The New York Times has recently reported the news related to a (yet another) targeted cyber-attack against JAXA (Japan Aerospace Exploration Agency). This targeted attack has allegedly led to the exfiltration of sensitive information related to Epsilon, a solid-fuel rocket prototype supposed to be used also for military applications, suggesting the targeted attack is probably part of a cyber-espionage campaign.
Sony states than a total of 93,000 accounts corrsesponding to one tenth of one percent (i.e. 0.1%) of their PSN, SEN and SOE consumers may have been affected (PSN/SEN: approximately 60,000 accounts; SOE: approximately 33,000). In these cases the attempts succeeded in verifying valid sign-in IDs and passwords, so the accounts were temporalily locked. As a preventative measure, Sony will be sending email notifications to these account holders and will be requiring secure password resets or informing consumers of password reset procedures.
As already suggested, I considered the original 2011 Cyber Attacks Timeline graph by Thomson Reuters not enough complete since it did not show some important attacks occurred during this tremendous 2011. This is the reason why I decided to draw an enhanced version which shows, according to my personal opinion (and metric), the list of 2011 major cyber attacks both for size and impact. Moreover in this version I added the cost of the breaches (where possible), and the alleged kind of attack perpetrated.
Update June 29: 2011 Cyber Attacks (and Cyber Costs) Timeline (Updated)
I found this interesting graph from an original Thomson Reuters post, showing the timeline of the major 2011 CyberAttacks.
The graph shows all the main Cyber Events of this tremendous 2011 up to June, the 16th. Actually to be perfect it should include also the infamous Epsilon Data Breach, happened on March, the 30th. Probably it had a major impact on the U.S. rather than in Europe, but it is clear that the aftermaths of this breach will last for years in terms of spear-phishing attacks tarteting the affected users.
You need to give people information and transparency so that they can understand security. It’s essential to make them a part of the security process and ensure they are aware of the company security policy.
These words were told yesterday, may, the 4th 2011 on Barcelona during the Check Point Experience, by Gil Shwed, the founder and Chairman of the Information Security Vendor, for unleashing the 3D Security model of the company, a model which focuses on policy people and enforcement.