About these ads

1-15 October 2014 Cyber Attacks Timeline

October 20, 2014 3 comments

Here we go with the first timeline of the main Cyber Attacks happened in October (according to my personal evaluation metric).

Two weeks very active from an information security perspective. The list of attacks is quite long and heterogeneous, with massive breaches (The Snappening and a list of nearly 7.000.000 compromised accounts used to brute-force Dropbox), a rich list of cyber crime and cyber espionage campaigns, a renewed burst of the cyber war between India and Pakistan, and a couple of operations orchestrated by hacktivists.

Digging into Cyber Crime, besides the two above quoted events, we find the Mac.BackDoor.iWorm, a widespread botnet targeting OS X, and trapping 17,000 devices. The list continues with a purported attack against Yahoo, initially believed to be orchestrated exploiting the infamous Shellshock vulnerability, the ATM malware Tyupkin, supposed to have been used for stealing millions of bucks from 50 ATMs in Eastern Europe and Russia, a breach against Kmart, and, last but not least, other two (and a half) waves of leaked photos from the Snappening.

Scrolling down the Cyber Espionage events, we cannot help but notice a similar abundance of operations with a widespread usage of 0-day vulnerabilities. Just to mention several names: Sandworm, Hurricane Panda, and even an old acquaintance like Nitro.

India and Pakistan were very busy in the Cyber Space, with  defacements and leaks against a wide range of mutual targets like also the Anonymous, who kicked off #OPHK, against China and in support of Hong Kong protesters.

If you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013 and now 2014 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

1-15 October 2014 Cyber Attacks Timeline Read more…

About these ads
Categories: Cyber Attacks Timeline, Security Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

September 2014 Cyber Attacks Statistics

October 13, 2014 Leave a comment

I have finally found the time to aggregate the data of September (Part I and Part II) into statistics.

As usual, let us start with the analysis of the Daily Trend of Attacks, which shows quite an heterogeneous trend with two peaks exactly at the beginning of the month and in the middle (yes, curiously during a weekend).

Daily Trend of Attacks

The Motivations Behind Attacks chart sees an unprecedented peak of Cyber Crime events. Still at number one, a constant trend during the last months, but with a remarkable 70.8% (versus 56.3% of August). The trail of POS Malware, the Shellshock vulnerability, and other minor events, certainly left a noticeable. As usual, Hacktivism ranks at number two, far below, with a “modest” 18.1% (was 28.2% in August), while  Cyber Espionage operations confirm a relatively important role (11.1%), despite slightly decreasing in comparison with 14.1% of the previous month.

Motivations Sep 2014

The most noticeable aspect of the Distribution Of Attack Techniques is the surge of SQLi attacks (at number one among the “recognized” attacks with 15.3%, versus 9.9% of August). Defacements follow closely with 11.1%. The third rank is all for the Account Hijacking thanks to “The Fappening” affair.

Attacks Sep 2014

Cyber Crime is on top of the Motivations, and as a consequence Industrial targets are on top of the Distribution of Targets Chart with a noticeable 40.3%, far beyond Governmental targets that, at last for this month, loose the crown (16.7%). The others are well behind, with the attacks towards single individuals (11.3%), which occupy steadily the third place.

Targets Sep 2014

A deeper look at the distribution of the industrial targets, shows a predominance of Software and Video Games targets (14% each). E-Commerce and Retail targets are immediately behind (10% each), sharing their position with Touristic targets, and immediately above Oil and Gas (7%).

Industry Drill Down Sep 2014Organizations Sep 2014

Once again, please bear in mind that the sample must be taken very carefully since it refers only to discovered attacks included in my timelines. The sample does not pretend to be exhaustive but only aims to provide an high level overview of the “cyber landscape”, or at least of the ones that gained space in the media (yes, using an abused expression this is just the tip of the Iceberg).

If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013 and now 2014 (regularly updated). You may also want to have a look at the Cyber Attack Statistics.

Of course follow @paulsparrows on Twitter for the latest updates, and feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

16-30 September 2014 Cyber Attacks Timeline

October 6, 2014 Leave a comment

And finally we can complete the September 2014 Cyber Attacks Timeline (Part I here), with the second part covering the most important events between the 16th and the 30th.

A very fruitful month for Cyber Criminals, since there are several events that will be remembered. For sure the Shellshock vulnerability will spoil the troubled sleeps of many System Administrators. In any case this is not the only remarkable event, the chronicles report of an (un)expected tail of the Celebrity Leak scandal (the so-called Fappening), with other two rounds of leaked pictures occurred on the 20th and the 26th, and a couple of massive breaches against TripAdvisor subsidiary Viator (1.4 million users affected) and Japan Airlines (750,000 users affected). Last but not least, it is also worthwhile to mention the group of teen hackers charged for hacking into Microsoft, the US Army and several game companies, stealing $100 million in Intellectual Property, and the so-called Operation Harkonnen, the longest cyber crime campaign ever.

Regarding the Cyber Espionage, the timeline reports the discovery of yet another Chinese Operation against US contractors, and a coordinated state-sponsored mobile malware aimed to intercept protesters in Hong Kong.

At least for once… Nothing particular interesting for Hacktivism…

If you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013 and now 2014 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

16-30 September 2014 Cyber Attacks Timeline

Read more…

1-15 September 2014 Cyber Attacks Timeline

September 29, 2014 Leave a comment

This month will be probably remembered for the Home Depot breach. Yet another one caused by the same POS malware family that hit Target, with a similar dramatic extension: unfortunately the retailer believes that 56 million of credit cards could have been compromised in this case. After such a similar gigantic breach there is not so much to add as far as Cyber Crime is concerned, as it overshadowed all the rest.

In regards of Hacktivism, this has been a terrible month for Pakistan, which has attracted the unwelcome attentions of hacktivists protesting against the corruption of the government. As a consequence dozens of government sites have been bombarded with DDOS attacks, (with few cases of defacements and leaks).

Nothing particularly important to mention for Cyber Espionage. After the spree of the past months, maybe is time for a break.

If you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013 and now 2014 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

1-15 September 2014 Cyber Attacks Timeline Read more…

August 2014 Cyber Attacks Statistics

September 8, 2014 1 comment

It’s time to aggregate the stats of the August Cyber Attacks Timelines (Part I and Part II).

As usual, let us start from the Daily Trend of Attacks, which shows quite a heterogeneous trend with two peaks around the 18 and 21 August. Despite the summer, the overall level of attacks has been quite high throughout the month.

Daily Trends of Attacks August 2014

The Motivations Behind Attacks chart confirms Cyber Crime at number one, substantially in line with the previous month (56.3%). Hacktivism ranks at number two with 28.2% (was 23% in July), while the Cyber Espionage operations keep on occupying an important role. Even if the  reported 14.1% shows a decrease compared with the 18% of July, the value is similarly noticeable. A sign that the influence of targeted attacks in the news is still strong (in wake of the multiple attacks caused by financial malware).

Motivations Behind Attacks 2014

The Distribution Of Attack Techniques reveals an unprecedented 18.2% of targeted attacks, allowing this category to attain a deserved first place (shared with the category of unknown attacks). Defacement is immediately after (15.2%), while the other categories are further behind. It is also interesting to notice the decrease of DDoS and SQLi.

Attack Techniques August 2014

Governmental targets are back on top of the Distribution of Targets Chart with 29.6%, slightly ahead of industrial targets at number two with 28.2%. The others are well behind, with the partial exception of attacks towards single individuals (11.3%), nearly as much as twice of those against news and education targets (5.6%).

Distribution of Targets August 2014

A deeper look at the distribution of the industrial targets, shows a predominance of E-Commerce sites (20%, again an effect of the financial malware outbreak) and Restaurants (15%). The others follow with less than 10%. On the other hand, there is not so much to mention for organizations, few cases, mostly concerning non-profits.

Industry Drill Down August 2014Organizations Drill Down August 2014

Once again, please bear in mind that the sample must be taken very carefully since it refers only to discovered attacks included in my timelines. The sample does not pretend to be exhaustive but only aims to provide an high level overview of the “cyber landscape”, or at least of the ones that gained space in the media (yes, using an abused expression this is just the tip of the Iceberg).

If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013 and now 2014 (regularly updated). You may also want to have a look at the Cyber Attack Statistics.

Of course follow @paulsparrows on Twitter for the latest updates, and feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

16-31 August 2014 Cyber Attacks Timeline

September 1, 2014 2 comments

August is gone, and here we are with the list of the most noticeable cyber attacks occurred during the second half of the month (first part here).

This period will be probably remembered for the massive cyber attack against Community Health Systems (4.5 million records compromised), the wave of coordinated attacks targeting JPMorgan Chase and at least four other US banks, the malware targeting 51 franchised stores of UPS, and, last but not least, the mother of all breaches in Korea (220 million records containing personal information 0f 27 million people). Another noticeable event was also the coordinated DDoS attacks against Sony Entertainment Network, Xbox Live and other online gaming services.

For what concerns cyber espionage, chronicles report, among other things, the massive coordinated cyber attack against 50 Norwegian oil and energy companies, the discovery of three cyber attacks (within the past three years) against the Nuclear Regulatory Commission, and the theft of classified information from the Malaysian agencies involved in the MH370 investigation.

Instead, nothing particularly meaningful has been reported for hacktivism: many sparse actions (mostly against direct or indirect interests of Israel) of limited impact and hence without particular consequences.

If you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013 and now 2014 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

16-31 August 2014 Cyber Attacks Timeline v2

Read more…

Categories: Cyber Attacks Timeline, Security Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

1-15 August 2014 Cyber Attacks Timeline

August 19, 2014 Leave a comment

This month of August will be probably remembered for the massive cache of 1.2 million of password scooped up by the Russian gang Cyber Vor, undoubtedly the most important event that overshadowed all the other activity recorded in these dog days.

Besides this remarkable fact, the Cyber Crime chronicles report, among others, an unprecedented attack technique, aimed to hijack ISP traffic to steal bitcoins, the breach to SuperValu, and the compromising of 60,000 staffers who participated in Tennessee health screening program.

Cyber Espionage is still in the spotlight, with the breach to USIS (United States Investigation Services), the discovery of the Turla campaign, and also of a similar campaign targeted specifically to Ukraine.

Turning the attention to hacktivism: Ukraine, Israel and the US (following the events of St. Louis) have been the hottest frontlines, even if the most important event is perhaps the attack against Gamma International, the company behind of the infamous FinFinsher spyware.

If you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013 and now 2014 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

1-15 August 2014 Cyber Attacks Timeline Read more…

Follow

Get every new post delivered to your Inbox.

Join 3,204 other followers