerning another (alleged) cyber attack targeting Iran.

Few information is available so far regarding this new targeted attack. The malware, simple in design and hence apparently unrelated to the other sophisticated cyber attacks targeting the same area, seems to have an efficient design and wiping features. According to the statement, the malware “wipes files on different drives in various predefined times. Despite its simplicity in design, the malware is efficient and can wipe disk partitions and user profile directories without being recognized by anti-virus software“. However, it is not considered to be widely distributed. The report also publishes the MD5s of the five identitified components.

Wiper malware samples are becoming increasingly common in Middle East. Of course the most known example so far is the massive cyber attack targeting Saudi Aramco, occurred in August 2012 and targeting 30,000 internal workstations. Few days ago, the final results of the investigations were unveiled, suggesting that the attack was carried on by organized foreign hackers, and aimed “to stop pumping oil and gas to domestic and international markets” with huge impacts on the national economy of the kingdom.

The next hours will tell us if we are in front of a similar scenario, or the statement is rather an attempt of propaganda aimed to emphasize Iranian defensive capabilities.

Now You Can Directly Submit Cyber Attacks to Hackmageddon!

December 15, 2012 7 comments

I have added a small form to my blog for allowing the readers to eventually submit some information related to cyber attacks that deserve to be included inside the Cyber Attacks Timelines. You will have noticed that I have added a new link “Submit An Attack” in the above toolbar.toolbarThe corresponding form is very easy and straightforward. Few easy fields to fill (all the fields are mandatory except “Your Web Site”). Of course I will verify the quality and pertinence of the submitted records.

This will help to make Hackmageddon.com more “social”, and most of all, will help to improve and enrich the content of the website and also to speed up the preparation of the timelines (yes, this month I am very late). Thanks in advance to whoever will like to contribute.

November 2012 Cyber Attacks Statistics

December 9, 2012 3 comments

From an information security perspective, November has been a month with two faces. The first part of the month has been characterized by hacktivism, nevertheless the Cyber Crime has reached an unprecedented level with the 69% of occurrences.

Let us begin with the Daily Trend chart. This chart confirms the influence of cyber attacks motivated by hacktivism in the first half of the month that explain the peak around the 5th of November.

Daily Trend Nov 2012

Despite the peak of attacks motivated by hacktivism occurred in the first half of the November, the Motivations Behind Attacks chart confirms the predominance of Cyber Crime with nearly the 69% of occurrences, followed by Hacktivism with the 28%. This growing trend of Cyber Crime is in line with the previous months even if the frequency has reached an unprecedented value (the higher so far).

Motivations Nov 2012

Also in November, the Distribution Of Attack Techniques Chart confirms the predominance of SQL Injection. Nearly one attack on two has been carried on with this technique. It is also interesting to notice the presence of DNS Poisoning: November has brought three attacks executed with this method.

Techniques Nov 2012

The Distribution Of Targets chart shows the preference of cyber-crooks for targets belonging to the Industry sector. Even if the difference with governmental targets is only one point (19% against 18%), this is in contrast with the previous month where the ranks were exactly opposed (governmental targets led the chart with the 31%). Educational targets are “stable” at the 11% (were the 13% during the previous month). Curiously this month has registered a peak of attacks against Torrent sites.

Targets Nov 2012

As usual, no need to remind that the sample must be taken very carefully since it refers only to discovered attacks included in the November Cyber Attacks Timeline (the so-called tip of the iceberg), and hence it does not pretend to be exhaustive but only aims to provide an high level overview of the “cyber landscape”.

If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 (regularly updated), at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

16-30 November 2012 Cyber Attacks Timeline

December 4, 2012 1 comment

November has gone and it’s time to review this month’s cyber landscape.

From a Cyber Crime perspective, November 2012 will be probably remembered for the breach to Nationwide, one of the largest insurance and financial services providers in the US, a breach that has potentially left up to 1 million users exposed. Unfortunately, in terms of massive breaches, this is not the only remarkable event of the month, just at the end Acer India has suffered a massive cyber attack culminated in the leak of nearly 15,000 records. Not comparable with the breach that affected Nationwide, but for sure of big impact.

Also on the cyber-espionage front this month has been interesting: JAXA, the Japan Space agency has been targeted by yet another targeted attack (after January 2012) and Symantec has discovered W32.Narilam, a new destructive malware targeting several nations in Middle East.

The hacktivist front has been characterized by the dramatic events in Gaza, the attacks have reached a peak around the first half of the month (as in the first part, I did not take into consideration the attacks carried on in name of OpIsrael for which I wrote a dedicated timeline), in any case the Anonymous have found another way to mark this month, leaking 1 Gb of documents from the Syrian Ministry of Foreign Affairs.

Last but not least, this month has seen three large-scale DNS Poisoning attacks (against the Pakistani Registrar PKNIC, Inc., GoDaddy, and the Romanian Registrar). A very rare occurrence!

If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 and the related statistics (regularly updated), and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

16-30 November 2012 Cyber Attacks Timeline

Read more…

Categories: Cyber Attacks Timeline, Security Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
Follow

Get every new post delivered to your Inbox.

Join 3,091 other followers