About these ads

Archive

Posts Tagged ‘Cyberwarfare’

1-15 May 2013 Cyber Attacks Timeline

And here we are with our bi-weekly review of the main cyber attacks. This time is the turn of the first half of May.

Probably this month will be remembered for the huge cyber-heist against two Payment Processors, and affecting two banks (National Bank of Ras Al-Khaimah PSC in the United Arab Emirates and the Bank of Muscat in Oman), which suffered a massive loss of $45 million due to an endless wave of unlimited withdrawals from their ATMs.

Other relevant actions related to Cyber-criminal operations include the massive breaches against MSI Taiwan (50,000 records affected) and most of all, the Washington state Administrative Office of the Courts (up to 160,000 SSN and 1 million driver’s license numbers).

On the other hand, the hacktivists concentrated their efforts on the so-called OpUSA (7 May), even if it looks like that most of the attacks were nuisance-level. Instead, and this is a great news, after months of intense activity, the operation Ababil come to a stop.

On the cyber war front, this month reports an unedited conflict between Taiwan and Philippines.

Last but not least, even if this attack dates back to 2007, on the Cyber-Espionage front, Bloomberg has shaken this lazy month revealing the repeated attacks by the infamous Comment Crew hackers against Qinetiq, a very critical Defense contractor. The cyber threats from the Red Dragon (real or alleged) keep on scaring the western world.

If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012 and now 2013 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

May 2013 Cyber Attacks Timeline Part I Read more…
About these ads

16-30 April 2013 Cyber Attacks Timeline

Here’s the second part of the April cyber attacks Timeline (Part I at this link)

The most remarkable event of this period has certainly been the breach suffered by Living Social potentially exposing 50 million customers of the e-commerce website. Other illustrious victims of the month include the mobile operator DoCoMo and the online reputation firm Reputation.com.

The wake of DDoS attacks has continued even in the second part of the month: once again several U.S. banks have fallen under the blows of the Izz ad-din al-Qassam Cyber Fighters.

Like in the first  half of the month, following a consolidating trend in this 2013, the Syrian Electronic Army has continued his wave of attacks against Twitter accounts (even the FIFA has been targeted). In one case, the hijacking of the Twitter account of Associated Press, the bogus tweets related to an alleged attack against the White House, the effect has crossed the boundaries of the cyber space (the Dow Jones Industrial Average fell 150 points, or about 1 percent, immediately following the tweet).

If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012 and now 2013 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

April 2013 Cyber Attacks Timeline Part II

Read more…

Categories: Cyber Attacks Timeline, Security Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

March 2013 Cyber Attacks Statistics

April 9, 2013 1 comment

It is time to summarize the timelines of March (part I and part II) into statistics. Of course this exercise does not aim to be exhaustive but only to provide a snapshot of the current landscape.

The Daily Trend chart shows a decrease of the attacks in the second part of the month with an isolated peak on the 20th: the day of the wiper attack in Korea. Except for this the trend is clearly decreasing

March 2013 Daily Trend

Hacktivism is still on top of the Motivations Behind Attacks chart with 50% of occurrences. Same rank and a value similar to the previous month when it was at 56%. Also March confirms that Cyber Espionage campaigns are becoming more and more frequent (or at least deserve an important coverage on the chronicles). Symptom of a growing attention or simply a media hype?

March 2013 Motivations

The Distribution Of Attack Techniques is influenced by the Operation Ababil against U.S. Banks, that has pushed the DDoS at number one with nearly one attack above two during this month. This is very different from the previous month when SQLi led the chart with 34%. Even in this case it is important to notice the growing presence of targeted attacks on the chart (strictly related to the growing coverage of Cyber Espionage campaigns).

March 2013 Attacks

Last, but not least, the Distribution of Targets chart shows the financial targets at number one with nearly 30% (a clear influence of the attacks against U.S. Banks). Governmental targets are immediately behind with 25.5%. At number three a (relatively) new entry: target belonging to the news sector gain the bronze medal with the 12.4% of occurrences.

March 2013 Targets

As usual, as I told before, no need to remind that the sample must be taken very carefully since it refers only to discovered attacks included in my timelines. The sample does not pretend to be exhaustive but only aims to provide an high level overview of the “cyber landscape”.

If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012 and now 2013 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

December 2012 Cyber Attacks Statistics

January 9, 2013 2 comments

December (and hence this 2012) is gone, so it is time to analyze the statistics for the corresponding Cyber Attacks Timelines.

According to the Daily Trend of December, the Christmas break has not stopped the hackers. The trend is quite constant (with a decrease around the end of the month) and with a peak around the 21st of December (the alleged End of the World according to the Mayan Calendar).

Daily Trend December 2012

The Motivations Behind Attacks chart shows an inversion of tendency in comparison with November. Cyber Crime and Hacktivism had nearly the same impact with respectively the 47% and 46% of occurrences. It is also interesting the presence of Cyber Warfare and Cyber Espionage Campaigns (mainly concentrated in the East).

Motivations December 2012

Also in December, the Distribution Of Attack Techniques Chart confirms the predominance of SQL Injection, even if with a slightly lower impact than the previous month when it was at the 52%: nearly one attack on three has been carried on with this technique. Instead, in almost one attack on four, there was not enough information. Despite the attacks by Izz ad-Din al-Qassam Cyber Fighters, the weight of DDoS is progressively decreasing (this category ranks at number four with the 17% of occurrences), while, on the other side, the number of discovered targeted attacks is growing. Maybe they are increasingly attracting the attention of Security Researchers.

Distribution December 2012Again an inversion in comparison with November: the Distribution Of Targets chart shows that in the December cyber-crooks diverted their attention for targets belonging to the Government sector, even if industries and organizations are very close (the peak of the latter is due to the campaign of the Anonymous against the Westboro Baptist Church. It is also interesting to notice the peak of attacks against Financial institutions mainly due to the waves of DDoS attacks against the U.S. Bank.

Targets December 2012

As usual, no need to remind that the sample must be taken very carefully since it refers only to discovered attacks included in the December Cyber Attacks Timeline (the so-called tip of the iceberg), and hence it does not pretend to be exhaustive but only aims to provide an high level overview of the “cyber landscape”.

If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 (regularly updated), at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

November 2012 Cyber Attacks Statistics

December 9, 2012 3 comments

From an information security perspective, November has been a month with two faces. The first part of the month has been characterized by hacktivism, nevertheless the Cyber Crime has reached an unprecedented level with the 69% of occurrences.

Let us begin with the Daily Trend chart. This chart confirms the influence of cyber attacks motivated by hacktivism in the first half of the month that explain the peak around the 5th of November.

Daily Trend Nov 2012

Despite the peak of attacks motivated by hacktivism occurred in the first half of the November, the Motivations Behind Attacks chart confirms the predominance of Cyber Crime with nearly the 69% of occurrences, followed by Hacktivism with the 28%. This growing trend of Cyber Crime is in line with the previous months even if the frequency has reached an unprecedented value (the higher so far).

Motivations Nov 2012

Also in November, the Distribution Of Attack Techniques Chart confirms the predominance of SQL Injection. Nearly one attack on two has been carried on with this technique. It is also interesting to notice the presence of DNS Poisoning: November has brought three attacks executed with this method.

Techniques Nov 2012

The Distribution Of Targets chart shows the preference of cyber-crooks for targets belonging to the Industry sector. Even if the difference with governmental targets is only one point (19% against 18%), this is in contrast with the previous month where the ranks were exactly opposed (governmental targets led the chart with the 31%). Educational targets are “stable” at the 11% (were the 13% during the previous month). Curiously this month has registered a peak of attacks against Torrent sites.

Targets Nov 2012

As usual, no need to remind that the sample must be taken very carefully since it refers only to discovered attacks included in the November Cyber Attacks Timeline (the so-called tip of the iceberg), and hence it does not pretend to be exhaustive but only aims to provide an high level overview of the “cyber landscape”.

If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 (regularly updated), at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

16-30 November 2012 Cyber Attacks Timeline

December 4, 2012 1 comment

November has gone and it’s time to review this month’s cyber landscape.

From a Cyber Crime perspective, November 2012 will be probably remembered for the breach to Nationwide, one of the largest insurance and financial services providers in the US, a breach that has potentially left up to 1 million users exposed. Unfortunately, in terms of massive breaches, this is not the only remarkable event of the month, just at the end Acer India has suffered a massive cyber attack culminated in the leak of nearly 15,000 records. Not comparable with the breach that affected Nationwide, but for sure of big impact.

Also on the cyber-espionage front this month has been interesting: JAXA, the Japan Space agency has been targeted by yet another targeted attack (after January 2012) and Symantec has discovered W32.Narilam, a new destructive malware targeting several nations in Middle East.

The hacktivist front has been characterized by the dramatic events in Gaza, the attacks have reached a peak around the first half of the month (as in the first part, I did not take into consideration the attacks carried on in name of OpIsrael for which I wrote a dedicated timeline), in any case the Anonymous have found another way to mark this month, leaking 1 Gb of documents from the Syrian Ministry of Foreign Affairs.

Last but not least, this month has seen three large-scale DNS Poisoning attacks (against the Pakistani Registrar PKNIC, Inc., GoDaddy, and the Romanian Registrar). A very rare occurrence!

If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 and the related statistics (regularly updated), and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

16-30 November 2012 Cyber Attacks Timeline

Read more…

Categories: Cyber Attacks Timeline, Security Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Big in Japan: Yet Another Targeted Attack Against a Japanese Target

December 2, 2012 Leave a comment

Japan FlagUpdated 3/12/2012 to include the cyber attack targeting the Upper Chamber of Japanese Parliament discovered on 2 November 2011.

The New York Times has recently reported the news related to a (yet another) targeted cyber-attack against JAXA (Japan Aerospace Exploration Agency). This targeted attack has allegedly led to the exfiltration of sensitive information related to Epsilon, a solid-fuel rocket prototype supposed to be used also for military applications, suggesting the targeted attack is probably part of a cyber-espionage campaign.

The targeted attack has been carried on by mean of a malware installed in a computer at Tsukuba Space Center. Before being discovered, on November 21, the malicious executable has secretly collected data and sent it outside the agency.

This is the second known targeted attack against JAXA in less than eleven months: on January 13, 2012, a computer virus infected a data terminal at Japan’s Space Agency, causing a leak of potentially sensitive information including JAXA’s H-2 Transfer Vehicle, an unmanned vessel that ferries cargo to the International Space Station. In that circumstance officials said that information about the robotic spacecraft and its operations might have been compromised.

Unfortunately the above cyber-attacks are not episodic circumstances, confirming that Japan is a hot zone from an information security perspective, and a coveted target for cyber espionage campaigns. Undoubtedly, the strategic importance of this country in the global chessboard and hence its internal secrets and the intellectual property of its industries are more than a good reason for such similar targeted cyber-attacks.

The list is quite long…

19 September 2011: Mitsubishi Heavy Industries, Japan’s biggest defense contractor, reveals that it suffered a hacker attack in August 2011 that caused some of its networks to be infected by malware. According to the company 45 network servers and 38 PCs became infected with malware at ten facilities across Japan. The infected sites included its submarine manufacturing plant in Kobe and the Nagoya Guidance & Propulsion System Works, which makes engine parts for missiles.

24 October 2011: An internal investigation on the Cyber Attack against Mitsubishi finds signs that the information has been transmitted outside the company’s computer network “with the strong possibility that an outsider was involved”. As a consequence, sensitive information concerning vital defense equipment, such as fighter jets, as well as nuclear power plant design and safety plans, was apparently stolen.

25 October 2011: According to local media reports, computers in Japan’s lower house of parliament were hit by cyber-attacks from a server based in China that left information exposed for at least a month. A trojan horse was emailed to a Lower House member in July of the same year, the Trojan horse then downloaded malware from a server based in China, allowing remote hackers to secretly spy on email communications and steal usernames and passwords from lawmakers for at least a month.

27 October 2011: The Japanese Foreign Ministry launches an investigation to find out the consequences of a cyber-attack targeting dozens of computers used at Japanese diplomatic offices in nine countries. Many of the targeted computers were found to have been infected with a backdoor since the summer of the same year. The infection was allegedly caused by a spear-phishing attack targeting the ministry’s confidential diplomatic information. Suspects are directed to China.

2 November 2011: Japan’s parliament comes under cyber attack again, apparently from the same emails linked to China that already hit the lawmakers’ computers in Japan’s lower house of parliament. In this circumstance, malicious emails are found on computers used in the upper chamber of the Japanese parliament.

13 January 2012: Officials announce that a computer virus infected a data terminal at Japan’s space agency, causing a leak of potentially sensitive information. The malware was discovered on January 6 on a terminal used by one of its employees. The employee in question worked on JAXA’s H-2 Transfer Vehicle, an unmanned vessel that ferries cargo to the International Space Station. Information about the robotic spacecraft and its operations may thus have been compromised and in fact the investigation shows that the computer virus had gathered information from the machine.

20 July 2012: The Japanese Finance Ministry declares to have found that some of its computers have been infected with a virus since 2010 to 2011 and admits that some information may have been leaked. 123 computers on 2,000 have been found infected and, according to the investigation, the contagion started in January 2010, suggesting that information could have been leaked for over two years. The last infection occurred in November 2011, after which the apparent attack suddenly stopped.

Follow

Get every new post delivered to your Inbox.

Join 3,174 other followers