Archive
16 – 31 August 2012 Cyber Attacks Timeline
Here the first part with the timeline from 1 to 15 August 2012.
Here we are with the second part of the August 2012 Cyber Attacks Timeline. A second part of the month that has been characterized by hacktivism, most of all because of the so-called OperationFreeAssange, which has targeted many high-profile websites.
Among the targets of the month, Philips has been particularly “unlucky”. The Dutch giant has been the victim of three Cyber Attacks, even if there are several doubts about the authenticity of the hacks.
But maybe the biggest operation of the month is the #ProjectHellFire, carried on by the collective @TeamGhostShell, that has unleashed something as 1 million of accounts belonging to different sectors (banks, government agencies, consulting firms, law enforcement and the CIA). And the group promises new action for this Fall and Winter.
The Middle East confirms to be very hot, with a new Cyber Attack, probably another occurrence of Shamoon, targeting RasGas, yet another Oil Company.
Just one note: of course it is impossible to track all the targets of the #OpFreeAssange. You can find a complete list at cyberwarnews.info.
If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 and the related statistics (regularly updated), and follow @paulsparrows on Twitter for the latest updates.
Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).
August 2012 Cyber Attacks Timeline (Part I)
The first half of August has seen a revamping of Hacktivism, encouraged by the takedown of the famous Torrent Tracker Demonoid (and the consequent OpDemonoid targeting most of all Ukrainian sites), but also encouraged by OpAustralia, the wave of attacks against Australian Web Sites carried on against the Australian Internet Surveillance Law (apparently the latter operation was successful since the controversial law has been put on standby).
But Hacktivism was not the only “trend topic” for this period. The Middle East continues to be the cradle for unexpected cyber weapons threats. In August, two new occurrences of allegedly state sponsored malware: Gauss, a cyber-espionage tool targeting bank transaction, and Shamoon , a destructive malware targeting energy companies.
These are probably the most remarkable Cyber Events of this period, which has also seen a purported giant breach targeting Pearl.fr, a French e-commerce website whose 729,000 accounts, together with over 1 million bank transaction details, have been subtracted by hackers.
If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 and the related statistics (regularly updated), and follow @paulsparrows on Twitter for the latest updates.
Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).
July 2012 Cyber Attacks Statistics
Here we are with the statistics from the Cyber Attack Timelines for the first and the second half of July 2012. The sample included 76 attacks which have been analyzed according the three familiar parameters: Motivations behind attacks, Distribution of attacks techniques and Distribution of targets.
Again, I will never get tired of repeating that data must be taken very carefully since they do refer only to discovered attacks (the so-called tip of the iceberg), and hence do not pretend to be exhaustive but only aim to provide an high level overview of the “cyber landscape” of the considered period. Moreover, remember that the most dangerous threats are the invisible ones.
As far as the Motivations Behind Attacks are concerned, July has confirmed the predominance of Cyber Crime, although it dropped down to 55% from 72% of the previous month. It is interesting to notice the corresponding growth of Hacktivism, from 18% in June to 32% in July. Although the number of (discovered) attacks motivated by Cyber Espionage is always low, this month their occurrences nearly doubled as a consequence of the events in the Middle East, that confirms to be a “hot area” for the Cyber Arena. Cyber Warfare is positioned at the bottom of the chart with a “poor” 4% of the occurrences.
The Distribution Of Attacks Techniques chart confirms that is getting harder and harder to recognize what the cyber crooks have leveraged to reach their goal. The percentage of the unknown attacks has grown from the 36% of June to the 45% of July. In any case, among the recognized attacks, SQL Injection ranks at number one with the 28% of possible occurrences. DDoS has confirmed his decreasing trend from 16% in June to 9% in July. Maybe the possible victims are learning to effectively defend themselves?
The Distribution of Targets chart confirms that targets belonging to industry are always on top of the preferences of Cyber Crooks with the 32% of occurrences, well above the 21% of the last month. Government targets confirmed their second place with the 15% of occurrences (were the 18% on July) followed by Online Services with the 10%. It is interesting to notice the low occurrences of incidents targeting Law Enforcement Agencies and Military Institutions. Maybe after the high number of cyber attacks suffered, they are learning to enforce adequate countermeasures.
If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 (regularly updated), and follow @paulsparrows on Twitter for the latest updates.
Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).
June 2012 Cyber Attacks Timeline (Part II)
Part I (1-15 June) at this link
From an information security perspective, the second half of June has been characterized by the hacking collective UGNAZI (and its members) and also by an individual hacker: .c0mrade AKA @OfficialComrade.
Both entities have left behind them a long trail of Cyber Attacks against different targets (in several cases the real extent of the attack is uncertain) and with different techniques, although it is likely that the UGNAZI collective will be forced to change the plans after the arrest of the group’s leader, JoshTheGod, nearly at the end of the month (27thof June), effectively they have considerably reduced the rate of their cyber attacks in the second part of the analyzed period.
On the other hand, hospitals, banks, several major airlines are only few examples of the preys fallen under the attacks carried on by .c0mrade. Plese notce that from Cyber Crime perspective, is also interesting to notice the High Roller Operation, a giant fraud against the banking industry, unmasked by McAfee.
Needless to say, the Cyber War front is always hot, most of all in Middle East, were several DDoS attacks targeted some Israeli institutions and, most of all, an alleged unspecified massive Cyber Attack targeted tje Islamic Republic of Iran.
The hacktitic landscape is completely different: maybe hacktivists have chosen to go on vacation since June 2012 has apparently shown a decreasing trend, in sharp contrast with an year ago, when the information security community lived one of its most troubled periods.
If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 (regularly updated), and follow @paulsparrows on Twitter for the latest updates.
Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timeline.
June 2012 Cyber Attacks Statistics (Part I)
As usual, here we are with some fresh charts obtained from the first part of the June 2012 Cyber Attacks Timeline.
Let us start with the Motivations Behind Attacks chart. Once again Cyber Crime Ranks at number 1, showing a growing trend respect May, from the 61% to 82% (at least in this first half). On the other hand, hacktivism-led cyber events have dropped from 30% to 14%. Apparently no explicit Cyber Warfare event has been detected, at least according to the data I collected.
Starting, from this month, to make the Distribution Of Targets chart less fragmented and more readable, I decided to aggregate all the attacks against Industries (and Organizations). W
ith this new classification, Government targets go down at rank number 2 with the 15% of occurrences (against the 22% of the previous month), followed by targets belonging to education with the 10% (the same value collected on May). Interesting to notice is the apparent lack of attention by cybercrookers against Law Enforcement targets. In any case, if we consider the fact that Industry data have been aggregated, the chart is not so much different from the one of May: Governements keep on showing a worrying lack of Security.
Last but not least, during the first half of June, it has apparently been difficult to identify the 40% of the attack techniques, although, SQLi (and more in general DB vulnerabilities) keeps on to hold the crown among the identified events. Interesting to notice the drop of DDoS attacks (from 20% of the sample to 10%). Probably it is not a coincidence that it has followed the same trend than the hacktivism-driven Cyber Attacks, having halved its rate with respect to the previous month.
Again, no need to repeat that data must be taken very carefully since they do refers only to discovered attacks (the so-called tip of the iceberg), and hence do not pretend to be exhaustive but only aim to provide an high level overview of the “cyber landscape” of the month.
Furthermore, if you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 (regularly updated), and follow @paulsparrows on Twitter for the latest updates.
Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).
Related articles
- May 2012 Cyber Attacks Statistics (hackmageddon.com)
- April 2012 Cyber Attacks Statistics (hackmageddon.com)
- June 2012 Cyber Attacks Timeline (Part I) (hackmageddon.com)
June 2012 Cyber Attacks Timeline (Part I)
Update 07/05/2012: June 2012 Cyber Attacks Timeline (Part II)
A (first half of the) month living dangerously…
June has come and strongly confirms that Summer is the preferred month for Cybercrookers: just look back at June 2011 and you will probably remember the days of Lulz of the infamous LulzSec Collective (which curiously seems to be reborn!).
June 2012 has shown a remarkable number of incidents and is proving to be a mensis horribilis (horrible month) for Social Networks and Online Services in general, due to the high profile breaches of LinkedIn, Last.Fm, eHarmony and the online game League of Legends.
On a geographic scale, looks like China is becoming another important source of Cyber incidents, having been targeted from #TeamGhostShell, who claim, inside their #ProjectDragonFly, to have obtained up to 800,000 accounts from different sources.
Hacktivism-led actions seem (apparently) to decline, whilst, on the Cyber Crime front, a new collective, UGNazi, is taking the scene, having confirmed, in the first part of June, the wake of cyber attacks, we have become familiar with for some time.
Another Infosec Summer promising to be very hot!
If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 (regularly updated), and follow @paulsparrows on Twitter for the latest updates.
Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timeline.
May 2012 Cyber Attacks Statistics
As I did last month for the Cyber Attacks occurred in April, I have aggregated the data collected on the timelines of May (on the right) in order to provide a consolidated view of the month according to the three parameters of Motivations Behind Attacks, Distribution of Targets and Distribution of Attack Techniques. Again, no need to repeat that data must be taken very carefully since they do refers only to discovered attacks (the so-called tip of the iceberg), and hence do not pretend to be exhaustive but only aim to provide an high level overview of the “cyber landscape” of the month.
As far as Motivations Behind Attacks are concerned, month after month, the charts are becoming monotonous. Cyber Crime ranked undoubtedly at number one with the 61% of occurrences. Twice the occurrences of Hacktivism which ranked at number two. In this chart, Cyber Warfare and Cyber Espionage motivated-attacks are well behind although they were few but good (One Flame was enough for this month, wasn’t it?).
The Distribution of Targets chart is highly fragmented even if with a familar pattern: Government targets ranked firmly on top of the preferences for the attackers, with Education and Law Enforcement targets completing the top three (although, compared to April, they swapped their positions in this unenviable chart). It worths to mention that targets belonging to organizations that offers on-line services are fragmented as well, but if the single entries are summed up, they would rank at number two with approximately the 15% of occurrences.
The Distribution of Attack Techniques chart whows that SQL Injection has been the preferred weapon used by Cyber Criminals in May, overtaking Distributed Denial of Service, the Cyber Paintball Pistol. Clearly the occurrences of DDoS attacks are influenced by the winds of hacktivism which did not blow so high in May. Interesting to notice a further important number of events (17% of the sample) related to unknown attacks targeting DBs, which clearly shows that data repositories are proving to be the weakes element of the chain. May the patch enFORCEment be with you!
If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 (regularly updated), and follow @paulsparrows on Twitter for the latest updates.
May 2012 Cyber Attacks Timeline (Part II)
As usual, here it is the second part of the Cyber Attacks Timeline for the month of May 2012: a month particularly rich of Cyber Events. As you will probably know, the Flame malware has monopolized the attention, deserving the most attention from the Information Security Professional.
Nevertheless the scene has offered many interesting events, among which it worths to mention the breach of 123,000 federal employees records, the breach affecting University of Nebraska, and, last but not least, the breach against WHCMS (which, as we will soon see, has proved to be fatal for its author).
The hacktivist front is still hot and preannounces another hot summer. On the other hand the authors of several remarkable cyber-criminal actions are probably going to leave the scene: the long trail of arrests made by Law Enforcement Agencies against hackers has continued in this month and has hence led to the arrest of Cosmo, the leader of the infamous group UGNazi, which claimed to be the author of the Cyber Attack against WHCMS.
In your opinion are the arrests against hackers really going to stop the growing number of Cyber Attacks (acting as a deterrent)?
If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 (regularly updated), and follow @paulsparrows on Twitter for the latest updates.
After the jump you find all the references, and at this link the first part covering 1-15 May.
May 2012 Cyber Attacks Timeline (Part I)
Update June 4 2012: May 2012 Cyber Attacks Timeline (Part II)
As usual here it is the timeline of the Main Cyber Attacks occurred in May (at least according to my evaluation criteria).
This first half of the month has seen the arrival of a new hacking collective, “The Unknowns”, who has performed an impressive trail of attacks during the first days of May, targeting Space Agencies, Universities, and several other organizations. Although these events appear to be closer to cyber crime actions rather than hactivistim-driven attacks, they have not been the most remarkable ones of these days: as a matter of fact chronicles report of a massive breach at the Hangzhou Dianzi University, targeting approximately 150.000 acccounts.
As far as hacktivism is concerned, this first half of May has confirmed the constant trend of DDoS attacks targeting high profile websites such as SOCA and CIA (once again) and the Supreme Court in retaliation for the U.K. extradition laws.
Interesting to mention is also an alleged Cyber Espionage campaign targeting networks belonging to US natural gas pipeline companies.
If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 (regularly updated), and follow @paulsparrows on Twitter for the latest updates.
April 2012 Cyber Attacks Statistics
I have aggregated the data collected related to cyber attacks occurred in April 2012 (that you may find in the links on the right) in order to provide a consolidated view for the month. The statistics have been taken according to three parameters: Motivations Behind Attacks, Distribution of Targets and Distribution of Attack Techniques. Of course the information does not pretend to be exhaustive, in any case it is useful to provide a snapshot on the cyber landscape of the last month.
As far as the Motivations Behind Attacks are concerned, Cyber Crime ranks undoubtedly at number one with the 51% of the occurrences. Hacktivism is at number two with “only” the 39% of the occurrences. Other motivations such as Cyber Warfare or Cyber Espionage are far behind with respectively the 7 and 2 percent. This is not a surprise since attacks motivated by Cyber Espionage should be supposed to be subtle and hidden and this explains their rank (unlike the attacks motivated by hacktivism that use to attract the greatest attention by media).
As far as the Distribution Of Targets is concerned, Governements keep on to be preferred targets, with nearly one third of the occurrences. Law Enforcement Agencies rank at number two with 9% immediately followed by Educational Institutions with 7%. Online Platforms such as Online Games or other kind of platforms (such as email services) are behind with the 6% of occurrences for both of them. Of course the high position for governments and LEAs is quite simple to explain: both categories are the preferred targets for hactkivists.
A month characterized by Distributed Denial of Service, at least according to the Distribution of Attack Techniques chart. SQL Injection ranks at number two, immediately followed by Defacement. If we sum up also the indirect occurrences of SQLi (that is those cases whose symptoms seem the ones proper of SQLi but no direct evidences were found) the distribution of the two techniques is nearly the same (respectively 29% for DDoS and 27% for SQLi). Of course DDoS is the preferedd cyber weapon for hacktivists and this explain its dominion on this unwelcomed chart.
If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 (regularly updated), and follow @paulsparrows on Twitter for the latest updates.
Related articles
- April Cyber Attacks Timeline (Part II) (hackmageddon.com)
- April Cyber Attacks Timenile (Part I) (hackmageddon.com)
About The Author
Support My Work!
Share:
News
08/13/2011 - My Post on Android Malware Mentioned on Engadget.
04/14/2011 - The Article Smart Grid: L'ultima Frontiera del Cybercrime published on ICT Security Magazine May 2011.
03/14/2011 - Security Summit 2011: Paolo Passeri guest at Round Table "Mobile Security: Rischi, Tecnologie, Mercato"
02/14/2011 - The Article Gears of Cyberwar published on ICT Security Magazine January 2011.
Visitors from…
