1-15 March 2013 Cyber Attacks Timeline
Other troubles for system administrators: March is confirming the 2013 dangerous trend with several high profile breaches against industrial, financial and governmental targets.
The first two weeks of March have begun with the breach to Evernote, and continued with (among the others) the third phase of the infamous Operation Ababil, targeting U.S. Banks and an alleged Chinese attack against the Reserve Bank of Australia.
Additional noticeable events include a wave of DDoS attacks against several Czech Republic’s targets (belonging to media, news and financial sector), a breach suffered by the NIST Vulnerability Database (unfortunately not an isolated example of the attacks against US governmental targets happened in these two weeks) and also the leak of 20,000 records from an Avast! German distributor.
Last but not least, the examined period has also confirmed the role of Twitter as the new mean to make resounding attacks against single individuals or organizations. Qatar Foundation, Saudi Aramco, and France 24 are only several of the organizations fallen victims of accounts hijacking.
Of course, these are only the main events, feel free to scroll down the list to analyze in detail what happened in these two weeks.
If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012 and now 2013 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.
Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).
Once again, a special thanks to Kim Guldberg AKA @bufferzone for continuously advising me about significant cyber events through the Submit Form! Much Appreciated!
Deutsche Telekom Unveils its Security Tachometer
As an ideal follow-up of my old post A (Graphical) World of Botnets and Cyber Attacks, I would like to mention a really interesting project unveiled by Deutsche Telekom few days ago.
Sicherheitstacho.eu (the literal translation should sound similar to “security tachometer”) is based on the honeymap project (just like HoneyNet) and shows the real-time data of the early warning system of Deutsche Telekom operated from the operator and its partners. The map shows the attacks detected by the different sensors (Honeypots) with evidence of the countries in relation of the overall number of attacks and a live-ticker.
The interesting part of the Deutsche Telekom project is represented by the possibility to have also charts and stats related to:
- Top 15 of Source Countries (Last month) – List of the top 15 countries source of attacks.
- Top 5 of Attack Types (Last month) – List of the top 5 attacks per protocol.
- Distribution of Attack Targets (Last Month) – Distribution of the attacks per target’s technology.
- Overall sum of attackers per Day (Last Month) – Total number of attackers on a daily basis.
- Overall sum of attacks per Day (Last Month) – Total number of alerts on a daily basis.
It’s really a little big planet from an information security perspective, isnt’it?
Related articles
- A (Graphical) World of Botnets and Cyber Attacks (hackmageddon.com)
February 2013 Cyber Attacks Statistics
Quick Update: More and more visitors ask where the data for the statistics is collected from. It is indicated at the end of each post, but for those that do not feel like to read until the bottom: the stats are an aggregation of the corresponding Cyber Attack Timeline of the current month.
Although the number of Cyber Attacks in February has not reached the level of January, the level of attention in this part of the year remains high.
The Daily Trend of Attacks chart clearly shows a peak around the 23th of February, the International Privacy Day, when the Anonymous unleashed their OpBigBrother, concentrating the fire against industries related to Video Surveillance and several Law Enforcement Institutions. Other “trafficked” day of the month were the 3rd and the 15th.
The Motivations Behind Attacks chart confirms the prevalence of hacktivism with 56% of occurrences, exactly the same percentage observed in January. Cyber Crime is stable at number two, even if its percentage dropped from 40% to 31%. It is interesting to notice, month after month, the growing number of Cyber Espionage campaigns discovered.
SQLi leads the Distribution Of Attack Techniques chart with 34.3% of occurrences, a value similar to the one encountered in January (32.6%) when this category of attacks ranked at number two. One month ago, the first place was for DDoS, which apparently is loosing appeal in February, dropping from the first to the fifth place with a small 8%, far from the 39% of the previous month and also overtaken, by Targeted Attacks (11.7%). The next months will tell us if this is the beginning of a new trend or simply an isolated sporadic event.
Last but not least,industry targets lead the Distribution Of Targets charts. This is a consequence of the spree of attacks against video surveillance industries happened on February the 23rd. Governmental targets confirm their second place with a value (23.7%) close to the one registered during the previous month. Targets belonging to organizations rank at the third place, in front of financial targets.
As usual, no need to remind that the sample must be taken very carefully since it refers only to discovered attacks included in the 1-15 and 16-28 February 2013 Cyber Attacks Timelines (the so-called tip of the iceberg), and hence it does not pretend to be exhaustive but only aims to provide an high level overview of the “cyber landscape”.
If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012 and now 2013 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.
Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).
Related articles
- January 2013 Cyber Attacks Statistics (hackmageddon.com)
- 16-28 February 2013 Cyber Attacks Timeline (hackmageddon.com)
- 1-16 February 2013 Cyber Attacks Timeline (hackmageddon.com)
16-28 February 2013 Cyber Attacks Timeline
It is time for the summary of the second half of February, two weeks of remarkable cyber attacks against high-tech giants, massive breaches and Twitter Account Hijackings.
Probably the most resounding events of this period (maybe more for the high profile of the victims than for the actual effects) are the two attacks, allegedly originating from China, (with a common root cause, the compromising of an iPhone developer forum) carried on against Apple and Microsoft.
But not only the two high-tech giants, other illustrious victims have fallen under the blows of hacktivists and cyber criminals. The list is quite long and includes Bank of America, American Express, Casio, ZenDesk, cPanel, Central Hudson Gas & Electric Corporation, etc.).
Last but not least, the unprecedented trail of Cyber attack against Twitter Profile belonging to single individuals (see Donald Trump) or Corporations (Burger King and Jeep). Maybe it is time to change the passwords…
If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012 and now 2013 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.
Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).
A special thanks to Kim Guldberg AKA @bufferzone for continuously advising me about significant cyber events through the Submit Form! Much Appreciated!
Microsoft Joins the Party of the Hacked Companies
With a scant statement on its Microsoft Security Response Center blog, the giant of Redmond has admitted to have been targeted by the same Cyber Attack that also hit Facebook and Apple.
“Consistent with our security response practices”, the company chose not to make a detailed statement during the initial information gathering process. According to the few information available, a small number of computers, including several machine in the Mac business unit, were infected by malicious software using techniques similar to those documented by other organizations.
This suggests that the company was probably the victim of the exploit injected through the compromising of the iPhoneDevSDK Forum. Apparently there is no evidence of customer data being affected while the investigation is ongoing.
Only the last example of an endless trail of high-profile security breaches.
1-15 February 2013 Cyber Attacks Statistics
It is time for the statistics related to the Cyber Attacks occurred during the first half of January and inserted into the the corresponding timeline.
The Daily Trend of Attacks shows two major peaks, during the 3rd of February (corresponding to the wave of DDoS attacks against Egypt Governmental targets carried on in name of OpEgypt), and just at the end of the month, when the attacks in name of OpKashmir became stronger. A third peak is visible during the 8th and, not a coincidence, it is still due to hacktivism, and in particular to the so-called OpBankUnderAttack.
The Motivations Behind Attacks Chart confirms the trend consolidated in January with Hacktivism still at the top with exactly the same percentage (56%). Cyber Crime Ranks at the second please with one half of the occurrences (28%). It is interesting to notice the Cyber Espionage that has reached its higher value (9%), maybe a consequence of the hype surrounding APT that is characterizing this period. For the first time I also had to insert a new motivation: Art. Frankly I did not find any other way to explain the Democratization of the Offshore Business made by the Italian Artist Paolo Cirio.
SQL Injection keeps on leading the chart related to the Distribution Of Attack Techniques with 31% of occurrences, almost double than DDoS at the second place with 15.6%. It is particularly interesting to notice the presence of Targeted Attacks at the third place, the higher rank ever reached so far. Media hype on the wake of the clamorous attacks of the last days, or a real increased effectiveness of the technologies that allow to detect an increasingly growing number of attacks belonging to this class of threats?
Last but not least, the Distribution of Targets Chart confirms governmental targets at the first place with nearly 30%, immediately followed by, as usual, industries (18.8%) and organizations (12.5%). In any case the level of attention of crooks is also high against targets belonging to the Financial and News sector, which steadily rank respectively at number 4 and 5 of this unwelcome chart with the 10.9% and 9.4%. The others follow….
As usual, no need to remind that the sample must be taken very carefully since it refers only to discovered attacks included in the 1-15 February 2013 Cyber Attacks Timeline (the so-called tip of the iceberg), and hence it does not pretend to be exhaustive but only aims to provide an high level overview of the “cyber landscape”.
If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012 and now 2013 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.
Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).
After Twitter and Facebook, Apple reveals to have suffered the same Cyber Attack
The same sophisticated cyber attack that has targeted Facebook and Twitter has also targeted Apple, according to an exclusive revelation by Reuters. In this latest occurrence, the attackers were able to infect several Mac computers belonging to some employees of Cupertino, exploiting the same 0-Day Java vulnerability used to carry on the attacks against the two well known social networks.
Further details have emerged in the meantime: particularly noticeable is the fact that the attackers used the consolidated “watering hole” technique, compromising a well-known mobile developer forum (iphonedevsdk.com) accessed by the employees of Cupertino (and of many other high profile companies). This has raised the concern that maybe the attackers aimed to manipulate the code of smartphone apps to compromise a huge number of users. Currently the forums shows a banner inviting users to change their passwords.
Apple is working closely with the Federal Bureau of Investigation and has released an update to disable its Java SE 6. Although there is no clear evidence about the Chinese origin of the attack, unfortunately it comes out in the worst possible period: after the wave of attacks against U.S. Media, Mandiant, the firm that investigated the attack against the NYT, released a detailed report suggesting a link between the hacks against U.S. assets. and the Chinese Army.
About The Author
Support My Work!
Share:
News
08/13/2011 - My Post on Android Malware Mentioned on Engadget.
04/14/2011 - The Article Smart Grid: L'ultima Frontiera del Cybercrime published on ICT Security Magazine May 2011.
03/14/2011 - Security Summit 2011: Paolo Passeri guest at Round Table "Mobile Security: Rischi, Tecnologie, Mercato"
02/14/2011 - The Article Gears of Cyberwar published on ICT Security Magazine January 2011.
Visitors from…
