About these ads

Archive

Posts Tagged ‘Denial-of-service attack’

DDoS and SQLi are the Most… Discussed Attack Techniques

October 30, 2012 Leave a comment

Imperva has just published the results of its annual analysis on one of the largest-known hacker forums counting approximately 250,000 members.

The research (also made on other smaller forums) used the forum’s search engine capabilities to analyze conversations by topic using specific keywords. Unfortunately no details have been provided about the methodology used to collect the data, however the results show that SQL Injection and DDoS are the most discussed topic, both of them with the 19% of discussion volume (I am glad to see that the results are coherent with the findings of my Cyber Attack Statistics).

Of course the data must be taken with the needed caution since the analyzed sample could not be entirely consistent. As Imperva admits: “The site we examined is not a hardcore crime site, but it’s not entirely softcore. New hackers come to this site to learn and,on the other hand, more experienced hackers teach to gain “street cred” and recognition […]. Typically, once hackers have gained enough of a reputation, they go to a more hardcore, invitation-only forum.” This probably means that the incidence of the two attack techniques is overrated since one should expect a beginner hacker to approach the easiest and most common attack methods for which there are many tools available.

Anyway the events of the last months show that an attack does not deserve less attention only because it is carried on by a beginner, nor a beginner worries too much if he uses automated tools without full knowledge and awareness. A look to the infosec chronicles of the last period is sufficient to verify that DDoS and SQLi attacks are always in the first pages.

Sadly, Imperva estimates that only the 5% of the security budget is spent on thwarting SQL Injection attacks.

Other interesting findings of the research are: the fact that social networks pose a major interest for hackers since they are becoming a prominent source of information and potential monetary gain (Facebook was the most discussed social media platform, with 39%, immediately followed by Twitter at 37%), and also the fact that E-whoring is becoming one of the most common methods for beginner cyber criminals to gain easy money (more than 13,000 threads observed).

About these ads

16-30 September 2012 Cyber Attacks Timeline

October 4, 2012 2 comments

Part One with 1-15 September 201 Timeline Here.

September is over and it’s time to analyze this month from an Information Security perspective with the second part of the Cyber Attack Timeline.

Probably this month will be remembered for the massive outage of six  U.S. Banks (Bank of America, JPMorgan Chase, Citigroup, U.S. Bank, Wells Fargo and PNC ) caused by a wave of DDoS attack carried on by alleged Muslim hackers in retaliation for the infamous movie (maybe this term is exaggerated) “The Innocence of Muslims”.

China has confirmed its intense activity inside the Cyber space. Alleged (state-sponsored?) Chinese hackers were allegedly behind the attack to Telvent, whose project files of its core product OASyS SCADA were stolen after a breach, and also behind a thwarted spear-phishing cyber attack against the White House.

Adobe suffered a high-profile breach which caused a build server to be compromised with the consequent theft of a certificate key used to sign two malware strains found on the wild (with the consequent necessary revoke of the compromised key affecting approximately 1,100 files).

Last but not least, the Hacktivism fever has apparently dropped. September has offered some attacks on the wake of the #OpFreeAssange campaign, and a new wave of attacks at the end of the month after the global protests set for September, the 29th, under the hashtag of #29s.

If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 and the related statistics (regularly updated), and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

Read more…

Categories: Cyber Attacks Timeline, Security Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Even Botnets Go on Holidays!

September 30, 2012 Leave a comment

The attack model based on botnet-generated Distributed Denials of Service is opportunistic. The botmaster selects a target, gathers as many resources as possible among his army of zombie machines, and when he realizes to have achieved enough firepower, simply selects a target and pushes the attack button. After this the target is inevitably flooded by packets generated by the bots, while the unaware owners of the zombie machines perform their normal work or fun activities with their infected computers.

In theory there is only a weak point in this opportunistic model and it consists on the fact that the botmaster controls the compromised machines but cannot control their availability. Simply said, if a user has not switched on his computer while the botmaster needs that machine to execute a DDoS attack, the machine is not available, and there is not so much to do.

Of course this is essentially a theoretical weak point since, quoting a famous phrase, we could say that on botnet empire the sun never sets: indeed botnets are so huge and widespread to be in practice always available (they span different continents and different time zones) and constantly grant enough firepower.

But what happens if some global events or some global festivities make a larger number of computers to be turned off? Quite simple apparently! The firepower of the botnet is hugely affected and the number of DDoS attack drops. This is one of the paradoxical conclusions that can be derived from a paper presented few days ago at the Virus Bulletin 2012 International Conference by Cloudflare (probably the main CDN company in the world), about which an interesting post by Naked Security has provided additional details.

Apparently the number of IP addresses used to execute Layer 7 DDoS attacks in 2012 showed the minimum values just in those days of events or vacations which kept the users away from their Personal Computers. The minimum values occurred in days such as Mardi Gras, Earth Day (the 22nd of April when one billion people around the world chose to keep their computers turned off to reduce energy consumption), the Memorial Day weekend on the 29th May and 28th June, just before US Independence Day celebrations.

Quoting the Naked Security article, the conclusion is quite amusing: if everyone turned off their computers each night, it might not just be good for the environment because of the lower levels of energy being consumed… it could also mean a reduction in botnet attacks.

1 – 15 August Cyber Attacks Statistics

August 22, 2012 Leave a comment

First of all, let me begin with great news: The Cyber Attacks Statistics page is complete with all the data collected so far: I created and inserted even the charts for January, so I am currently covering (and will cover) the whole 2012.

Now, after this small “self-gratification” it is time to look at the statistics derived from the Cyber Attacks Timeline for the first half of August. You will soon discover that this month has seen an (un)expected revamping of Hacktivism and consequently of his preferred weapon (DDoS), and preferred targets (governments). This is a consequence of the so-called OpDemonoid carried on by the Anonymous collective against the takedown of the famous Torrent Tracker (which in many ways reminded the most famous OpMegaUpload). But this is also a consequence of OpAustralia, the operation (successful since the law proposal is in standby) against the new Australian Internet Surveillance Law.

As far as the Motivations Behind Attacks are concerned, Hacktivism ranked at number on with nearly the 50% of the events. Cyber Crime ranked at number two (43%) while as usual Cyber Espionage and Cyber Warfare are well behind (but I wonder how many targeted attacks are acting in this moment, silent and undetected). It is interesting to notice the rise of events motivated by Cyber Espionage (three inside the interval taken into consideration): the Gauss Cyber Attack, the campaign against Saudi Aramco and the attacks against the Nepalese Government.

The winds of hacktivism have a clear influence even in the Distribution Of Attack Techniques which shows a new entry (as it were) at number one. Yes, in the first half of August the DDoS has overtaken the SQLi with nearly one third of the occurrences (31.9%) against the 21.3 of the latter. Only for the 17% of the attacks it has not been possible to identify with certainty the attack technique leveraged.

Clearly the hacktivism also influenced the Distribution Of Targets: nearly one cyber attack on five (among the sample considered), corresponding to the 21%, hit government targets. Targets belonging to the industry sector and to the news sector ranked at number two, both of them with the 13% of the occurrences. Apparently the first half of August has been particularly awful for the News Sector, thanks most of all to Thomson Reuters, that has been hacked three times in two weeks.

Again, I will never get tired of repeating that data must be taken very carefully since they do refer only to discovered attacks (the so-called tip of the iceberg), and hence do not pretend to be exhaustive but only aim to provide an high level overview of the “cyber landscape” of the considered period.

If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 (regularly updated), and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

July 2012 Cyber Attacks Statistics

Here we are with the statistics from the Cyber Attack Timelines  for the first and the second half of July 2012. The sample included 76 attacks which have been analyzed according the three familiar parameters: Motivations behind attacks, Distribution of attacks techniques and Distribution of targets.

Again, I will never get tired of repeating that data must be taken very carefully since they do refer only to discovered attacks (the so-called tip of the iceberg), and hence do not pretend to be exhaustive but only aim to provide an high level overview of the “cyber landscape” of the considered period. Moreover, remember that the most dangerous threats are the invisible ones.

As far as  the Motivations Behind Attacks are concerned, July has confirmed the predominance of Cyber Crime, although it dropped down to 55% from 72% of the previous month. It is interesting to notice the corresponding growth of Hacktivism, from 18% in June to 32% in July. Although the number of (discovered) attacks motivated by Cyber Espionage is always low, this month their occurrences nearly doubled as a consequence of the events in the Middle East, that confirms to be a “hot area” for the Cyber Arena. Cyber Warfare is positioned at the bottom of the chart with a “poor” 4% of the occurrences.

The Distribution Of Attacks Techniques chart confirms that is getting harder and harder to recognize what the cyber crooks have leveraged to reach their goal. The percentage of the unknown attacks has grown from the 36% of June to the 45% of July. In any case, among the recognized attacks, SQL Injection ranks at number one with the 28% of possible occurrences. DDoS has confirmed his decreasing trend from 16% in June to 9% in July. Maybe the possible victims are learning to effectively defend themselves?

The Distribution of Targets chart confirms that targets belonging to industry are always on top of the preferences of Cyber Crooks with the 32% of occurrences, well above the 21% of the last month. Government targets confirmed their second place with the 15% of occurrences (were the 18% on July) followed by Online Services with the 10%. It is interesting to notice the low occurrences of incidents targeting Law Enforcement Agencies and Military Institutions. Maybe after the high number of cyber attacks suffered, they are learning to enforce adequate countermeasures.

 If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 (regularly updated), and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

July 2012 Cyber Attacks Statistics (Part I)

Here we are with the statistics from the Cyber Attack Timeline for the first half of July 2012. The sample included 39 attacks which have been analyzed according the three familiar parameters: Motivations behind attacks, Distribution of attacks techniques and Distribution of targets.

As far as Motivations Behind Attacks are concerned, the first two weeks of July confirmed the trend of the last months: Cybercrime ranked at number one with nearly the 70% of the occurrences, well ahead hacktivism, at number two with the 23%. Cyber Warfare and Cyber Espionage are well behind with respectively the 5% and 3% of the attacks.

The Distribution Of Attack Techniques has shown, for the first half of July, a considerable number of attacks of unknown origin. As a matter of fact, in more than one half of the occurrences (53%) it has not been possible to track the attack technique used by cyber croockers, at least according to the available information. In all those cases in which it has been possible to track the attacks, the first half of July has seen an overtake of DDoS (18%) against SQL Injection (13%), although if one sums the total occurrences of SQL Injections (certain and claimed, the latter are characterized by a question mark in the chart), the total of SQLi is a remarkable 21%, slightly greater than DDoS). I had to modify this chart after I came across an article indicating an SQL Injection attack as the vector of the breach suffered by Nvidia.

The Distribution of Targets chart confirms the Industry at rank number one with the 38% of occurrences. In any case, if we do not consider the fragmentation of this category (I have dedicated an apposite chart to drill it down), Governments have confirmed to be the most vulnerable targets with the 10% of the occurrences, corresponding to the most vulnerable single category.

Amongst the single categories, Law Enforcement Agencies rank at number two with the 8% of occurrences, followed by Education targets, online forums and political organizations, each one of them with the 5% of occurrences.

Again, please notice that data must be taken very carefully since they do refer only to discovered attacks (the so-called tip of the iceberg), and hence do not pretend to be exhaustive but only aim to provide an high level overview of the “cyber landscape” of the considered period. Moreover, remember that the most dangerous threats are the invisible ones.

If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 (regularly updated), and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

July 2012 Cyber Attacks Timeline (Part I)

July 20, 2012 1 comment

Update 08/02/2012: July 2012 Cyber Attacks Timeline (Part II)

Although the number of attacks has considerably diminuished, the first half of July has left several high-profile attacks which deserverd huge attention, exposing in theory more than 2,000,000 individuals. Yahoo! Voice, Android Forums, Nvidia, Formspring, Billabong and ASUS are several of the well-known names that were victims of the high-profile breaches in the first two weeks of July.

World Health Organization and PBS (once again) were also illustrious victims of Cyber Attacks.

Besides these remarkable events, it looks like the actions carried on by the Law Enforcement agencies in the last period led to some results since the number of incidents looks undoubtably smaller than the previous months.

For what concerns the cyber attacks driven by hacktivism, it is particularly important to notice #OpPedoChat, still ongoing, which caused many pedophiles to be exposed, in several cases with unpredictable consequences, as in Belgium where a far-right official resigned after Anonymous’ Paedophilia Claims.

If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 (regularly updated), and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

Read more…

Follow

Get every new post delivered to your Inbox.

Join 3,094 other followers