About these ads

Archive

Posts Tagged ‘Cyber Attacks’

1-15 August 2014 Cyber Attacks Timeline

August 19, 2014 Leave a comment

This month of August will be probably remembered for the massive cache of 1.2 million of password scooped up by the Russian gang Cyber Vor, undoubtedly the most important event that overshadowed all the other activity recorded in these dog days.

Besides this remarkable fact, the Cyber Crime chronicles report, among others, an unprecedented attack technique, aimed to hijack ISP traffic to steal bitcoins, the breach to SuperValu, and the compromising of 60,000 staffers who participated in Tennessee health screening program.

Cyber Espionage is still in the spotlight, with the breach to USIS (United States Investigation Services), the discovery of the Turla campaign, and also of a similar campaign targeted specifically to Ukraine.

Turning the attention to hacktivism: Ukraine, Israel and the US (following the events of St. Louis) have been the hottest frontlines, even if the most important event is perhaps the attack against Gamma International, the company behind of the infamous FinFinsher spyware.

If you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013 and now 2014 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

1-15 August 2014 Cyber Attacks Timeline Read more…

About these ads

July 2014 Cyber Attacks Statistics

August 11, 2014 Leave a comment

It’s time to aggregate the data of the timelines of July (Part II and Part II) into (hopefully) meaning stats.

Before drilling down into the numbers, a recommendation is necessary: I will never give up repeating that these stats are necessarily an approximation since the sample is very heterogeneous, and just like all approximations they could leave some shadow zones. An example for this month is represented by the tide of cyber attacks under the umbrella of #OpSaveGaza. I am not interested to enumerate all the single attacks (also because it would be virtually impossible), so this operation appears like a single entry in the stats. Of course you have any suggestion to cope with such similar situations, they are absolutely more than welcome.

So, after this tedious, but necessary introduction, let’s rock with the data.

The Daily Trend of Attacks shows quite a fragmented trend with a peak towards the end of the month. It is interesting to notice the general break during weekends. This probably depends on the collection methodology: when possible, if the information is known, I try to insert the date when the attack really happened, but in several cases this information is not available, so the reported date is the one when the attack was initially published in the news, which obviously happens less likely during weekends.

Daily Trend of Attacks July 2014

The Motivations Behind Attacks chart confirms Cyber Crime at number one with 59% of occurrences (a slight decrease compared to 65% of June). The staggering news is the resounding 18% of Cyber Espionage, confirmed the growing coverage for Targeted Attacks (they are almost always related to Cyber Espionage). Hacktivism is substantially stable at 23%, was 24% previous month).

Motivations July 2014

But the surprises continue! The Distribution Of Attack Techniques reveals an unprecedented 18.2% of targeted attacks, allowing this category to attain a deserved first place (shared with the category of unknown attacks). Defacement is immediately after (15.2%), while the other categories are further behind. It is also interesting to notice the decrease of DDoS and SQLi.

Techniques July 2014

Confirming the trend of the last months, Industry leads the Distribution of Targets Chart with 30.3%. Governmental targets rank at number two, 16.7%, well ahead of Organizations at number three with 16.7%. Values substantially in line with the ones of June.

Targets July 2014

A detailed analysis of Industrial targets shows a predominance of targets belonging to E-Commerce, Tourism and Restaurant. While Non-Profit entities lead the corresponding chart for organizations.

Industry Drilldown 2014Org Drilldown July 2014

As I mentioned before and always repeat, please bear in mind that the sample must be taken very carefully since it refers only to discovered attacks included in my timelines. The sample does not pretend to be exhaustive but only aims to provide an high level overview of the “cyber landscape”, or at least of the ones that gained space in the media (yes, using an abused expression this is just the tip of the Iceberg).

Additionally, if you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013 and now 2014 (regularly updated). You may also want to have a look at the Cyber Attack Statistics.

Of course follow @paulsparrows on Twitter for the latest updates, and feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

16-31 July 2014 Cyber Attacks Timeline

August 5, 2014 1 comment

July is gone and hence it’s time, as usual, to summarize the main cyber events happened in the second half of this month (Part I here).

For a strange coincidence this month has shown an unusual number of breaches dating back to several years ago (2010-2012) and reported only now: Catch of The Day, Think W3 Limited, Paddy Power and Lasko are the organizations affected.

Looking quickly at Cyber Crime, these two weeks have brought the breach to The Wall Street Journal (by W0rm the same author of the breach to CNET), the disclosure of a failed attempt to disrupt the Nasdaq in 2010, a breach to the website of the European Central Bank, an extensive attack aimed to compromise the Tor Infrastructure, and, last bunt not least, the DHS advisory related to Backokff, a PoS Malware already compromising 600 organizations throughout the U.S.

Moving to Cyber Espionage, this period will be remembered for the Canadian allegations against China, related to a cyber attack against The National Research Council and the possible compromising three Israeli defense contractors responsible for building the “Iron Dome” missile shield program.

Israel was even under the radar of the Hacktivists, who concentrated there their efforts in support of the #OpSaveGaza operation.

If you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013 and now 2014 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

16-31 July 2014 Cyber Attacks Timeline Read more…

June 2014 Cyber Attacks Statistics

It’s time to aggregate the Cyber Attacks Timelines of June (Part I and Part II) into statistics.

So, as usual, let’s start with the Daily Trend of Attacks chart, which shows quite an irregular trend with a sharp peak on the 11th.

Daily Attack Trend June 2014

The Motivations Behind Attacks chart confirms once again Cyber Crime at number one with 65% of occurrences. Overall the values are almost specular to the previous month. Particularly meaningful is the 11% of operations motivated by Cyber Espionage.

Motivations June 2014

The Distribution Of Attack Techniques chart shows a 27.4% of unknown attacks, a result in line with the previous month when this value was 26%. The rise of DDoS is another interesting aspects (this technique is increasingly used to blackmail victims), as also the 9.7% of targeted attacks, a relatively high value for this class, and, again, in line with the previous month.

Techniques June 2014

Once again, Industry leads the Distribution of Targets Chart with 35.5%. Governmental targets rank at number two, close to 20%, well ahead of Organizations at number three with a modest 6.5%.

Targets June 2014

Drilling down the Distribution of targets belonging to industry, shows quite an heterogeneous landscape. Software industries lead the chart with 22.7%, followed by Restaurants (??) with 13.6% and Financial Services (9.1%). All the other categories are well behind with a “flat” 4.5% each.

Industry Drill Down Jun 2014

As usual, please bear in mind that the sample must be taken very carefully since it refers only to discovered attacks included in my timelines. The sample does not pretend to be exhaustive but only aims to provide an high level overview of the “cyber landscape”, or at least of the ones that gained space in the media (yes, using an abused expression this is just the tip of the Iceberg).

Additionally, if you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013 and now 2014 (regularly updated). You may also want to have a look at the Cyber Attack Statistics.

Of course follow @paulsparrows on Twitter for the latest updates, and feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

16-31 June 2014 Cyber Attacks Timeline

I do not know if being happy or not, but it looks like the second half of June (the first timeline covering 1-15 June is here) has seen a sharp inversion of the decreasing trend recorded on the last few months. I have registered an increase of the number of attacks with particular focus on targeted attacks.

The cyber crime front offered several noticeable events, targeting, just to mention the most devastating cases: AT&T, Evernote, the State of Montana (1.3 million single individuals potentially affected), and Butler University.

Moving to hacktivism, the cyber temperature is still high in Brazil, where the hacktivists concentrated their unwelcome attentions. Other points of interest involve Pakistan, and US.

Last but not least, this period recorded an unusual number of targeted attacks spotted in the news. The list includes (but is not limited to): the British Government Secure Intranet, an US Hedge Fund, Vietnamese Ministry of Natural Resources and Environment, ICS vendors in US and Europe and a Government Agency in Taiwan.

As usual, if you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013 and now 2014 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

16-31 June 2014 Cyber Attacks Timeline rev2

Read more…

2014 Cyber Attacks Timeline Master Index (at least so far…)

Thumbnail Master IndexFinally I was able to organize the timelines collected in 2014. I have created a new page with the 2014 Cyber Attacks Timeline Master Index accessible either directly or from the link in the top menu bar. Hopefully it will be regularly updated.

With this opportunity I also re-ordered the timelines and stats for 2013. Now everything should be more structured. As usual feel free to consult and share, and follow my Twitter profile @paulsparrows to get the latest updates.

May 2014 Cyber Attack Statistics

Update on 19/06/2013: I had to update the graph since, in compiling the first timeline of June, I discovered two attacks that apparently fell off my radar: the DDoS attacks to Moz and Plenty of Fish.

I found the time to aggregate the timelines of May (part I and part II) to derive some interesting stats. As a general rule, since many readers often pose the same questions, all the stats are derived from the Cyber Attacks Timelines I publish (almost) bi-weekly.

As I noticed previously in these pages, looks like attackers are just waiting for the Summer, since the number of events in May has experienced a sensible decreease.

The Daily Trend Of Attacks chart shows quite a linear trend with two small peaks around the 15 and 30 May. Overall the activity appears quite limited.

Trend May 2014

Cyber Crime rocks! This is the outcome of the Distribution of Attacks chart, showing a 67% of attacks carried on for criminal purposes. Particularly interesting is also the 11% of reported attacks related to Cyber Espionage.

Motivations May 2014

And in (too) many cases the reason of the attacks is unknown. At least this is what the Distribution of Attack Techniques chart states. Other interesting findings include the rise of Account Hijackings and the noticeable 9% of Targeted Attack (an high incidence this month, undoubtedly related to the similar high incidence of Cyber Espionage).

Techniques May 2014

And last but not least, the Distribution of Targets chart shows a predominance of attacks against Industry (41%), twice the occurrences related to Governmental targets (20%). Targets belonging to Educational institutions rank at number three with “only” the 9%.

Distribution May 2014

Drilling down the Industrial targets provides further interesting findings. Cyber Crime rules and, maybe not a coincidence, targets related to E-Commerce rank at number one (after all this was the month of the Ebay breach) together with software industries (18.2% both). Entertainment rank at number three with 13.6% each.

Industry May 2014

As usual, please bear in mind that the sample must be taken very carefully since it refers only to discovered attacks included in my timelines. The sample does not pretend to be exhaustive but only aims to provide an high level overview of the “cyber landscape”, or at least of the ones that gained space in the media (yes, using an abused expression this is just the tip of the Iceberg).

Of course follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

16-31 May 2014 Cyber Attacks Timeline

Here we are with the second part of the timeline of May (first part here).

Summer is coming here, and looks like attackers prefer to spend more  time in the beach rather than in front of their keyboards. In fact the number of reported attack is confirming its decreasing trend, at least for this part of the year.

Nonetheless, the second part of may has brought some noticeable events, such as the attack to Ebay (potentially 145 million accounts compromised), the attack against the Avast! Forum (400,000 records compromised) and the Arkansas State University (“only” 50,000 records). Other noticeable (and funny) event includes the hack of a San Francisco road sign by a prankster announcing the attack by Godzilla!

Cyber Spies were indeed pretty active in this period. Chronicles report of the Operation Clandestine Fox, a cyber attack against several industries in Australia, an undisclosed utility attacked in the US, a three year social network poisoning campaign sponsored by Iran and, last but not least, the alleged attack against the $12.7 million supercomputer in New Zealand from Chinese attackers.

Instead the operations from Law Enforcement Agencies against Hacktivists seem to be effective, the number of attacks motivated by hacktivism is dramatically reducing.

As usual, if you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012 and now 2013 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

16-31 May 2014 Cyber Attacks Timelinesv2

Read more…

4 Years of Cyber Attacks

I would like to thank once again ISMS Forum Spain for having invited me at their XV Jornada Internacional de ISMS Forum: La Sociedad Digital, entre Confianza y Ciber-riesgos.

I was part of a very interesting panel “Fighting Cyber Threats” during which I was given the opportunity to show some stats collected from my blog.

Here’ s the presentation I showed. Hope it is useful to spread awareness.

Please read carefully the caveats. As always the data cannot be exhaustive, nevertheless they are useful to provide an overview of what’s going on!

1-15 May 2014 Cyber Attacks Timeline

May 27, 2014 1 comment

Here we have with the list of the most significant Cyber Attacks happened in the first half of April (according to my very own point of view).

There are few doubts about the fact that Orange is the winner of the unwelcome prize for the most noticeable breach after the theft of the information of 1.3 million users.

Other interesting events related to Cyber Crime include the breach of Bitly, the famous URL shortening service and a new heist against a virtual currency wallet (this time the victim is Doge Vault, one of the most popular online repositories for the cryptocurrency Dogecoin).

Moving to Cyber Espionage, this month reports two interesting events, the theft of Data related to the Ukraine crisis from the Belgian Foreign Ministry, and the discovery of Operation Saffron Rose, a long-term campaign against western defense contractor carried on by a team of Iranian hackers dubbed Ajax Security Team.

Last but not least, among the hacktivists, chronicles report of  a new action of the infamous Syrian Electronic Army (against four accounts of The Wall Street journal) and the usual skirmishes between Pakistani and Indian hackers (but is questionable in my opinion to determine if those events can be classified as part of a harmless cyber war or are rather mutual actions between hactivists acting on opposite sides).

As usual, if you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012 and now 2013 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

1-15 May 2014 Cyber Attacks Timelines Read more…

Follow

Get every new post delivered to your Inbox.

Join 2,943 other followers