Search Results
Previsioni di Sicurezza 2011: Il turno di Sophos
Confrontando le previsioni per il 2011 da parte dei principali produttori di sicurezza per l’Endpoint (Symantec, Mcafee, Trend Micro e Kaspersky) avevo evidenziato l’indisponibilità di analoghe predizioni da parte di Sophos, produttore di sicurezza inglese focalizzato su endpoint e protezione perimetrale considerato uno dei leader tecnologici e punto di riferimento assieme alle tecnologie già citate (per la cronaca Symantec, McAfee, Trend Micro e Sophos occupano ormai da alcuni anni posizioni di leadership nel Quadrante Magico di Gartner mentre Kaspersky, tra gli outsider, è la tecnologia che ha registrato la crescita maggiore).
Finalmente il gruppo è completo dal momento che sono da poco state rilasciate le previsioni di Sophos, previsioni che vale la pena analizzare per aggiungere un ulteriore punto di vista alla poco ambita hit parade delle minacce informatiche che turberanno il sonno dei professioni di sicurezza e degli utento nel corso del 2011.
In realtà l’analisi di Sophos prende spunto da quelle che sono state le principali minacce nel 2010 proiettandone l’impatto in ottica 2011, e per questa impostazione si discosta leggermente dalle previsioni degli altri produttori; nonostante le differenze di impostazione è comunque possibile estrapolare quelle che avranno l’impatto maggiore nel corso dell’anno da poco entrato, secondo le indicazioni del produttore di Sua Maestà.
Il 2010 si è chiuso con un impatto elevato da parte di:
- Falso Software Antivirus, di cui si sono registrate nel corso dell’anno passato, oltre mezzo milione (!!) di varianti;
- L’utilizzo di tecniche di marketing e ottimizzazione dei motori di ricerca (SEO Search Engine Optimization) per “avvelenare” le ricerche, ovvero fare in modo che i siti malevoli scalino le posizioni nell’ambito dei risultati, aumentando implicitamente la probabilità che utenti inconsapevoli approdino verso siti malevoli;
- L’utilizzo di tecniche di “ingegneria sociale” all’interno del “social network”. Un aspetto questo che lega indissolubilmente aspetti tecnologici e aspetti sociali e umani (curiosità, debolezze dei singoli) di cui sono vittima gli utenti con meno esperienza (tecnologica ed emotiva) che, seguendo un semplice link, finiscono con l’essere infettati da trojan, o ad inserire i propri dati personali in falsi form, preda di malintenzionati. La piaga è talmente diffusa che è stata coniata una apposita minaccia definita Likejacking che unisce i termini Like (il classico badge con cui gli utenti mostrano il proprio apprezzamento a post e contenuti) e Hijacking usato per indicare i dirottamenti (reali e virtuali come in questo caso).
- Lo Spam ha continuato ad imperversare anche nel corso dell’anno passato (il report cita il fatto che nei soli Stati Uniti 36 milioni di utenti abbiano comprato medicinali da siti offshore) eludendo i controlli della temibile FDA. Va tuttavia aggiunto il fatto che secondo la ricerca lo spam ha leggermente cambiato forma, privilegiando di veicolare gli utenti verso siti dove è possibile scaricare malware piuttosto che verso improbabili store (dove comunque spesso gli utenti rimangono vittima di truffe successive da parte di falsi agenti FDA).
- Stuxnet: come poteva mancare il fenomeno informatico dell’anno? Ovviamente anche il produttore anglosassone evidenzia il suo impatto, anche se, in maniera un po’ controcorrente, evidenzia maggiormente l’impatto mediatico rispetto a quello informatico.
Nel corso del 2011, secondo Sophos dovremo invece preoccuparci di:
Debolezza delle Password
Questo aspetto è principalmente umano, piuttosto che tecnologico, ma rischia nel 2011 di avere conseguenze ancora più nefaste rispetto all’anno precedente a causa del sempre maggiore numero di servizi on-line a cui gli utenti si affidano, e alla sempre minore cura nella scelta e nella gestione delle password che spesso sono le stesse per tutti i servizi, deboli e non cambiate da tempi immemorabili. La conseguenza, secondo il produttore blu è presto detta: la debolezza delle password costituisce un rischio maggiore per il furto di identità rispetto al phishing o allo spyware. La soluzione? Una rigorosa politica di controllo (AUP) per tutti gli utenti! Anche perché spesso dove non arrivano gli utenti arrivano i provider che dovrebbero tenere le credenziali al sicuro e sono invece vittime di imbarazzanti incidenti (come nel caso di Gawker rimasto vittima nel 2010 del furto di 1.3 milioni di account.
Mobile e Tablet
I produttori di solito, soprattutto se concorrenti, sono in disaccordo su tutto. Ma se c’è un argomento sul quale, come per miracolo, quasi non esistono divergenze, è proprio la centralità del mondo mobile nelle problematiche di sicurezza per il 2011. Prendendo in esame i diversi sistemi operativi si deduce, nelle previsioni di Sophos, una certa affinità, con le affermazioni a Bloomberg di Steve Chang, presidente di Trend Micro, da cui si deduce una maggiore sicurezza per il sistema operativo per la Mela piuttosto che per l’Androide, fondamentalmente per il maggiore controllo (walled garden) a cui Cupertino sottopone le applicazioni per i propri dispositivi prima di inserirle nell’App Store, e per la natura Open Source del gioiello di casa Page e Brin). Nel report si prendono in esame anche Windophs Phone 7 e RIM (la piattaforma per antonomasia del mondo Enterprise). Ma mentre nel primo caso i problemi di sicurezza provengono soprattutto dalla tendenza da parte del colosso di Redmond di privilegiare la funzionalità rispetto alla sicurezza, nel secondo caso i problemi potrebbero inconsapevolmente provenire prorprio dai governi che stanno chiedendo a RIM di ammorbidire la propria politica di cifratura end-to-end e NOC-Centrica per consentire l’ottemperanza alla legislazione anti terrorismo. Da notare che il povero Symbian occupa posizioni di rincalzo anche in questa classifica, ormai preda dei cracker solo per la maggiore diffusione del sistema.
Un aspetto però deve essere tenuto in considerazione: indipendentemente dalla piattaforma, i sistemi operativi mobili nascono con controlli di sicurezza preventivi (controlli di qualità per l’inclusione negli store) e “consuntivi” (accessi regolati delle applicazioni alle risorse hardware e software del dispositivo). Ad oggi, soprattutto per la Mela e per l’Androide, tutti i malware mobili riscontrati affliggono dispositivi jailbreakati o rootati e trovano terreno fertile nella scarsa attenzione degli utenti che utilizzano store paralleli e ignorano i permessi di accesso delle applicazioni durante l’installazione.
In questa categoria rientrano anche i Tablet, destinati ad assumere sempre maggiore diffusione nel 2011 anche in ambito corporate.
Social Network
Ovviamente le previsioni di Sophos confermano la maggiore “sensibilità” dei malintenzionati ad utilizzare il social network come mezzo di diffusione del malware, sia perché ormai i diversi siti (Facebook e Twitter in primis) sono ampiamente popolati sia per scopi personali che professionali (si stimano oltre 500 milioni di utenti per la creatura di Zuckerberg con buona pace del suo conto in banca). A detta del produttore in blu, le falle del Social Network si concentrano su:
- Applicazioni, dove, secondo un sondaggio condotto su 600, il 95% degli utenti di Facebook auspica una maggiore attenzione verso la sicurezza, auspicando un modello di controllo walled garden (giardino recintato) sulla falsa riga di quello adottato da Cupertino per il proprio App Store. Queste misure andrebbero unite ad una maggiore consapevolezza degli utenti verso i permessi delle applicazioni e ad un maggiore controllo sulle stesse;
- Impostazioni di privacy, vera spina nel fianco del social network Facebook, dove oltre il 76% del campione del sondaggio citato al punto precedente, dichiara che lascerebbe il sito in caso di problemi di privacy;
- Infrastrutture Sicure: il Caso di Twitter ha portato alla ribalta gli effetti derivanti dalla presenza di bachi nelle applicazioni server dei Social Network, e per questo motivo il produttore inglese auspica maggiore sicurezza (e maggiore attenzione degli utenti) in questo campo.
Software
Ormai le postazioni di lavoro sono diventate un coacervo di applicazioni, tutte fondamentali per svolgere le proprie attività e tutte potenziali vettori di vulnerabilità. Il 2010 è stato l’anno delle vulnerabilità di Adobe (i suoi PDF e Flash sono ormai la base di qualsiasi attività produttiva). Basta dare una occhiata a questa classifica di metà 2010 relativa alle vulnerabilità più sfruttate per rendersi conto dell’impatto delle applicazioni nei problemi di sicurezza (e quante di queste ogni utente utilizza ogni giorno: Internet Explorer, Adobe Reader, Real Player, c’è n’è veramente per tutti i gusti.
Media Rimovibili
Nelle valutazioni di Sophos figurano anche i media rimovibili come vettori di infezione. Il caso di Stuxnet insegna come anche i mezzi più tradizionali e bistrattati non vadano sottovalutati (soprattutto come vettori iniziali di infezione per le postazioni non connesse ad Internet).
Sistemi Operativi
Windows 7 sta ampiamente guadagnando consensi tra gli utenti e, secondo le previsioni condivisibili di Sophos, tra gli autori di malware, che concentreranno i propri sforzi verso questo sistema operativo. Ovviamente gli sforzi sono direttamente proporzionali alla diffusione dell’OS e pertanto destinati a crescere ulteriormente nel corso del 2011 proporzionalmente all’incremento delle quote di mercato dell’ultimo nato di casa Redmond.
Per quanto riguarda gli utenti della Mela, sino ad oggi questi hanno sempre vissuto circondati da un (falso) senso di sicurezza derivante dal nobile lignaggio UNIX del sistema operativo. In realtà la sicurezza deriva dalla minore attenzione dei malintenzionati come conseguenza della minore diffusione in ambito corporate del Mac OS e quindi, in proporzione, dal minor numero di infezioni. Naturalmente il trend di crescita del sistema operativo della Mela in ambito corporate causerà, con tutta probabilità, un incremento delle infezioni informatiche per questo sistema operativo nel 2011. Poiché l’aumento di infezioni è drasticamente facilitato dal comportamento irresponsabile degli utenti nell’installare software senza verificarne attentamente origine e provenienza, Apple è corsa ai ripari mediante la recente creazione dell’App Store anche per il sistema operativo Mac OS, in cui le applicazioni sono sottoposte al controllo di qualità.
Minacce Veicolate dai Server Web
Le minacce diffuse mediante navigazione Web rimarranno nel corso del 2011 una delle principali fonti di infezione. Queste minacce sono veicolate ad insaputa degli amministratori perché nascoste, ad esempio, su link pubblicitari gestiti all’esterno apparentemente legittimi. Le categorie di minacce veicolate tramite Web, identificate dal produttore anglosassone sono le seguenti:
- Malvertising: Pubblicità di falsi prodotti (ad esempio i fake antivirus citati in precedenza) che spingono l’utente ad installare software per ottimizzare le prestazioni o curare infezioni informatiche, che si rivelano in realtà essere trojan o malware di altro tipo.
- Siti Web Compromessi: Sophos stima che ogni giorno ci siano 30.000 siti malevoli, il 70% di questi sono siti legittimi compromessi. Questa tendenza purtroppo verrà confermata nel corso del 2011.
Email Spam
Lo spam rimarrà un mezzo di diffusione delle infezioni anche nel 2011 (in questo senso un previsione analoga era stata redatta anche da Trend Micro).
Vulnerabilità 0-day
Sophos prevede per il 2011 un ulteriore incremento di malware che farà uso di vulnerabilità 0-day.
Cybercrime
In questa area le previsioni di Sophos sono allineate a quelle degli altri produttori, ponendo il problema su due piani: un piano prettamente politico (come nei casi di Operation Aurora e Wikileaks) ed un piano prettamente enterprise, ovvero il Cybercrime verrà utilizzato sempre di più per rubare informazioni da utilizzare direttamente o da vendere al miglior offerente.
In conclusione
Anche nel caso di questo produttore viene confermato, nel 2011, il ruolo centrale di Mobile e Social Networking per quanto riguarda le problematiche di sicurezza. In particolare la continua attenzione verso il Social Networking, ribadita da questo produttore, evidenzia la necessità di un nuovo modello di sicurezza e salvaguardia dei dati. Stupisce, tra i fattori evidenziati, l’assenza del cloud (direttamente o indirettamente – è di questi giorni la notizia dell’utilizzo del servizio cloud di Amazon da parte di un hacker tedesco per decifrare la password WPA del proprio vicino di casa), mentre viene evidenzato, come nel caso di Trend Micro, il ruolo dello Spam e dei siti Web compromessi per la distribuzione del malware.
1-15 May 2013 Cyber Attacks Timeline
And here we are with our bi-weekly review of the main cyber attacks. This time is the turn of the first half of May.
Probably this month will be remembered for the huge cyber-heist against two Payment Processors, and affecting two banks (National Bank of Ras Al-Khaimah PSC in the United Arab Emirates and the Bank of Muscat in Oman), which suffered a massive loss of $45 million due to an endless wave of unlimited withdrawals from their ATMs.
Other relevant actions related to Cyber-criminal operations include the massive breaches against MSI Taiwan (50,000 records affected) and most of all, the Washington state Administrative Office of the Courts (up to 160,000 SSN and 1 million driver’s license numbers).
On the other hand, the hacktivists concentrated their efforts on the so-called OpUSA (7 May), even if it looks like that most of the attacks were nuisance-level. Instead, and this is a great news, after months of intense activity, the operation Ababil come to a stop.
On the cyber war front, this month reports an unedited conflict between Taiwan and Philippines.
Last but not least, even if this attack dates back to 2007, on the Cyber-Espionage front, Bloomberg has shaken this lazy month revealing the repeated attacks by the infamous Comment Crew hackers against Qinetiq, a very critical Defense contractor. The cyber threats from the Red Dragon (real or alleged) keep on scaring the western world.
If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012 and now 2013 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.
Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).
Read more…
16-30 April 2013 Cyber Attacks Timeline
Here’s the second part of the April cyber attacks Timeline (Part I at this link)
The most remarkable event of this period has certainly been the breach suffered by Living Social potentially exposing 50 million customers of the e-commerce website. Other illustrious victims of the month include the mobile operator DoCoMo and the online reputation firm Reputation.com.
The wake of DDoS attacks has continued even in the second part of the month: once again several U.S. banks have fallen under the blows of the Izz ad-din al-Qassam Cyber Fighters.
Like in the first half of the month, following a consolidating trend in this 2013, the Syrian Electronic Army has continued his wave of attacks against Twitter accounts (even the FIFA has been targeted). In one case, the hijacking of the Twitter account of Associated Press, the bogus tweets related to an alleged attack against the White House, the effect has crossed the boundaries of the cyber space (the Dow Jones Industrial Average fell 150 points, or about 1 percent, immediately following the tweet).
If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012 and now 2013 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.
Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).
1-15 March 2013 Cyber Attacks Timeline
Other troubles for system administrators: March is confirming the 2013 dangerous trend with several high profile breaches against industrial, financial and governmental targets.
The first two weeks of March have begun with the breach to Evernote, and continued with (among the others) the third phase of the infamous Operation Ababil, targeting U.S. Banks and an alleged Chinese attack against the Reserve Bank of Australia.
Additional noticeable events include a wave of DDoS attacks against several Czech Republic’s targets (belonging to media, news and financial sector), a breach suffered by the NIST Vulnerability Database (unfortunately not an isolated example of the attacks against US governmental targets happened in these two weeks) and also the leak of 20,000 records from an Avast! German distributor.
Last but not least, the examined period has also confirmed the role of Twitter as the new mean to make resounding attacks against single individuals or organizations. Qatar Foundation, Saudi Aramco, and France 24 are only several of the organizations fallen victims of accounts hijacking.
Of course, these are only the main events, feel free to scroll down the list to analyze in detail what happened in these two weeks.
If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012 and now 2013 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.
Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).
Once again, a special thanks to Kim Guldberg AKA @bufferzone for continuously advising me about significant cyber events through the Submit Form! Much Appreciated!
1-15 January 2013 Cyber Attacks Timeline
So here we are with the first Cyber Attacks Timeline for 2013 covering the first half of January.
Apparently the new year has begun with an intense activity by Cyber Crooks. Hacktivists and Cyber Criminals had many time to spend in front of their keyboards during the holiday break, and as a consequence the number of breaches with more than 10.000 accounts compromised is incredibly high. WWF China, the City of Steubenville, Ohio and The German Chamber of Commerce are only three examples of institutions that suffered massive breaches during the beginning of this year.
But the massive breaches are not the only remarkable events of this period: the waves of DDoS Attacks against US banks continued (and promise to extend also in the next weeks), Kaspersky Lab discovered a new massive Cyber Espionage Campaign dubbed “Red October”, and also the Japan Farm Ministry was hit by yet another Cyber Attack, allegedly originating from China…
If this is only the beginning… 2013 promises to be pretty much troubled for system administrators…
If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 and the related statistics (regularly updated), and follow @paulsparrows on Twitter for the latest updates.
Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts). To do so, you can use this form.
Browsing Security Predictions for 2013
The period between November and December is particularly interesting for the Infosec community, since nearly all the main security vendors use to unveil their predictions for the next year, trying to anticipate the trends and the issues that will trouble the system administrators’ sleeps.
Exactly as I did last year, I analyzed the predictions of 7 vendors, choosing the ones that I consider particularly meaningful for the presence of the vendor in the market and for the coverage of their respective solution portfolio. In comparison with the last year, I was not able to find any prediction from Cisco (at least so far). However I was able to include the ones issued by Symantec, that were missing from my initial version. Hence the list of the vendors taken into consideration is the following:
Nearly all the analyzed vendors went through deep transformations during the past year, reflecting the changing trends in the market. Fortinet is considered a vendor focused on UTM Technologies, although it offers a wide portfolio of solutions ranging from endpoint to WAFs. After the acquisition of Astaro, Sophos is expanding its offering from the endpoints to the UTM segment. McAfee covers a wide area: historically focused on the endpoints, the long trail of acquisitions allows the company to be present in all the segments of the security market. Websense went through its historical flagship, the URL filtering, moving its security model to the endpoint. Symantec and Trend Micro have their foundation on the endpoints, but are more and more concentrated on securing the cloud. Kaspersky is still concentrated on the endpoints, although the company has been very active in the last year in the analysis of the cyberwar events, most of all in Middle East.
Yes, the rise of the malware on mobile platforms seems unstoppable, not only it reached unprecedented levels in 2012, but apparently it will be the protagonist even for 2013, at least for 5 vendors on 7. Indeed the vendors are 6 if one considers also the cross-platform malware which is equally a threat for mobile platforms. Furthermore one vendor (Fortinet), considers the role of mobile threats also as a threat vector for APTs in 2013.
Politically motivated attacks rank at number 2, even if with different connotations: Kaspersky and Websense mention explicitly state-sponsored attacks, while Symantec and Trend Micro include also attacks motivated by hacktivism in this category. It is not a coincidence that Kaspersky and Websense include Hacktivism into an explicit prediction.
It is also interesting to notice the ransomware at number 3 with just 3 preferences. Particularly interesting the indication of Sophos that speaks of “Irreversible” malware, since this class of threats is increasingly using encryption to make the compromised content unrecoverable.
The trend is even more visible from the distribution chart, that also emphasizes the role of the cloud, in the double shape of source and target of the cyber attacks.
Two vendors (McAfee and Trend Micro) include the proliferation of embedded systems (for instance Smart TV equipped with Android) as one of the main security issues for 2013. Honestly speaking I would have expected a major impact for this threat.
Last but not least, two vendors (Kaspersky and McAfee) believe that Targeted Attacks and Signed Malware will experience a major rise in 2013.
16-30 November 2012 Cyber Attacks Timeline
November has gone and it’s time to review this month’s cyber landscape.
From a Cyber Crime perspective, November 2012 will be probably remembered for the breach to Nationwide, one of the largest insurance and financial services providers in the US, a breach that has potentially left up to 1 million users exposed. Unfortunately, in terms of massive breaches, this is not the only remarkable event of the month, just at the end Acer India has suffered a massive cyber attack culminated in the leak of nearly 15,000 records. Not comparable with the breach that affected Nationwide, but for sure of big impact.
Also on the cyber-espionage front this month has been interesting: JAXA, the Japan Space agency has been targeted by yet another targeted attack (after January 2012) and Symantec has discovered W32.Narilam, a new destructive malware targeting several nations in Middle East.
The hacktivist front has been characterized by the dramatic events in Gaza, the attacks have reached a peak around the first half of the month (as in the first part, I did not take into consideration the attacks carried on in name of OpIsrael for which I wrote a dedicated timeline), in any case the Anonymous have found another way to mark this month, leaking 1 Gb of documents from the Syrian Ministry of Foreign Affairs.
Last but not least, this month has seen three large-scale DNS Poisoning attacks (against the Pakistani Registrar PKNIC, Inc., GoDaddy, and the Romanian Registrar). A very rare occurrence!
If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 and the related statistics (regularly updated), and follow @paulsparrows on Twitter for the latest updates.
Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).
Related articles
- 1-15 November 2012 Cyber Attacks Statistics (hackmageddon.com)
- Timeline of Opisrael (hackmageddon.com)
Big in Japan: Yet Another Targeted Attack Against a Japanese Target
Updated 3/12/2012 to include the cyber attack targeting the Upper Chamber of Japanese Parliament discovered on 2 November 2011.
The New York Times has recently reported the news related to a (yet another) targeted cyber-attack against JAXA (Japan Aerospace Exploration Agency). This targeted attack has allegedly led to the exfiltration of sensitive information related to Epsilon, a solid-fuel rocket prototype supposed to be used also for military applications, suggesting the targeted attack is probably part of a cyber-espionage campaign.
The targeted attack has been carried on by mean of a malware installed in a computer at Tsukuba Space Center. Before being discovered, on November 21, the malicious executable has secretly collected data and sent it outside the agency.
This is the second known targeted attack against JAXA in less than eleven months: on January 13, 2012, a computer virus infected a data terminal at Japan’s Space Agency, causing a leak of potentially sensitive information including JAXA’s H-2 Transfer Vehicle, an unmanned vessel that ferries cargo to the International Space Station. In that circumstance officials said that information about the robotic spacecraft and its operations might have been compromised.
Unfortunately the above cyber-attacks are not episodic circumstances, confirming that Japan is a hot zone from an information security perspective, and a coveted target for cyber espionage campaigns. Undoubtedly, the strategic importance of this country in the global chessboard and hence its internal secrets and the intellectual property of its industries are more than a good reason for such similar targeted cyber-attacks.
The list is quite long…
19 September 2011: Mitsubishi Heavy Industries, Japan’s biggest defense contractor, reveals that it suffered a hacker attack in August 2011 that caused some of its networks to be infected by malware. According to the company 45 network servers and 38 PCs became infected with malware at ten facilities across Japan. The infected sites included its submarine manufacturing plant in Kobe and the Nagoya Guidance & Propulsion System Works, which makes engine parts for missiles.
24 October 2011: An internal investigation on the Cyber Attack against Mitsubishi finds signs that the information has been transmitted outside the company’s computer network “with the strong possibility that an outsider was involved”. As a consequence, sensitive information concerning vital defense equipment, such as fighter jets, as well as nuclear power plant design and safety plans, was apparently stolen.
25 October 2011: According to local media reports, computers in Japan’s lower house of parliament were hit by cyber-attacks from a server based in China that left information exposed for at least a month. A trojan horse was emailed to a Lower House member in July of the same year, the Trojan horse then downloaded malware from a server based in China, allowing remote hackers to secretly spy on email communications and steal usernames and passwords from lawmakers for at least a month.
27 October 2011: The Japanese Foreign Ministry launches an investigation to find out the consequences of a cyber-attack targeting dozens of computers used at Japanese diplomatic offices in nine countries. Many of the targeted computers were found to have been infected with a backdoor since the summer of the same year. The infection was allegedly caused by a spear-phishing attack targeting the ministry’s confidential diplomatic information. Suspects are directed to China.
2 November 2011: Japan’s parliament comes under cyber attack again, apparently from the same emails linked to China that already hit the lawmakers’ computers in Japan’s lower house of parliament. In this circumstance, malicious emails are found on computers used in the upper chamber of the Japanese parliament.
13 January 2012: Officials announce that a computer virus infected a data terminal at Japan’s space agency, causing a leak of potentially sensitive information. The malware was discovered on January 6 on a terminal used by one of its employees. The employee in question worked on JAXA’s H-2 Transfer Vehicle, an unmanned vessel that ferries cargo to the International Space Station. Information about the robotic spacecraft and its operations may thus have been compromised and in fact the investigation shows that the computer virus had gathered information from the machine.
20 July 2012: The Japanese Finance Ministry declares to have found that some of its computers have been infected with a virus since 2010 to 2011 and admits that some information may have been leaked. 123 computers on 2,000 have been found infected and, according to the investigation, the contagion started in January 2010, suggesting that information could have been leaked for over two years. The last infection occurred in November 2011, after which the apparent attack suddenly stopped.
Yet Another Breach Targeting Adobe
Hard Times for Adobe. On the evening of Tuesday, November 13, 2012, immediately after the claims of an alleged Egyptian hacker dubbed ViruS_HimA, the company has taken offline the connectusers.com forum.
In his pastebin post, the hacker claims to have breached an unidentified Adobe server, gaining full access to it and dumping the whole Database: over 150,000 emails, passwords with full data of Adobe customers and partners with some users belonging to Adobe, Google, NASA, Military Institutions, etc.).
As a proof of his breach he has published some screenshot, and a text file containing 645 records with emails belonging to some selected domains: “adobe.com”, “.mil” and “.gov”.
After the rumors, the breach has been finally confirmed by Adobe in a blog post where the company has announced the decision to take the forum offline and to reset the passwords.
Meanwhile more details about the breach are emerging: the hacker allegedly exploited a SQL Injection vulnerability, and also the cracked passwords from the breach show a lack of security with no salt, no iteration, and finally no complexity. Unfortunately we are getting more and more used to attacks exploiting SQLi and to poorly-protected passwords.
Unfortunately Adobe continues to attract the attention of cyber-attackers. At the end of September the company discovered a targeted attack against a build server accessing the code signing infrastructure with the consequence that the certificates of 5000+ applications were revoked, one month and half later the passwords of 150,000 forum users are at risk.
Related articles
October 2012 Cyber Attacks Timeline
Click here for the first part covering the Cyber Attacks from 1 to 15 October 2012.
Here is the timeline for the main Cyber Attacks in October 2012. A month that has been characterized by hacktivism and also by several remarkable cyber crime operations.
For sure the next days will be hard for taxpayers of South Carolina, whose Department of Revenue has been targeted by foreign hackers able to access records of 3.6 million of individuals. But hard days are going to come also for banks: not only the trail of DDoS attack against U.S. Banks has continued even in the second half of the month (although different groups took credit for them), but also, on the cyber crime front, Citigroup has lost 1 million of bucks because of a loophole exploited by a ring of 13 individuals. Different motivations, same lesson: bank security needs a dramatic improvement.
Moving to hactkivism, nothing new under the sun. The pale sun of October has enlightened several operations targeting governments (Greece and Italy above all, to reflect the delicate situation of these two countries) and organization all over the world…
As usual after the jump you will find all the references.
If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 and the related statistics (regularly updated), and follow @paulsparrows on Twitter for the latest updates.
Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).
Read more…
About The Author
Support My Work!
Share:
News
08/13/2011 - My Post on Android Malware Mentioned on Engadget.
04/14/2011 - The Article Smart Grid: L'ultima Frontiera del Cybercrime published on ICT Security Magazine May 2011.
03/14/2011 - Security Summit 2011: Paolo Passeri guest at Round Table "Mobile Security: Rischi, Tecnologie, Mercato"
02/14/2011 - The Article Gears of Cyberwar published on ICT Security Magazine January 2011.
Visitors from…
