About these ads

Archive

Posts Tagged ‘Data Breach’

April 2012 Cyber Attacks Timeline (Part I)

April 16, 2012 2 comments

As usual, here is the list of the main cyber attacks for April 2012. A first half of the month which has been characterized by hacktivism, although the time of the resounding attacks seems so far away. Also because, after the arrest of Sabu, the law enforcement agencies (which also were targeted during this month, most of all in UK), made  two further arrests of alleged hackers affiliated to the Anonymous Collective: W0rmer, member of CabinCr3w, and two possible members of the infamous collective @TeaMp0isoN.

In any case, the most important breach of the first half of the month has nothing to deal with hacktivism, targeted the health sector and occurred to Utah Department of Health with potentially 750,000 users affected. According to the Last Ponemon Study related to the cost of a breach ($194 per record) applied to the minimum number of users affected (250,000), the monetary impact could be at least $ 55 million.

Another interesting event to mention in the observed period is also the alleged attack against a Chinese Military Contractor, and the takedown of the five most important al-Qaeda forums. On the hacktivist front, it worths to mention a new hijacked call from MI6 to FBI, but also the alleged phone bombing to the same Law Enforcement Agency. Both events were performed by TeamPoison, whose two alleged members were arrested the day after.

For the sample of attacks I tried to identify: the category of the targets, the category of the attacks, and the motivations behind them. Of course this attempt must be taken with caution since in many cases the attacks did not target a single objective. Taking into account the single objectives would have been nearly impossible and prone to errors (I am doing the timeline in my free time!), so the data reported on the charts refer to the single event (and not to all the target affected in the single event).

As usual the references are placed after the jump.

By the way, SQL Injection continues to rule (the question mark indicates attacks possibly performed by SQL Injection, where the term “possibly” indicates the lack of direct evidences…).

If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 (regularly updated), and follow @pausparrows on Twitter for the latest updates.

Read more…

About these ads
Categories: Cyber Attacks Timeline, Security Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Browsing Security Predictions for 2012

January 8, 2012 4 comments

Update 01/11/2012: Year-to-Tear comparison with 2011 Security Predictions

The new year has just come, vacations are over, and, as usually happens in this period, information security professionals use to wonder what the new year will bring them from an infosec perspective. The last year has been rich of events, whose echo is still resounding, and as a consequence, if RSA and Sony breach were not enough, the main (and somehow obvious) question is: will 2012 stop this trend or rather bring it to unprecedented levels, or, in other words, which threat vectors will disturb the (already troubled) administrators’ sleep?

Unfortunately my divination skills are not so developed (in that case I would not be here), but security firms can give a crucial help since they started to unveil their security predictions for 2012, at least since the half of December, so putting them together, and analyzing them is quite a straightforward and amusing task. Maybe even more amusing will be, in twelve years, to see if they were correct or not.

The security prediction that I take into consideration included, at my sole discretion (and in rigorous alphabetical order):

•    Cisco;
•    Fortinet;
•    Kaspersky;
•    McAfee;
•    Sophos;
•    Trend Micro;
•    Websense;

That is the only leader vendors for which I found predictions issued with original documents (feel free to indicate if I missed someone and I will be very glad to include them in the chart).

In any case, the landscape is quite heterogeneous since it encompasses security vendors covering different areas: one vendor, McAfee, covering all the areas (network, endpoint and content security), two vendors and one half focused on network and content security (Cisco, Fortinet and partially Sophos thanks to the Astaro acquisition), and two vendors focused essentially on endpoint security (Kaspersky and Trend Micro).

The following table summarizes their predictions:

In order to correctly understand the chart a premise is needed: as you will probably have already noticed, in several cases the predictions reflect the specific security focus for the analyzed vendor. For instance, Websense is focused on DLP, and that is the reason why the adoption of DLP is one of its predictions. Analogously McAfee is investing huge resources for Security on Silicon, and this implies that embedded systems and Malware Moving Beyond OS are present among its predictions. Same speech could be applied for Trend Micro and its Cloud Prediction and so on.

Some trends for this year are clearly emphasized: easily predictable Hactivism appears on 6 of the 7 vendors, as mobile (with different connotations) does. Social Media is on the spot as well as are SCADA, Embedded Systems and, quite surprisingly in my opinion, cloud. I would have expected a greater impact for APTs, but for a complete and more accurate analysis one should consider them together with threats targeting embedded systems or ICS. Even because according to several security firms, for instance Kasperky, APT Stuxnet-like will be used for tailored campaigns, whilst more “general purpose malware”, including botnets will be used for massive campaigns (this item is summarized as Mass Targeted Campaigns).

 

Some “old acquaintances” will be with us in 2012: consumerization, at least according to Sophos and Trend Micro (even if consumerization is strictly connected, if not overlapped with mobile) and, if the Comodo and Diginotar affaires were not enough, Rogue Certificates, according to McAfee. Instead some “new entries” are absolutely interesting, such as the threats related to NFC (even if in this case I would have expected a greater impact) or related to Virtual Currency. Besides let us hope that the prediction to adopt DNSSEC be more than a prediction but a consolidated practice.

The most conservative security firm? In my opinion Cisco. The most “visionary”? Maybe Fortinet, I found the “Crime as a Service (CaaS)” absolutely awesome, and most of all not so visionary, since there are already some (even if clumsy) attempts.

In any case with this plenty of Cyber Nightmares is not a surprise the fact the Enterprise security market is going to reach $23 billion worldwide in 2012 with a 8.7% growth year-on-year.

December 2011 Cyber Attacks Timeline (Part II)

December 30, 2011 2 comments

This infamous 2011 is nearly gone and here it is the last post for this year concerning the 2011 Cyber Attacks Timeline. As you will soon see from an infosec perspective this month has been characterized by two main events: the LulzXmas with its terrible Stratfor hack (whose effects are still ongoing with the recent release of 860,000 accounts), and an unprecented wave of breaches in China which led to the dump of nearly 88 million of users for a theoretical cost of nearly $19 million (yes the Sony brech is close). For the rest an endless cyberwar between India and Pakistan, some hactivism and (unfortunately) the usual amounts of “minor” breaches and defacement. After the page break you find all the references.

Last but not least… This post is my very personal way to wish you a happy new infosec year.

Read more…

One Year Of Lulz (Part II)

December 26, 2011 1 comment

Christmas has just gone and here it is my personal way to wish you a Happy New Year: the second part of my personal chart (first part here) of Main 2011 Cyber Attacks covering the time window from August to November 2011 (December is not yet finished, and featuring remarkable events, so expect an update very soon). This memorable year is nearly over and is time, if you feel nostalgic, to scroll down the second part of the list to review the main Cyber Events that contributed, in my opinion, to change the landscape and the rules of the (information security) game. Many events in this period among whom, IMHO, the most noticeable is the one carried on against Diginotar. Since then our trust in conventional authentication models is not (and will not be) the same anymore.

Of course this is my personal selection. Suggestions are well accepted and if you need more details about the cyber events in 2011, feel free to consult my 2011 Cyber Attacks Master Index. As usual after the page break you find all the references…

Read more…

December 2011 Cyber Attacks Timeline (Part I)

December 21, 2011 Leave a comment

As usual, here it is my compilation of December Cyber Attacks.

It looks like that Christmas approaching is not stopping hackers who targeted a growing number of  organizations including several security firms (Kaspersky, Nod 32 and Bitdefender) even if in secondary domains and with “simple” defacements.

Cyber chronicles report of Gemnet, another Certification Authority Breached in Holland (is the 12th security incident targeting CAs in 2011) and several massive data breaches targeting Finland (the fifth this year, affecting 16,000 users), online gambling (UB.com affecting 3.5 million of users),  Telco (Telstra, affecting 70,000 users), and gaming, after the well known attacks to Sony, Sega and Nintendo, with Square Enix, which suffered a huge attacks compromising 1,800,000 users (even if it looks like no personal data were affected).

Online Payment services were also targeted by Cybercrookers: a Visa East European processor has been hit by a security breach, but also four Romanian home made hackers have been arrested for a massive credit card fraud affecting 200 restaurants for a total of 80,000 customers who had their data stolen.

As usual, hacktivism was one of the main trends for this first half of the month, which started with a resounding hacking to a Web Server belonging to ACNUR (United Nations Refugees Agency) leaking more than 200 credentials including the one belonging to President Mr. Barack Obama.

But from a mere hactvism perspective, Elections in Russia have been the main trigger as they indirectly generated several cyber events: not only during the election day, in which three web sites (a watchdog and two independent news agencies) were taken down by DDoS attacks, but also in the immediately following days, when a botnet flooded Twitter with Pro Kremlin hashtags, and an independent forum was also taken down by a further DDoS attacks. A trail of events which set a very dangerous precent.

Besides the ACNUR Hack, the Anonymous were also in the spotlight (a quite common occurrence this year) with some sparse attacks targeting several governments including in particular Brazil, inside what is called #OpAmazonia.

Even if not confirmed, it looks like that Anonymous Finland might somehow be related to the above mentioned breach occurred in Finland.

Other interesting events occurred in the first two weeks of December: the 0-day vulnerability affecting Adobe products, immediately exploited by hackers to carry on tailored phishing campaigns and most of hall, a targeted attack to a contractor, Lockheed Martin, but also another occurrence of DNS Cache Poisoning targeting the Republic of Congo domains of Google, Microsoft, Samsung and others.

Last but not least, the controversial GPS Spoofing, which allegedly allowed Iran to capture a U.S. Drone, even the GPS Spoofing on its own does not completely solve the mistery of the capture.

Other victims of the month include Norwich Airport, Coca Cola, and another Law Enforcement Agency (clearusa.org), which is currently unaivalable.

As usual after the page break you find all the references.

Read more…

Categories: Cyber Attacks Timeline, Cyberwar, Security Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

One Year Of Lulz (Part I)

December 15, 2011 2 comments

Update December 26: 2011 is nearly gone and hence, here it is One Year Of Lulz (Part II)

This month I am a little late for the December Cyber Attacks Timeline. In the meantime, I decided to collect on a single table the main Cyber Attacks for this unforgettable year.

In this post I cover the first half (more or less), ranging from January to July 2011. This period has seen the infamous RSA Breach, the huge Sony and Epsilon breaches, the rise and fall of the LulzSec Group and the beginning of the hot summer of Anonymous agsainst the Law Enforcement Agencies and Cyber Contractors. Korea was also affected by a huge breach. The total cost of all the breaches occurred inthis period (computed with Ponemon Institute’s estimates according to which the cost of a single record is around 214$) is more than 25 billion USD.

As usual after the page break you find all the references.

Read more…

July 2011 Cyber Attacks Timeline

August 2, 2011 5 comments

This awful infosec July is over, and finally we can sum up the Cyber Attacks reported during this month. I collected all the available information and inserted it inside the following chart. Where possible (that is enough information available) I tried to estimate the cost of the attacks using the indications from the Ponemon’s insitute according to which the average cost of a Data Breach is US $214 for each compromised record. The total sum (for the known attacks) is around $7.6 billion, mainly due to the “National Data Breach” of the South Korean Social Network Cyworld.

Approximately 16 attacks were directly or indirectly related to Antisec or Anonymous, they promised an hot summer and unfortunately are keeping their word…

Useful resources for compiling the (very long) chart were taken from:


1 http://www.zeropaid.com/news/94099/abhaxas-dumps-details-of-the-internal-florida-voting-database-online/
2 http://www.pcworld.com/article/235016/hackers_claim_apple_online_data_was_compromised.html
3 http://www.thehackernews.com/2011/07/fox-news-twitter-account-hacked-by.html
4 http://nakedsecurity.sophos.com/2011/07/05/sony-music-ireland-hackers/
5 http://news.cnet.com/8301-27080_3-20077268-245/sophisticated-attack-targets-two-energy-dept-labs
6 http://paulsparrows.wordpress.com/2011/07/08/dump-up-the-kids/
7 http://www.zeropaid.com/news/94250/abhaxas-hacks-floridas-voting-system-again/
8 http://www.v3.co.uk/v3-uk/news/2086749/anonymous-boasts-takedown-turkish-sites
9 http://www.theregister.co.uk/2011/07/08/patriotic_portuguese_hackers_hit_moody/
10 http://paulsparrows.wordpress.com/2011/07/09/another-fbi-contractor-hacked/5
11 http://www.h-online.com/security/news/item/German-Federal-Police-servers-compromised-1276115.html
12 http://www.hackersbay.in/2011/07/anonymous-shuts-down-ministry-of.html
13 http://www.kiplinger.com/securityfaq/
14 http://paulsparrows.wordpress.com/2011/07/12/another-one-bytes-the-dump/
15 http://paulsparrows.wordpress.com/2011/07/12/monsanto-hack-info-of-2500-employees-leaked/
16 http://www.thehackernews.com/2011/07/toshiba-database-hacked-and-user.html
17 http://paulsparrows.wordpress.com/2011/07/15/the-mother-of-all-breaches/
18 http://www.mirror.co.uk/celebs/news/2011/07/16/lady-gaga-website-hacked-and-fans-details-stolen-115875-23274356/
19 http://paulsparrows.wordpress.com/2011/07/19/the-lulzsec-boat-is-back-and-sails-under-the-sun/
20 http://news.cnet.com/8301-1009_3-20081405-83/anonymous-claims-to-have-breached-nato-security
21 http://www.cyberwarnews.info/2011/07/24/philippians-congress-hacked-by-bashcrew/
22 http://nakedsecurity.sophos.com/2011/07/22/anonplus-anonymouss-social-network-is-hacked/
23 http://paulsparrows.wordpress.com/2011/07/24/anonplus-hacked-again-by-syrian-group/
24 http://paulsparrows.wordpress.com/2011/07/25/italian-cyber-police-hacked/
25 http://austrianindependent.com/news/Business/2011-07-26/8537/ORF_hack_attack_worse_than_feared
26 http://www.koreaherald.com/national/Detail.jsp?newsMLId=20110728000881
27 http://paulsparrows.wordpress.com/2011/07/29/anonymous-claims-another-fbi-contractor-hacked/
28 http://paulsparrows.wordpress.com/2011/07/29/italian-anonymous-owned/
29 http://paulsparrows.wordpress.com/2011/07/31/its-a-cruel-summer/
30 http://www.thehackernews.com/2011/07/italys-police-it-network-vitrocisetit.html

Lady Gaga Web Site Hacked

Lady GaGa visit Sweden at Sommarkrysset, Gröna...
Image via Wikipedia

This sunny July morning begins with another resounding hacking notification.

This time is Lady Gaga’s turn, whose U.K. Web Site, according to Daily Mirror, has been hacked and thousands of her fans’ personal details consequently stolen during the attack and made public.

The attack has been performed by the Hacker Group Swagsec, on June 27, but was made public only this week. The reasons are probably related to the claims according to which she uses the gay community to sell records.

An anonymous source said: “She’s upset and hopes police get to the bottom of how this was allowed to happen.”
 

Universal said yesterday:

“The hackers took a content database dump from http://www.ladygaga.co.uk and a section of email, first name and last name records were accessed. There were no passwords or financial information taken.

“We take this very seriously and have put in place additional measures to protect personally identifiable information. All those affected have been advised.”

SwagSec have also targeted other Universal artists recently including Amy Winehouse and Justin Bieber.

In an unrelated incident, an 18-year-old German hacker who leaked tracks by Gaga in 2009 was recently jailed for 18 months.

I must confess that these vacations are proving to be very interesting from my information security professional perspective. In the last weeks. each night I go to sleep wondering what further data breach will be notified the morning after… (un)luckily my expectations have almost never been unattended…

The Mother Of All Breaches

July 15, 2011 6 comments
The Pentagon, looking northeast with the Potom...

Image via Wikipedia

Update July 15: Reuters reports that hat a classified US military weapons system will now need to be redesigned after specs and plans for the system were stolen from a defense contractor database during the breach of March,

According to an AP Statement, on Thursday the Pentagon revelead to have suffered a breach of 24,000 documents in March, during a single intrusion. Particularly interesting is the fact that sources believe the attack was perpetrated by a Foreign Country, confirming the fact that  cyberspace has really become the fifth domain of war (earlier in this year China had been charged to have hacked some gmail accounts including those of senior US and South Korean government officials, and similarly at the end of 2009 some gmail accounts belonging to dissidents).

According to the original statement by AP:

William Lynn, the deputy secretary of defense, said in a speech outlining the strategy that 24,000 files containing Pentagon data were stolen from a defense industry computer network in a single intrusion in March. He offered no details about what was taken but in an interview before the speech he said the Pentagon believes the attacker was a foreign government. He didn’t say which nation.

“We have a pretty good idea” who did it, Lynn said the interview. He would not elaborate.

For the chronicle, DoD operates over 15,000 networks and seven million computing devices across hundreds of installations in dozens of countries around the globe.

It is not a coincidence that at the beginning of the year Pentagon declared that computer sabotage coming from another country can constitute an act of war, a finding that

for the first time opened the door for the U.S. to respond using traditional military force (probably at that time they were alre

ady aware of the above attack, which explains the change in strategy).

In the same wake, yesterday the Department of Defence announced its Strategy for Operating in Cyberspace, which relies on five strategic initiatives. At first glance the strategy aims to defend and prevent with a measured, reasonable approach focused on good network hygiene and data-sharing, rather than bombing hackers into submission.

  • Strategic Initiative 1: Treat cyberspace as an operational domain to organize, train, and equip so that DoD can take full advantage of cyberspace’s potential;
  • Strategic Initiative 2: Employ new defense operating concepts to protect DoD networks and systems;
  • Strategic Initiative 3: Partner with other U.S. government departments and agencies and the private sector to enable a whole-of-government cybersecurity strategy;
  • Strategic Initiative 4: Build robust relationships with U.S. allies and international partners to strengthen collective cybersecurity;
  • Strategic Initiative 5: Leverage the nation’s ingenuity through an exceptional cyber workforce and rapid technological innovation.

Honestly Speaking I must confess that, as soon as I stumbled upon this report I could not help thinking (but this is a mere personal speculation) to the RSA Breach. Details of the Pentagon breach are not known so far, but I would not be surprised if they were somehow related. On the other hand the RSA breach happened in mid-March and was followed to attacks towards three US Defense Contractors (L-3, happened at the beginning of April but disclosed at the end of May, Lockheed Martin, discovered on May, the 22nd, and Northrop Grumman on May, the 26th). Only a coincidence?

Follow

Get every new post delivered to your Inbox.

Join 2,705 other followers