About these ads

Archive

Posts Tagged ‘Cyber Espionage’

June 2013 Cyber Attacks Statistics

Here we are with the statistics for the cyber attacks included in the June 2013 timelines (part I and part II). A priori this month should have been characterized by huge operations (such as the infamous OpPetrol), instead, all in all, the cyber activity was quite moderated as shown by the Daily Trend of Attack chart, that shows a single remarkable peak around the 3rd of July (when several primary DNS providers were the victims of DDoS attacks).

Trend June 2013

The Motivations Behind Attacks chart shows an evident predominance of Cyber Crime (with 62% of the occurrences). Please keep in mind that the stats cannot take into considerations all the attacks made under the umbrella of the so-called OpPetrol, since many attacks were considered fake or even old dumps “recycled” for this occasion. Without these attacks, hacktivism ranks at number two, well below, with the 26% of occurrences. It is also interesting the growing weight of cyber-espionage, with an 8% substantially in line with the 9% of the previous month.

Motivations June 2013

The Distribution of Attack Techniques chart is substantially in line with the previous month: SQLi leads the chart with nearly one third of the known occurrences, while DDoS ranks at number three with nearly 15%. A factor particular interesting in this chart is the growing influence of targeted attacks (11.1%) at the third rank among the known attacks, and fourth rank in general since in many cases (18.5%) it was not possible to detect the attack technique used.

Distribution June 2013

The Distribution of Target chart confirms the industry sector on top of the unwelcome attentions of the cybercrooks, immediately followed by governmental targets and essentially in line with the previous month. The news sector ranks at number three, immediately before Internet Services (as a consequence of the uncommon number of attacks reported against DNS Providers).

Target

As usual, please bear in mind that the sample must be taken very carefully since it refers only to discovered attacks included in my timelines. The sample does not pretend to be exhaustive but only aims to provide an high level overview of the “cyber landscape”.

If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012 and now 2013 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

About these ads

December 2012 Cyber Attacks Statistics

January 9, 2013 2 comments

December (and hence this 2012) is gone, so it is time to analyze the statistics for the corresponding Cyber Attacks Timelines.

According to the Daily Trend of December, the Christmas break has not stopped the hackers. The trend is quite constant (with a decrease around the end of the month) and with a peak around the 21st of December (the alleged End of the World according to the Mayan Calendar).

Daily Trend December 2012

The Motivations Behind Attacks chart shows an inversion of tendency in comparison with November. Cyber Crime and Hacktivism had nearly the same impact with respectively the 47% and 46% of occurrences. It is also interesting the presence of Cyber Warfare and Cyber Espionage Campaigns (mainly concentrated in the East).

Motivations December 2012

Also in December, the Distribution Of Attack Techniques Chart confirms the predominance of SQL Injection, even if with a slightly lower impact than the previous month when it was at the 52%: nearly one attack on three has been carried on with this technique. Instead, in almost one attack on four, there was not enough information. Despite the attacks by Izz ad-Din al-Qassam Cyber Fighters, the weight of DDoS is progressively decreasing (this category ranks at number four with the 17% of occurrences), while, on the other side, the number of discovered targeted attacks is growing. Maybe they are increasingly attracting the attention of Security Researchers.

Distribution December 2012Again an inversion in comparison with November: the Distribution Of Targets chart shows that in the December cyber-crooks diverted their attention for targets belonging to the Government sector, even if industries and organizations are very close (the peak of the latter is due to the campaign of the Anonymous against the Westboro Baptist Church. It is also interesting to notice the peak of attacks against Financial institutions mainly due to the waves of DDoS attacks against the U.S. Bank.

Targets December 2012

As usual, no need to remind that the sample must be taken very carefully since it refers only to discovered attacks included in the December Cyber Attacks Timeline (the so-called tip of the iceberg), and hence it does not pretend to be exhaustive but only aims to provide an high level overview of the “cyber landscape”.

If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 (regularly updated), at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

16-30 September 2012 Cyber Attacks Timeline

October 4, 2012 2 comments

Part One with 1-15 September 201 Timeline Here.

September is over and it’s time to analyze this month from an Information Security perspective with the second part of the Cyber Attack Timeline.

Probably this month will be remembered for the massive outage of six  U.S. Banks (Bank of America, JPMorgan Chase, Citigroup, U.S. Bank, Wells Fargo and PNC ) caused by a wave of DDoS attack carried on by alleged Muslim hackers in retaliation for the infamous movie (maybe this term is exaggerated) “The Innocence of Muslims”.

China has confirmed its intense activity inside the Cyber space. Alleged (state-sponsored?) Chinese hackers were allegedly behind the attack to Telvent, whose project files of its core product OASyS SCADA were stolen after a breach, and also behind a thwarted spear-phishing cyber attack against the White House.

Adobe suffered a high-profile breach which caused a build server to be compromised with the consequent theft of a certificate key used to sign two malware strains found on the wild (with the consequent necessary revoke of the compromised key affecting approximately 1,100 files).

Last but not least, the Hacktivism fever has apparently dropped. September has offered some attacks on the wake of the #OpFreeAssange campaign, and a new wave of attacks at the end of the month after the global protests set for September, the 29th, under the hashtag of #29s.

If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 and the related statistics (regularly updated), and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

Read more…

Categories: Cyber Attacks Timeline, Security Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

August 2012 Cyber Attacks Statistics

September 7, 2012 4 comments

It’s time for the stats related to the Cyber Attacks Timeline of August. I do not remember a month so characterized by Hacktivism like this! The reason is mainly due to the actions motivated by the so-called OpFreeAssange, the waves of cyber attacks in favor of Julian Assange and, most of all in the first part of the month, to the OpDemonoid, the attacks targeting Ukrainan sites after the shutdown of the famous torrent tracker.

Let us begin with the Motivations Behind Attacks Chart. More than one half of the attacks of my sample (58%) were motivated by hacktivism, in line with the data of July (when the value was 55%). Cyber Crime motivated attacks rank at number two, with the 36% of occurrences, even in this case a value substantially in line with the previous month when it was at 31%. Cyber Espionage and Cyber Crime are well behind with the 3% respectively.

Moving forward to the chart regarding the Distribution Of Attack Techniques, there is a predominance of SQLi, which confirms to be the preferred weapon for Hacktivists or Cyber Criminals. DDoS (real or claimed) counts for nearly one third of the occurrence (32,4% real plus a further 2,9% claimed). Of Course, keep always in mind that data refer only to my sample and do not take into account all the defacements (make a jump to Zone-H and you will realize that is simply impossible) unless they are particularly meaningful.

Last but not least, the Distribution Of Targets chart clearly reflects the predominance of hacktivism in this month. In fact target belonging to governments rank at number one with the 19% of occurrences. Industries and organizations are immediately behind with respectively the 16.2% and the 15.2%. Inside industry, technology has been the most targeted sector, this is mainly due to the (controversial) Philips hack, but also to other remarkable cyber attacks such as AMD and AVX Corporation.

Of course, as usual, data must be taken very carefully since they do refer only to discovered attacks (the so-called tip of the iceberg), and hence do not pretend to be exhaustive but only aim to provide an high level overview of the “cyber landscape” of the considered period. Moreover, remember that the most dangerous threats are the invisible ones.

If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 (regularly updated). Also have a look at the 2012 Cyber Attacks Statistics and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

1 – 15 August Cyber Attacks Statistics

August 22, 2012 Leave a comment

First of all, let me begin with great news: The Cyber Attacks Statistics page is complete with all the data collected so far: I created and inserted even the charts for January, so I am currently covering (and will cover) the whole 2012.

Now, after this small “self-gratification” it is time to look at the statistics derived from the Cyber Attacks Timeline for the first half of August. You will soon discover that this month has seen an (un)expected revamping of Hacktivism and consequently of his preferred weapon (DDoS), and preferred targets (governments). This is a consequence of the so-called OpDemonoid carried on by the Anonymous collective against the takedown of the famous Torrent Tracker (which in many ways reminded the most famous OpMegaUpload). But this is also a consequence of OpAustralia, the operation (successful since the law proposal is in standby) against the new Australian Internet Surveillance Law.

As far as the Motivations Behind Attacks are concerned, Hacktivism ranked at number on with nearly the 50% of the events. Cyber Crime ranked at number two (43%) while as usual Cyber Espionage and Cyber Warfare are well behind (but I wonder how many targeted attacks are acting in this moment, silent and undetected). It is interesting to notice the rise of events motivated by Cyber Espionage (three inside the interval taken into consideration): the Gauss Cyber Attack, the campaign against Saudi Aramco and the attacks against the Nepalese Government.

The winds of hacktivism have a clear influence even in the Distribution Of Attack Techniques which shows a new entry (as it were) at number one. Yes, in the first half of August the DDoS has overtaken the SQLi with nearly one third of the occurrences (31.9%) against the 21.3 of the latter. Only for the 17% of the attacks it has not been possible to identify with certainty the attack technique leveraged.

Clearly the hacktivism also influenced the Distribution Of Targets: nearly one cyber attack on five (among the sample considered), corresponding to the 21%, hit government targets. Targets belonging to the industry sector and to the news sector ranked at number two, both of them with the 13% of the occurrences. Apparently the first half of August has been particularly awful for the News Sector, thanks most of all to Thomson Reuters, that has been hacked three times in two weeks.

Again, I will never get tired of repeating that data must be taken very carefully since they do refer only to discovered attacks (the so-called tip of the iceberg), and hence do not pretend to be exhaustive but only aim to provide an high level overview of the “cyber landscape” of the considered period.

If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 (regularly updated), and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

July 2012 Cyber Attacks Statistics

Here we are with the statistics from the Cyber Attack Timelines  for the first and the second half of July 2012. The sample included 76 attacks which have been analyzed according the three familiar parameters: Motivations behind attacks, Distribution of attacks techniques and Distribution of targets.

Again, I will never get tired of repeating that data must be taken very carefully since they do refer only to discovered attacks (the so-called tip of the iceberg), and hence do not pretend to be exhaustive but only aim to provide an high level overview of the “cyber landscape” of the considered period. Moreover, remember that the most dangerous threats are the invisible ones.

As far as  the Motivations Behind Attacks are concerned, July has confirmed the predominance of Cyber Crime, although it dropped down to 55% from 72% of the previous month. It is interesting to notice the corresponding growth of Hacktivism, from 18% in June to 32% in July. Although the number of (discovered) attacks motivated by Cyber Espionage is always low, this month their occurrences nearly doubled as a consequence of the events in the Middle East, that confirms to be a “hot area” for the Cyber Arena. Cyber Warfare is positioned at the bottom of the chart with a “poor” 4% of the occurrences.

The Distribution Of Attacks Techniques chart confirms that is getting harder and harder to recognize what the cyber crooks have leveraged to reach their goal. The percentage of the unknown attacks has grown from the 36% of June to the 45% of July. In any case, among the recognized attacks, SQL Injection ranks at number one with the 28% of possible occurrences. DDoS has confirmed his decreasing trend from 16% in June to 9% in July. Maybe the possible victims are learning to effectively defend themselves?

The Distribution of Targets chart confirms that targets belonging to industry are always on top of the preferences of Cyber Crooks with the 32% of occurrences, well above the 21% of the last month. Government targets confirmed their second place with the 15% of occurrences (were the 18% on July) followed by Online Services with the 10%. It is interesting to notice the low occurrences of incidents targeting Law Enforcement Agencies and Military Institutions. Maybe after the high number of cyber attacks suffered, they are learning to enforce adequate countermeasures.

 If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 (regularly updated), and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

July 2012 Cyber Attacks Timeline (Part II)

August 3, 2012 1 comment

Click here for Part I.

The Dog Days are nearly here. Weather forecast are announcing for Italy one of the hottest summers since 2003, and the same can be said for the Infosec temperature, although, July 2012 has been very different from the same month of 2011, which was deeply characterized by hacktvism.

Instead looks like that hacktivists have partially left the scene in favor of cyber criminals who executed several high profile breaches also in the second part of the month: Maplesoft, Gamigo, KT Corporation and Dropbox are the most remarkable victims of cyber-attacks, but also other important firms, even if with different scales, have been hit by (improvised) Cyber Criminals. One example for all? Nike who suffered a loss of $80,000 by a 25-year improvised hacker, who decided that exploiting a web vulnerability was the best way to acquire professional merchandise.

But probably the prize for the most “peculiar” cyber-criminal is completely deserved by Catherine Venusto, who successfully changed her sons’ grade for 110 times between 2011 and 2012.

As far as the Hacktivism is concerned, although we were not in the same condition of one year ago (a leak every day kept security away), this month has offered the massive leak of the Australian Provider AAPT, with 40 gb of data allegedly stolen by the Anonymous.

Last but not least, a special mention for the cyber espionage campaigns, that had an unprecedented growth in this month: Israel, Iran, Japan, the European Union and Canada, are only few of the victims. Iran gained also an unwelcome record, the first nation to be hit by a malware capable of blasting PC speakers with an AC/DC song…

If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 and the related statistics (regularly updated), and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

Read more…

Follow

Get every new post delivered to your Inbox.

Join 2,994 other followers