The first half of November is gone, so it’s time for the list of the main cyber attacks occurred during these fifteen days.
Confirming the trend of the last months, the activity has been quite sustained. For sure, the most remarkable attack has targeted the Turkish branch of HSBC, and has affected 2.7 million customers, whose credit cards have been compromised (and apparently the bank has decided not to issue new cards for the impacted users).
Here we are with the statistics extracted from the October cyber attacks timelines (part I and part II).
I have already stressed this concept many times, but some readers keep on asking where the data is scraped from. The answer is simple and always the same: I compile the timelines each month, quoting the sources in the footnotes. Each month I elaborate the data trying to represent them in charts, which of course cannot be exhaustive, but just give an idea of what’s going on in the cyberspace.
It’s time for the second timeline of October (Part I here) covering the main cyber attacks between the 16th and 31st: yet another consistent list confirming the growing trend of the last period.
In particular, in these two weeks the most important events have been spotted inside Cyber Espionage, whose chronicles report, among other, a state-sponsored attack to an unclassified network of the White House, a relevant number of operations (APT 28, Operation Pawn Storm, Operation SMN, Operation DeathClick, a tail of the infamous Sandworm), and even a man-in-the-middle attack against Chinese iCloud users.
Here we go with the first timeline of the main Cyber Attacks happened in October (according to my personal evaluation metric).
Two weeks very active from an information security perspective. The list of attacks is quite long and heterogeneous, with massive breaches (The Snappening and a list of nearly 7.000.000 compromised accounts used to brute-force Dropbox), a rich list of cyber crime and cyber espionage campaigns, a renewed burst of the cyber war between India and Pakistan, and a couple of operations orchestrated by hacktivists.
I have finally found the time to aggregate the data of September (Part I and Part II) into statistics.
As usual, let us start with the analysis of the Daily Trend of Attacks, which shows quite an heterogeneous trend with two peaks exactly at the beginning of the month and in the middle (yes, curiously during a weekend).
And finally we can complete the September 2014 Cyber Attacks Timeline (Part I here), with the second part covering the most important events between the 16th and the 30th.
A very fruitful month for Cyber Criminals, since there are several events that will be remembered. For sure the Shellshock vulnerability will spoil the troubled sleeps of many System Administrators. In any case this is not the only remarkable event, the chronicles report of an (un)expected tail of the Celebrity Leak scandal (the so-called Fappening), with other two rounds of leaked pictures occurred on the 20th and the 26th, and a couple of massive breaches against TripAdvisor subsidiary Viator (1.4 million users affected) and Japan Airlines (750,000 users affected). Last but not least, it is also worthwhile to mention the group of teen hackers charged for hacking into Microsoft, the US Army and several game companies, stealing $100 million in Intellectual Property, and the so-called Operation Harkonnen, the longest cyber crime campaign ever.
This month will be probably remembered for the Home Depot breach. Yet another one caused by the same POS malware family that hit Target, with a similar dramatic extension: unfortunately the retailer believes that 56 million of credit cards could have been compromised in this case. After such a similar gigantic breach there is not so much to add as far as Cyber Crime is concerned, as it overshadowed all the rest.
It’s time to aggregate the stats of the August Cyber Attacks Timelines (Part I and Part II).
As usual, let us start from the Daily Trend of Attacks, which shows quite a heterogeneous trend with two peaks around the 18 and 21 August. Despite the summer, the overall level of attacks has been quite high throughout the month.
August is gone, and here we are with the list of the most noticeable cyber attacks occurred during the second half of the month (first part here).
This period will be probably remembered for the massive cyber attack against Community Health Systems (4.5 million records compromised), the wave of coordinated attacks targeting JPMorgan Chase and at least four other US banks, the malware targeting 51 franchised stores of UPS, and, last but not least, the mother of all breaches in Korea (220 million records containing personal information 0f 27 million people). Another noticeable event was also the coordinated DDoS attacks against Sony Entertainment Network, Xbox Live and other online gaming services.
This month of August will be probably remembered for the massive cache of 1.2 million of password scooped up by the Russian gang Cyber Vor, undoubtedly the most important event that overshadowed all the other activity recorded in these dog days.
Besides this remarkable fact, the Cyber Crime chronicles report, among others, an unprecedented attack technique, aimed to hijack ISP traffic to steal bitcoins, the breach to SuperValu, and the compromising of 60,000 staffers who participated in Tennessee health screening program.