Archive

Posts Tagged ‘Cyber Attacks’

1-15 January 2015 Cyber Attacks Timeline

January 20, 2015 Leave a comment

It’s now time for the first chart of this 2015, a year that has begun in the worst way even from an Information Security perspective, given the high number of attacks recorded in the first half of January.

Unfortunately the sad events happened in Paris have inevitably conditioned this period: France has been the target of an unprecedented number of cyber attacks (approximately 19,000) allegedly carried on by Islamist hackers and strictly related with the events of the Charlie Hebdo. Nearly in contemporary, the Anonymous have declared war against the IS-IS and have taken down several Jiahdist sites. In the meantime the pro IS-IS hackers of the Cyber Caliphate have found the time to hijack the Twitter account of the CENTCOM: the US military command that oversees operations in the Middle East.

France has also been one of the main targets for Cyber Criminals, since the most remarkable breach of this two weeks has hit the shopping site of TF1, the most important local TV stations (nearly 2 million records possibly compromised). There is also indication of a possible attack to the Spanish affiliate of Orange, but it has not been confirmed.

Other noticeable events of this period concern a possible breach to the EA/Origin service, another (failed) attempt to blackmail a bank, perpetrated by the infamous Rex Mundi collective, and, on a different scale a massive malvertising campaign targeting sites with a combined total monthly traffic of around 1.5 billion visitors.

However, at least for once, I have not recorded events related to Cyber Espionage.

If you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013 and now 2014 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

1-15 Jan 2015 Cyber Attacks Timeline Read more…

Categories: Cyber Attacks Timeline, Security Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

December 2014 Cyber Attacks Statistics

January 9, 2015 5 comments

CountryThe new year has just begun, and here we are with the last blog post for the 2014 just gone related to the Cyber Attacks statistics derived from the timelines of December (Part I and Part II).

As usual, the US dominate the Country Distribution Chart for all the sectors taken into consideration, well ahead all the other countries.

The Daily Trend of Attacks Chart shows a concentration of activity in the central period of the month (maybe the Christmas atmosphere is particularly inspiring for crooks). After a slow start (or better an initial decrease), the trend climbs up, remaining quite constant for about 10 days.

Daily Trend Dec 2014

Cyber Crime rules! Or at least this is what the Motivations Behind Attacks Chart states. Actually this is quite a common situation, however, what is really surprising is the percentage, boomed to a noticeable 72.6% against the 55.8% of the previous month. As a consequence all the other sectors report values, sensibly smaller than the previous month.

Motivations Dec 2014

Tbe actions of the infamous Lizard Squad have brought DDoS on top of the Attack Techniques Chart (among the known ones). For the first time equally placed with Defacements and DDoS attacks. Once again, targeted attacks rank at number four with 9.8%, substantially in line with November.

Techniques Dec 2014

For the fourth month in a row, industry ranks unchallenged on top of the Distribution of Targets chart with an unprecedented 47.9%. Governmental targets rank at number two (13.7%), while educational institutions enter the top three with 9.6%.

Targets Dec 2014

E-commerce leads the drill-down chart for the industrial targets, whereas Human Rights are on top of the corresponding chart for organizations.

Industry Drill Down Dec 2014Org Drill Down Dec 2014

As usual, the sample must be taken very carefully since it refers only to discovered attacks included in my timelines. The sample does not pretend to be exhaustive but only aims to provide an high level overview of the “cyber landscape”, or at least of the ones that gained space in the media (yes, using an abused expression this is just the tip of the Iceberg).

If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013 and now 2014 (regularly updated). You may also want to have a look at the Cyber Attack Statistics.

Of course follow @paulsparrows on Twitter for the latest updates, and feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

1-15 December 2014 Cyber Attacks Timeline

December 22, 2014 Leave a comment

It’s time for the first Cyber Attacks Timeline of December (and the last for 2014).

Of course the attention of the infosec professionals is still concentrated on the devastating cyber attack against Sony happened in November (and the world as we know it, won’t be the same again), nonetheless this first 15 days have shown some remarkable events, not least the news of a breach happened earlier this year to Sony (once again), which went unreported.

At least for once, let us start from hacktivism. The hacktivists seem to be back in action: the Anonymous have taken part, directly or indirectly to several operations motivated by the racial tensions in the US (DDoS attacks against Oakland and Ontario), the raids against the Pirate Bay (leaks of Governmental emails), and the protests against the new High Speed Train line connecting Turin and Lyon (the defacement of  Official website of the Rhône-Alpes region).

A different form of hacktivism (but the border with Cyber Warfare in this case is really blurred) hit Sands Casinos earlier this year. Bloomberg has revealed that an apparent innocuous defacement happened in February was actually the mark of a more devastating attack perpetrated by Iranian hackers, who were able to wipe out all the internal clients and servers.

The Cyber Crime landscape (again maybe it should be more correct to call it Cyber Warfare) is still dominated by the outcome of the Infamous attack to Sony. Other interesting events concern the attack to an unnamed steel industry in Germany, causing physical damages, yet another wave of DDoS attacks against Sony (again!) and XboX Live, and the alleged compromise of Ars Technica requiring the registered users to change their passwords.

Last but not least, the level of state-sponsored operations is always high: at least three of them deserve to be mentioned: Operation Cleaver (allegedly backed by Iran), the resurrection of the Red October Group (Cloud Atlas or Inception) and also the discovery that the ISIS is active also in the Cyber Space, targeting a group of Syrian activists.

If you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013 and now 2014 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

1-15 December 2014 Cyber Attacks Timeline Read more…

November 2014 Cyber Attacks Statistics

December 8, 2014 Leave a comment

CountryIt’s time for the statistics derived from the Cyber Attacks Timelines of November (Part I and Part II).

Let us begin with the Country Distribution chart that, easy predictable, shows the US on top of all categories. However, globally, even Italy, Canada and UK show up, respectively for Hacktivism (the first two countries) and Cyber Crime (the latter).

The Daily Trend of Attacks chart shows a moderate activity with a peak on the 10th, and a plateau between the 13th and 14th. Despite the 5th of November is a day felt by Hacktivists, no noticeable operations have been recorded this year.

November 2014 Daily Trend

Once again Cyber Crime leads the Motivations Behind Attacks chart with 55.8% substantially in line with the previous month (was around 60%). Hacktivism ranks at number two with 28.6%, a remarkable increase compared to 13.8% of October. Whereas Cyber Espionage remains quite high (13%, despite in decrease compared to the record value of 17.2% recorded in October.

November 2014 Motivations

Defacements lead the Attack Techniques chart with 20.8% (among the known attacks). SQLi ranks at number two with 13.0% very close to DDoS, at number three with 11.7% (a consequence of the hacktivism driven hacking spree recorded in November). Targeted attacks rank at number four with 10.4%, still quite an important value, even if in decrease compared to 13.8% of October.

November 2014 Techniques

For the third month in a row, industry ranks on top of the Distribution of Targets chart (28.6%, nearly identical to October when it was 28.7%). As always governmental targets rank at number two (23.4%). While organizations are back at number three (14.3%).

November 2014 Targets

Again, targets belonging to E-Commerce rank on top of the Industry Dill Drown chart, while political organizations lead the Organization Drill Down chart.

Industry Drill Down November 2014Org Drill Down November 2014

As usual, the sample must be taken very carefully since it refers only to discovered attacks included in my timelines. The sample does not pretend to be exhaustive but only aims to provide an high level overview of the “cyber landscape”, or at least of the ones that gained space in the media (yes, using an abused expression this is just the tip of the Iceberg).

If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013 and now 2014 (regularly updated). You may also want to have a look at the Cyber Attack Statistics.

Of course follow @paulsparrows on Twitter for the latest updates, and feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

1-15 November 2014 Cyber Attacks Timeline

November 17, 2014 Leave a comment

The first half of November is gone, so it’s time for the list of the main cyber attacks occurred during these fifteen days.

Confirming the trend of the last months, the activity has been quite sustained. For sure, the most remarkable attack has targeted the Turkish branch of HSBC, and has affected 2.7 million customers, whose credit cards have been compromised (and apparently the bank has decided not to issue new cards for the impacted users).

Again the operations related to cyber espionage have played an important role: some new campaigns have come to light (for instance Darkhotel), and also several noticeable attacks have been discovered, like the one against the United States Postal Service (600,000 users affected) or the one against the National Oceanographic and Atmospheric Administration.

Even hacktivists have been quite active: the RedHack collective has reemerged from several months in stealth mode (they claim to have deleted 650,000 USD worth 0f electricity power debt), and some hackers claiming to be affiliated to the Anonymous collective have performed similar operations in Italy (in parallel with the delicate social and economical period) and the Philippines.

If you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013 and now 2014 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

1-15 November 2014 Cyber Attacks Timeline Read more…

Categories: Cyber Attacks Timeline, Security Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

October 2014 Cyber Attacks Statistics

November 10, 2014 Leave a comment

CountriesHere we are with the statistics extracted from the October cyber attacks timelines (part I and part II).

I have already stressed this concept many times, but some readers keep on asking where the data is scraped from. The answer is simple and always the same: I compile the timelines each month, quoting the sources in the footnotes. Each month I elaborate the data trying to represent them in charts, which of course cannot be exhaustive, but just give an idea of what’s going on in the cyberspace.

That said, this month I added again an old acquaintance: the graph related to the Country Distribution of attacks divided into categories: of course US rank of top, except for Cyber Espionage operations, which privilege multiple countries.

Instead, the Trend of Attacks chart shows an overall high level of activity throughout the month, with a prominent peak around the 9th, corresponding to the spree of attacks between India and Pakistan.

Daily Trend Of Attacks

As usual Cyber Crime leads the Motivations Behind Attacks chart with nearly 60% (10 points below the previous month, but always at a remarkable level). Cyber Espionage jumps at number two with a new record (17.2%). Hacktivism ranks at number three with a “modest” 13.8%. You will notice also a small presence of attacks related to Cyber War (9.2%). I decided to classify in this group the events behind India and Pakistan and an alleged (unconfirmed) attack to the Warsaw Stock Exchange, for which an hacker affiliated to IS claimed responsibility.

Distribution Oct 2014

And for the first time after so many months, SQL Injection leads the Attack Techniques chart with 18.4%. Particularly important is also the 13.8% of targeted attacks, which steadily places this category at the third place. On the opposite site, the number of DDoS attacks is constantly decreasing, and this explains its “miserable” 3.4%. I do not remember such a low level for this category.

Attack Techniques Oct 2014

Again, for the second month in a row, industry ranks on top of the Distribution of Targets Chart (28.7%), nearly 7 points ahead of governmental targets (21.8%). Attacks against single individuals are the new entry at number three (10.3%), slightly ahead of organizations (9.2%).

Targets Oct 2014

A deeper look at the distribution of the industrial targets, shows a predominance of E-Commerce (24%), while, as it often happens, political parties lead the chart of the Organizations.

Industry Distribution Oct 2014Organization Distribution Oct 2014

As usual, the sample must be taken very carefully since it refers only to discovered attacks included in my timelines. The sample does not pretend to be exhaustive but only aims to provide an high level overview of the “cyber landscape”, or at least of the ones that gained space in the media (yes, using an abused expression this is just the tip of the Iceberg).

If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013 and now 2014 (regularly updated). You may also want to have a look at the Cyber Attack Statistics.

Of course follow @paulsparrows on Twitter for the latest updates, and feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

16-31 October 2014 Cyber Attacks Timeline

November 3, 2014 4 comments

It’s time for the second timeline of October (Part I here) covering the main cyber attacks between the 16th and 31st: yet another consistent list confirming the growing trend of the last period.

In particular, in these two weeks the most important events have been spotted inside Cyber Espionage, whose chronicles report, among other, a state-sponsored attack to an unclassified network of the White House, a relevant number of operations (APT 28, Operation Pawn Storm, Operation SMN, Operation DeathClick, a tail of the infamous Sandworm), and even a man-in-the-middle attack against Chinese iCloud users.

Cybercrime is also on a roll: the trail of attacks against retailers seems unstoppable (Staples is the latest victim), but chronicles also report a massive breach in South Korea, involving Pandora TV and a gigantic SQL Injection attack, driven by CVE-2014-3704, against every unpatched website running Drupal, existing on this desperate planet. There is also space for a little bit of irony, as in case of Sourcebooks, the publisher hacked few days before releasing the latest book of Brian Krebs.

Israel and Ukraine keep on being two hot fronts for Hacktivism, whereas India is again the cradle of  cyberwar, many events event in this months (despite limited to skirmishes involving defacements of governmental and military websites).

If you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013 and now 2014 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

16-31 October 2014 Cyber Attacks Timeline Read more…

Follow

Get every new post delivered to your Inbox.

Join 3,318 other followers