About these ads

Archive

Archive for the ‘Security’ Category

1-15 August 2014 Cyber Attacks Timeline

August 19, 2014 Leave a comment

This month of August will be probably remembered for the massive cache of 1.2 million of password scooped up by the Russian gang Cyber Vor, undoubtedly the most important event that overshadowed all the other activity recorded in these dog days.

Besides this remarkable fact, the Cyber Crime chronicles report, among others, an unprecedented attack technique, aimed to hijack ISP traffic to steal bitcoins, the breach to SuperValu, and the compromising of 60,000 staffers who participated in Tennessee health screening program.

Cyber Espionage is still in the spotlight, with the breach to USIS (United States Investigation Services), the discovery of the Turla campaign, and also of a similar campaign targeted specifically to Ukraine.

Turning the attention to hacktivism: Ukraine, Israel and the US (following the events of St. Louis) have been the hottest frontlines, even if the most important event is perhaps the attack against Gamma International, the company behind of the infamous FinFinsher spyware.

If you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013 and now 2014 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

1-15 August 2014 Cyber Attacks Timeline Read more…

About these ads

July 2014 Cyber Attacks Statistics

August 11, 2014 Leave a comment

It’s time to aggregate the data of the timelines of July (Part II and Part II) into (hopefully) meaning stats.

Before drilling down into the numbers, a recommendation is necessary: I will never give up repeating that these stats are necessarily an approximation since the sample is very heterogeneous, and just like all approximations they could leave some shadow zones. An example for this month is represented by the tide of cyber attacks under the umbrella of #OpSaveGaza. I am not interested to enumerate all the single attacks (also because it would be virtually impossible), so this operation appears like a single entry in the stats. Of course you have any suggestion to cope with such similar situations, they are absolutely more than welcome.

So, after this tedious, but necessary introduction, let’s rock with the data.

The Daily Trend of Attacks shows quite a fragmented trend with a peak towards the end of the month. It is interesting to notice the general break during weekends. This probably depends on the collection methodology: when possible, if the information is known, I try to insert the date when the attack really happened, but in several cases this information is not available, so the reported date is the one when the attack was initially published in the news, which obviously happens less likely during weekends.

Daily Trend of Attacks July 2014

The Motivations Behind Attacks chart confirms Cyber Crime at number one with 59% of occurrences (a slight decrease compared to 65% of June). The staggering news is the resounding 18% of Cyber Espionage, confirmed the growing coverage for Targeted Attacks (they are almost always related to Cyber Espionage). Hacktivism is substantially stable at 23%, was 24% previous month).

Motivations July 2014

But the surprises continue! The Distribution Of Attack Techniques reveals an unprecedented 18.2% of targeted attacks, allowing this category to attain a deserved first place (shared with the category of unknown attacks). Defacement is immediately after (15.2%), while the other categories are further behind. It is also interesting to notice the decrease of DDoS and SQLi.

Techniques July 2014

Confirming the trend of the last months, Industry leads the Distribution of Targets Chart with 30.3%. Governmental targets rank at number two, 16.7%, well ahead of Organizations at number three with 16.7%. Values substantially in line with the ones of June.

Targets July 2014

A detailed analysis of Industrial targets shows a predominance of targets belonging to E-Commerce, Tourism and Restaurant. While Non-Profit entities lead the corresponding chart for organizations.

Industry Drilldown 2014Org Drilldown July 2014

As I mentioned before and always repeat, please bear in mind that the sample must be taken very carefully since it refers only to discovered attacks included in my timelines. The sample does not pretend to be exhaustive but only aims to provide an high level overview of the “cyber landscape”, or at least of the ones that gained space in the media (yes, using an abused expression this is just the tip of the Iceberg).

Additionally, if you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013 and now 2014 (regularly updated). You may also want to have a look at the Cyber Attack Statistics.

Of course follow @paulsparrows on Twitter for the latest updates, and feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

16-31 July 2014 Cyber Attacks Timeline

August 5, 2014 1 comment

July is gone and hence it’s time, as usual, to summarize the main cyber events happened in the second half of this month (Part I here).

For a strange coincidence this month has shown an unusual number of breaches dating back to several years ago (2010-2012) and reported only now: Catch of The Day, Think W3 Limited, Paddy Power and Lasko are the organizations affected.

Looking quickly at Cyber Crime, these two weeks have brought the breach to The Wall Street Journal (by W0rm the same author of the breach to CNET), the disclosure of a failed attempt to disrupt the Nasdaq in 2010, a breach to the website of the European Central Bank, an extensive attack aimed to compromise the Tor Infrastructure, and, last bunt not least, the DHS advisory related to Backokff, a PoS Malware already compromising 600 organizations throughout the U.S.

Moving to Cyber Espionage, this period will be remembered for the Canadian allegations against China, related to a cyber attack against The National Research Council and the possible compromising three Israeli defense contractors responsible for building the “Iron Dome” missile shield program.

Israel was even under the radar of the Hacktivists, who concentrated there their efforts in support of the #OpSaveGaza operation.

If you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013 and now 2014 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

16-31 July 2014 Cyber Attacks Timeline Read more…

1-15 July 2014 Cyber Attacks Timeline

It’s time for the first cyber attacks timeline of July reporting the main cyber events happened (or discovered) during the first half of the month.

In a short summary: if even the number of recorded attacks remains moderate, the most important events of this period are related to Cyber Espionage: eight sophisticated campaigns have been discovered, a number remarkably high for this category.

On the cyber crime front, the most important event of this period is undoubtedly the massive attacks against Boleto, the Brazilian payment system ($ 3.5 billion is the amount of money stolen by the criminals), but also the purported leak of CNET’s database (subsequently offered on sale by the criminals at the symbolic price of 1 Bitcoin) deserves a special mention. Also the African continent is on the spot with the discovery of a repeated fraud against a couple of Nigerian banks.

Nothing particularly remarkable by hacktivists, with the partial exception of the Syrian Electronic Army, back with the Specialty of the House (the account hijacking, this time against the official Twitter account of the Israel Defence Force). The hacktivistic landscape also offered some attacks against Israel, related to the events in Gaza. Nothing particularly relevant so far, but everything suggests that the number of these attacks will dramatically increase in the next timeline.

If you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013 and now 2014 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

1-15 July 2014 Cyber Attacks Timeline Read more…

June 2014 Cyber Attacks Statistics

It’s time to aggregate the Cyber Attacks Timelines of June (Part I and Part II) into statistics.

So, as usual, let’s start with the Daily Trend of Attacks chart, which shows quite an irregular trend with a sharp peak on the 11th.

Daily Attack Trend June 2014

The Motivations Behind Attacks chart confirms once again Cyber Crime at number one with 65% of occurrences. Overall the values are almost specular to the previous month. Particularly meaningful is the 11% of operations motivated by Cyber Espionage.

Motivations June 2014

The Distribution Of Attack Techniques chart shows a 27.4% of unknown attacks, a result in line with the previous month when this value was 26%. The rise of DDoS is another interesting aspects (this technique is increasingly used to blackmail victims), as also the 9.7% of targeted attacks, a relatively high value for this class, and, again, in line with the previous month.

Techniques June 2014

Once again, Industry leads the Distribution of Targets Chart with 35.5%. Governmental targets rank at number two, close to 20%, well ahead of Organizations at number three with a modest 6.5%.

Targets June 2014

Drilling down the Distribution of targets belonging to industry, shows quite an heterogeneous landscape. Software industries lead the chart with 22.7%, followed by Restaurants (??) with 13.6% and Financial Services (9.1%). All the other categories are well behind with a “flat” 4.5% each.

Industry Drill Down Jun 2014

As usual, please bear in mind that the sample must be taken very carefully since it refers only to discovered attacks included in my timelines. The sample does not pretend to be exhaustive but only aims to provide an high level overview of the “cyber landscape”, or at least of the ones that gained space in the media (yes, using an abused expression this is just the tip of the Iceberg).

Additionally, if you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013 and now 2014 (regularly updated). You may also want to have a look at the Cyber Attack Statistics.

Of course follow @paulsparrows on Twitter for the latest updates, and feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

16-31 June 2014 Cyber Attacks Timeline

I do not know if being happy or not, but it looks like the second half of June (the first timeline covering 1-15 June is here) has seen a sharp inversion of the decreasing trend recorded on the last few months. I have registered an increase of the number of attacks with particular focus on targeted attacks.

The cyber crime front offered several noticeable events, targeting, just to mention the most devastating cases: AT&T, Evernote, the State of Montana (1.3 million single individuals potentially affected), and Butler University.

Moving to hacktivism, the cyber temperature is still high in Brazil, where the hacktivists concentrated their unwelcome attentions. Other points of interest involve Pakistan, and US.

Last but not least, this period recorded an unusual number of targeted attacks spotted in the news. The list includes (but is not limited to): the British Government Secure Intranet, an US Hedge Fund, Vietnamese Ministry of Natural Resources and Environment, ICS vendors in US and Europe and a Government Agency in Taiwan.

As usual, if you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013 and now 2014 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

16-31 June 2014 Cyber Attacks Timeline rev2

Read more…

Deloitte Global Defense Outlook 2014: Cyber Operations Emerge as a Global Threat

Cyber Incident

Cyber incidents by defense spending type, 2013. Source: Deloitte Global Defense Outlook 2014

Deloitte has just released the Global Defense Outlook 2014. This independently developed report examines policies, practices, and trends affecting the defense ministries of 50 nations, and has been developed with publicly available information along with interviews with officials in government and industry, and analyses by Deloitte’s global network of defense professionals.

A section of the report is dedicated to Cyber Operations, and, as one of their publicly available data sources, Deloitte used data from my blog.

The structured analysis of the data confirms a trend: Cyber-operations are nowadays considered a national security threat across the globe.

  • The global threat to computer systems and information networks is earning more attention and policy response from defense ministries worldwide.
  • More than 60 percent of cyberattacks are directed against other Top 50 nations and that more than 20 percent of cyberattacks are directed against non-Top 50 nations. Developing economy status does not protect a nation against the prospect of a cyberattack.
  • Among the higher-income nations in the Top 50, industrial targets account for one-half to two-thirds of cyberattacks, while among the lower-income nations in the Top 50, most cyberattacks are directed against government targets. This difference may reflect the relatively high level of security and defensive capability around government systems in higher-income nations and the availability of potentially lucrative industrial targets. The difference may also reflect the relatively higher number of state-owned enterprises in the lower-income nations.
  • Cyber Operations are no longer the domain of higher-income Top 50 nations.
Cyber Incidents Target

Cyber incidents by target and defense spending type, 2013. Source: Deloitte Global Defense Outlook 2014

A really interesting reading, and not only for its implications in Cyber Space. The complete report can be found at this link.

Follow

Get every new post delivered to your Inbox.

Join 2,945 other followers