About these ads

2013 Cyber Attacks Statistics (Summary)

January 19, 2014 4 comments

This post has been possible thanks to the contribution of @piz69, who kindly (and patiently) took care to aggregate the data for 2013!

Finally we can consolidate the data related to 2013 and draw some global stats summarizing the infosec landscape for the past year. Of course this data cannot absolutely pretend to be exhaustive, but rather we could define the charts  as macro-indicators of the threat landscape and the corresponding trend, since the sources of the timelines (from which the stats are derived) are open and therefore only show cyber attacks that were discovered and gained space in the news.

Before drilling down into the data for the past year, it’s worth to have a look to the trend of the last three years (with the caveat that data for 2011 are incomplete as it was consolidated into a form comparable with 2012 and 2013 only starting from September).

Apparently 2012 and 2013 have a very different shape: 2012 shows a constant trend (with a high activity between May and June), while, after an initial peak, the line for 2013 experiences a progressive decrease, reaching a stable state. This is probably due to the minor influence of attacks motivated by hacktivism throughout the year (see the next chart).

2011-2012-Summary

2011-2013 Data Trend (data for 2011 consolidated starting from September)

A closer look to 2013 allows to understand the influence of the motivations throughout the different months. The initial part of the year is characterized by hacktivism. Cyber Crime is quite constant and ends up dominating the second half. This trend does not mean a decrease of hacktivism, but rather a different connotation throughout the year: the global-scale operations executed by the Anonymous have progressively been replaced by local phenomena (for instance the cyber attacks in India and Pakistan). Also the first months of the year are influenced by the DDos attacks of Izz ad-Din al-Qassam Cyber Fighters against US Banks.

2013-Summary

2013 Attack Trend with the Drill-down of Motivations

Exploring the motivations shows a slight advantage of Cyber Crime (47%) over Hacktivism (44%), well above Cyber Espionage (5%) and Cyber Warfare (4%).

2013-Motivations

Motivations Behind Attacks (2013)

DDoS leads the chart of known Attack Techniques (23%) ahead of SQLi (19%) and Defacements (14%). It’s also worth to mention the rank number five achieved by Account Hijacking (with 9%) and the growing influence of Targeted Attacks ranking at number six with 6%.

2013-Attacks

Top 10 Attack Techniques (2013)

Governments and Industries have been the most preferred targets for Cyber Attackers with similar values (respectively 23% and 22%). Targets belonging to finance rank at number three (7%), immediately ahead of News (6%) and Education (5%).

2013-Targets

Top 10 Targets (2013)

And, last but not least, the Top 10 Countries chart is lead by US which suffered nearly 1 attack on 2, well ahead of UK (5%) and India (3%).

2013-Countries

Top 10 Countries (2013)

As usual, bear in mind that the sample must be taken very carefully since it refers only to discovered attacks, published in the news, and included in my timelines. The sample cannot be exhaustive but only aims to provide an high level overview of the “cyber landscape”.

If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012. You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

About these ads

December 2013 Cyber Attack Statistics

January 15, 2014 Leave a comment

It’s time for the statistics derived from the Cyber Attacks Timelines of December (Part I and Part II).

As a consolidated tradition, the first chart to be shown is the Daily Attack Trend, which shows quite a constant trend with two peaks just at the beginning and at the end of the month.

December 2013 Daily Attack Trend

The Country Distribution Chart is quite monotonous: as usual the United States lead the chart (with nearly one half of the recorded attacks), well above UK (at rank number two with 8%). The other countries are quite far this month…

December 2013 Country Distribution

The Motivations Behind Attacks chart shows a clear predominance of Cyber Crime (62%) against Hacktivism (34%), a sharp increase of the first in comparison with the previous month when the values were respectively 53% and 45%.

December 2013 Motivations

Well, 28.4% of attacks into the Distribution of Attack Techniques chart are without a known origin (a sharp increase in comparison to 23.1% of the previous month). Defacements plummeted at 18.9% in comparison to 29.7% of the previous month), while DDoSes are in slight increase with 17.9% (was 15.4 one month ago). It is also interested to notice the growth of SQLi, at 12.6% against 4.4% of November.

December 2013 Distribution

Last but not least, the Distribution of Target chart, where a change at rank number one happened. In practice industry and government targets swapped their positions (with similar values in comparison to the previous month). Financial targets close the podium, leaving behind the other categories.

December 2013 Targetspng

As usual, please bear in mind that the sample must be taken very carefully since it refers only to discovered attacks, published in the news, and included in my timelines. The sample cannot be exhaustive but only aims to provide an high level overview of the “cyber landscape”.

If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012 and now 2013 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

Enhanced by Zemanta

16-31 December 2013 Cyber Attacks Timeline

January 12, 2014 Leave a comment

Let’s give the welcome to this new infosec year with the first timeline of 2014 (or better the last of 2013) summarizing the main events occurred in the second half of December 2013.

With no doubt, this holiday season has been characterized by the Target breach, whose size is constantly growing (110 million the number of potential victims according to recent estimates). This massive incident has somehow shadowed another massive breached occurred in Turkey, were Russian hackers have allegedly been able to obtain 54 million citizens’ ID Data. With similar numbers, the 300.000 users potentially affected by the Cyber Attack involving Affinity Gaming appear risible.

Other considerable events include a Christmas Intrusion on a BBC server (with the author possibly selling the backdoor access on the underground) and yet another possible intrusion by Chinese hackers on a US target, specifically the Federal Election Commission.

Nothing particularly significant on the hacktivism front characterized by the consolidated “background noise” of events whose sizes are well far from the levels of the recent years.

As usual, if you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012 and now 2013 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

16-31 December 2013 Cyber Attacks Timeline Update2 Read more…

Categories: Cyber Attacks Timeline, Security Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

2013 Top 20 Breaches

December 30, 2013 Leave a comment

This year is nearly gone, so if you are afraid to have missed the most remarkable breaches of 2013, you’d better browse the following chart.

It collects the most devastating breaches in terms of number of records affected, and has been drawn based on the data collected by Hackmageddon.com during this endless infosec year. Do you still believe the massive breach targeting Adobe has been an isolated case?

2013 Top 20 Breaches png

Top 20 Breaches of 2013. The extension of the sphere is proportional to the number of affected records.

And The Winner Is…


Ubisoft

200px-UbisoftJuly 2: the video game developer warns 58 million users that an intruder gained illegal access to some of its online systems, illegally accessing data from the account database, including user names, email addresses and encrypted passwords.


Turkey

TurkeyDecember 16: Hurriyet News reports that Russian hackers were able to obtain 54 million Turkish citizens’ ID data. The Turkey’s Supreme Election Committee initially shared the data with Political Parties, who kept the information in insecure websites, where it was easily accessed.


Evernote

200px-Evernote_logo.svgMarch 2: Evernote’s Operations & Security team discovers suspicious activity that appears to have been a coordinated attempt to access secure areas of the Evernote Service. As a precaution a massive password reset is implemented for 50 million users.


Livingsocial

01150cc8-44ee-4bbe-9143-5ef85f27144e-q60-pngApril 26: LivingSocial suffers a massive cyber attack on its computer systems, resulting in “unauthorized access to some customer data from our servers”. The hack affects customer names, emails, birthdates and encrypted passwords and impacts 50 million customers.


Cupid Media

Cupid logo.gifNovember 20: Brian Krebs reveals that an intrusion at online dating service Cupid Media earlier this year exposed more than 42 million consumer records, including names, email addresses, unencrypted passwords and birthdays.


Target

150px-Target_logo.svgDecember 19: Target Corp. confirms an unauthorized access to payment card data that may have impacted customers making credit and debit card purchases in its U.S. stores. Approximately 40 million credit and debit card accounts may have been impacted between Nov. 27 and Dec. 15, 2013.


Adobe

200px-Adobe_Systems_logo_and_wordmark.svgOctober 3: Adobe announces a massive breach affecting customer IDs and encrypted passwords for 2.9 million customers (initially). The real extent of the breach is 38 million, and also affects the source code of ColdFusion and Acrobat family


Yahoo! Japan

Yahoo_Japan_logoMay 18: Yahoo! Japan Corp. warns its 22 million users to change their passwords after the detection of an unauthorized attempt to access the administrative systems.


China

chinaDecember 9: unknown hackers leak a database of an estimated 20 million hotel reservations on multiple websites and even on WeChat, the popular messaging service.


Groupon Taiwan

230px-Groupon_logo.svgMay 28: Groupon Taiwan reveals to have suffered a cyber attack compromising usernames and passwords of its 4.1 million registered users. Apparently, the intruders did not access credit cards and financial details


Maricopa County Community College

MaricopaDecember 1: the Maricopa County Community College District notifies, after seven months, 2.4 million students and employees that their academic or personal data were compromised in an April security breach.


South Korea

South KoreaJune 25: South Korean officials reveal that unknown hackers were able to hack and release publicly personal details of more than 2 million South Korean ruling party workers and 40,000 U.S. troops, including those stationed in South Korea.


Vodafone Germany

200px-Vodafone_logo.svgSeptember 12: personal details of more than 2 million customers of Vodafone Germany are stolen from an Internal Database. Data includes names, addresses, bank account numbers and birth dates.


Ubuntuforums.org

200px-Ubuntu_logo.svgJuly 20: E-mail addresses, user names, and password data for every registered user of the Ubuntu Forums, estimated to be 1.82 million accounts, are exposed in a security breach after a hacker managed to gain administrative access to the back-end servers.


Scribd

200px-Scribd_logo.svgApril 3: the world’s largest document sharing site Scribd says it was hacked and believes up to 1% of its 100 million users’ passwords were compromised due to being stored with an outdated hashing algorithm.


Washington State Courts

Washington CourtsMay 9: the Washington State Administrative Office of the Courts (courts.wa.gov) was hacked sometime between September 2012 and February 2013, and up to 160,000 SSN and 1 million driver’s license numbers may have been accessed during the data breach.


Drupal

220px-Drupal-wordmark.svgMay 29: passwords for almost 1 million accounts on the Drupal.org website are reset after hackers gained unauthorized access to sensitive user data exploiting vulnerability in an undisclosed third-party application.


vBulletin

270px-VBulletin.svgNovember 15: vBulletin.com notifies the registered users to change their password as a consequence of a sophisticated cyber attack, allowing the attackers to access customer IDs and encrypted passwords of 860,000 individuals.


MacRumors

MacRumorslogoNovember 11: MacRumors notifies the forum users to change their password as a consequence of a cyber attack. The number of affected users is in theory 850,000.


Walla!

200px-Walla_logo.svgFebruary 14: The Anonymous hack Walla! (walla.co.il) an Israeli portal and dump 600.000 accounts on pastebin.


1-15 December 2013 Cyber Attacks Timeline

December 17, 2013 Leave a comment

Maybe hackers are feeling the Christmas atmosphere since this first half of December has recorded a minor number of attacks in comparison with the previous months. However considering merely the number of attacks to evaluate the cyber landscape could bring to wrong conclusions since, even if in absolute terms the number of attacks has experienced a decrease, in several cases the amount of affected users has been really considerable.

This is the case, for instance, of the 20 million of records leaked in China (and found on WeChat) or the 2.4 million of students and employees of Maricopa Community College compromised in an Aprl Security Breach.

It is really curious to notice that in (too) many cases the breaches have been notified several months later. As also happened for JP Morgan Chase, who also had 456,000 owners of prepaid cash cards compromised in July and notified only in December.

Concerning Cyber Espionage, chronicles report of an alleged Chinese Cyber Attack during the 2013 G8 Summit in Russia, while hacktivists were constantly active in Ukraine, Turkey, India, Syria (indirectly) and, a new Entry for December, Angola.

As usual, if you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012 and now 2013 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

1-15 December 2013 Cyber Attacks Timeline Read more…

November 2013 Cyber Attacks Statistics

December 8, 2013 Leave a comment

It’s time to summarize the Cyber Landscape of November, extracting the corresponding statistics from the two two timelines of November (part I and part II).

Let us begin with the Attack Trend. From this point of view November has been quite active and stable (despite some breaks in the trend).

Attack Trend November 2013

The attacks executed by Pakistani hackers against India and Indonesian hackers against Australia influence the Country Distribution Chart, which is led, as usual, by the US, well above these two countries.

Country Distribution November 2013

Cyber Crime leads the Motivations Behind Attacks chart (53%), even if the spread with hacktivism (45%) is much smaller in comparison with the previous month when the two were respectively at 63% and 33%. For the second consecutive month, apparently, I have recorded no operations related to Cyber Warfare.

Motivations November 2013

The Distribution of Attack Techniques Chart sees Defacement at number one for the third consecutive month with 29.7%. DDoS ranks at number three with 15.4%, more than five points above Account Hijacking, which ranks at number four with 9.9. SQLi is constantly decreasing and this month ranks at number six with 4.4%.

Attacks November 2013

The Distribution of Targets chart confirms governments at number one with 29.3% and industries at number two with 25%. What is also interesting to notice in this month is the presence into the chart of Bitcoin Wallets, an increasingly interesting prey for Cyber Criminals, at rank number seven with 3.3%. Entertainment and Software lead the drill-down chart for Industries, while Political Parties (quite obviously) lead the one for Organizations.

Targets November 2013

As usual, please bear in mind that the sample must be taken very carefully since it refers only to discovered attacks, published in the news, and included in my timelines. The sample cannot be exhaustive but only aims to provide an high level overview of the “cyber landscape”.

If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012 and now 2013 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

16-30 November 2013 Cyber Attacks Timeline

December 4, 2013 Leave a comment

It is time for the report of the cyber landscape of the second half of November.

This month will be probably remembered for the discovery of the giant breach targeting Cupid Media and involving potentially 42 million users. However, this was not the only remarkable breach of November: chronicles report of 77,000 customers of Vodafone Island having their details leaked.

Other interesting events involve a brute-force attack to GitHub, forcing several users to change password, and yet another attack against a Bitcoin Wallet (the equivalent of $1 million stole).

Not only Cyber Criminals. Even Hacktivists were particularly active in this period: the attacks of Indonesian hackers against Australian targets continued in the second part of November, as also the mutual defacements between Pakistani and Indian crews. Last but not least, the Anonymous leaked some documents and emails allegedly belonging to the Italian Governor of Lombardy and the details of 40,000 individuals from an Israeli Job search portal.

As usual, if you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012 and now 2013 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

16-30 November 2013 Cyber Attacks Timeline Read more…

Follow

Get every new post delivered to your Inbox.

Join 2,714 other followers