The research (also made on other smaller forums) used the forum’s search engine capabilities to analyze conversations by topic using specific keywords. Unfortunately no details have been provided about the methodology used to collect the data, however the results show that SQL Injection and DDoS are the most discussed topic, both of them with the 19% of discussion volume (I am glad to see that the results are coherent with the findings of my Cyber Attack Statistics).
Of course the data must be taken with the needed caution since the analyzed sample could not be entirely consistent. As Imperva admits: “The site we examined is not a hardcore crime site, but it’s not entirely softcore. New hackers come to this site to learn and,on the other hand, more experienced hackers teach to gain “street cred” and recognition […]. Typically, once hackers have gained enough of a reputation, they go to a more hardcore, invitation-only forum.” This probably means that the incidence of the two attack techniques is overrated since one should expect a beginner hacker to approach the easiest and most common attack methods for which there are many tools available.
Anyway the events of the last months show that an attack does not deserve less attention only because it is carried on by a beginner, nor a beginner worries too much if he uses automated tools without full knowledge and awareness. A look to the infosec chronicles of the last period is sufficient to verify that DDoS and SQLi attacks are always in the first pages.
Sadly, Imperva estimates that only the 5% of the security budget is spent on thwarting SQL Injection attacks.
Other interesting findings of the research are: the fact that social networks pose a major interest for hackers since they are becoming a prominent source of information and potential monetary gain (Facebook was the most discussed social media platform, with 39%, immediately followed by Twitter at 37%), and also the fact that E-whoring is becoming one of the most common methods for beginner cyber criminals to gain easy money (more than 13,000 threads observed).
The first half of August has seen a revamping of Hacktivism, encouraged by the takedown of the famous Torrent Tracker Demonoid (and the consequent OpDemonoid targeting most of all Ukrainian sites), but also encouraged by OpAustralia, the wave of attacks against Australian Web Sites carried on against the Australian Internet Surveillance Law (apparently the latter operation was successful since the controversial law has been put on standby).
But Hacktivism was not the only “trend topic” for this period. The Middle East continues to be the cradle for unexpected cyber weapons threats. In August, two new occurrences of allegedly state sponsored malware: Gauss, a cyber-espionage tool targeting bank transaction, and Shamoon , a destructive malware targeting energy companies.
These are probably the most remarkable Cyber Events of this period, which has also seen a purported giant breach targeting Pearl.fr, a French e-commerce website whose 729,000 accounts, together with over 1 million bank transaction details, have been subtracted by hackers.
If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 and the related statistics (regularly updated), and follow @paulsparrows on Twitter for the latest updates.
Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).
The first half of March is gone, and here it is the Timeline of the main Cyber Attacks for this period, a timeline which shows, once again, a month characterized by Hacktivism, and in particular by cyber attacks carried on in retaliation for the arrests of the LulzSec members, among which, particularly meaningful, is the one perpetrated against a Security Firm: Panda Security.
As far as hacktivism is concerned, March has also seen the rise of a new hacking collective called The Consortium, who hacked Digital Playground, an adult porn site, acquiring 72,000 user accounts.
Other remarkable events include the attacks to several Vatican Websites, the theft of Michael Jackson’s catalogue from Sony, and the Cyber attack to British Pregnancy Advisory Service which allowed the alleged attacker, to illegally obtain 10,000 records.
Last but not least, James Stavridis, the NATO Admiral, has fallen indirect victim of a Social Poisoning Cyber Attack allegedly perpetrated by chinese hackers, as also BBC has fallen victim of a sophisticated Cyber Attacks from Iran.
The references are after the jump and, as always, the timeline does not include the events related to Middle East Cyberwar, object of a dedicated timeline.
If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 (regularly updated) and follow @pausparrows on Twitter for the latest updates.
Looks like Israel has approached a “wait and see” strategy, as these last days of cyber war have seen almost exclusively actions against that country without any appreciable response. In a certain sense, most of all at the Israeli site, the cyber conflict seems to have fallen into a rest, even if new actors have entered the scene, as is the case of the Mauritania Hacker Team, who opened with the leak of 2500 Israeli emails and claimed to have hacked the Central Bank of Israel. Despite these events the number and intensity of the attacks is no longer that of the early days.
The frequency of the attacks has drastically fallen, even because the early cyber fighters seem to have disappeared, apart from the AlienZ who, every now and then reappear with some dumps against arab sites (and not only).
In the meantime, Iran is suffering several sparse attacks from the Anonymous, targeting that country in the name of #OpIran, and in contemporary attacks its Azerbaijani neighbors considered close to Israel.
Interesting to notice I also found evidence of internal attacks in Iran against reformist websites considered close to former President Mohammad Khatami. The storyboard follows the same line both in real and virtual world.
Apparently Israel seems not to respond to attacks. A temporary truce or a real turnaround?
The more I look inside the Middle East Cyber War between Israel and the Arab Hackers, the more I realize that it follows exactly the same shape than the real conflict.
In particular this last week has seen a strong reduction of the cyber events between the involved parties, although it is not clear if this was due to stronger cyber defenses enforced, or it was rather a kind of “calm before the storm”.
Among the reported events I considered particularly meaningful the attack of InLightPress, a Palestinian news website, of whom I did not find any other report except the one quoted in the Infographic which comes from a Pro-Israeli Website (this is the reason why this event must be considered with the necessary caution). Maybe it is not directly related to the Middle East Cyber War, anyway it looks like this attack was not originated by Israeli hackers, but had rather been “commissioned” by the Palestinian Authority. In the real world political parties or movement have different wings (typically hawks and doves), it looks like this is true for the cyber world as well. On the other hand, some believe that also the attack carried on last week against the Israeli newspaper Haaretz, considered close to Pro-Palestinian movements, has an internal origin, that maybe explains the subsequent excuses by the alleged authors of the attack (BTW at the above link there is an interesting list of the hack published in pastebin by the Israeli Hackers).
Do you believe the descending trend of the cyber events will be confirmed in the next period, or it is rather a temporary cyber truce before the digital storm?
Feb 19 2012: Middle East Cyber War Timeline Master Index
I tried to summarize the chain of events that is characterizing the Cyber Escalation in the Middle East. I collected the information from several sources in order to provide a detailed picture of what is happening between Israel and the Arab Countries since the initial claim of 0xOmar. Observing the evolution of the chart, the Cyber conflicts seems to follow the same rules than real wars: innocent victims, propaganda and psyops, different paths of escalation and guerrilla tactics. This Cyber Conflict in Middle East is probably crossing the line: from now the landscape will not be the same anymore.
From the initial action of 0xOmar to the Israeli reaction, passing through the declaration of Cyber Jihad (the chart is updated to Sunday, the 22nd of January), (too) many events have happened, involving different hacking crews, different countries (also some French and Canadian web sites have been defaced) and different kind of attacks. What was started as an endless chain of massive leaks seems to be evolving as isolated actions typical of guerrilla.
Follow the line of a Cyber conflict that, similarly to the real one occurring in the Middle East, appears far from being solved…
This infamous 2011 is nearly gone and here it is the last post for this year concerning the 2011 Cyber Attacks Timeline. As you will soon see from an infosec perspective this month has been characterized by two main events: the LulzXmas with its terrible Stratfor hack (whose effects are still ongoing with the recent release of 860,000 accounts), and an unprecented wave of breaches in China which led to the dump of nearly 88 million of users for a theoretical cost of nearly $19 million (yes the Sony brech is close). For the rest an endless cyberwar between India and Pakistan, some hactivism and (unfortunately) the usual amounts of “minor” breaches and defacement. After the page break you find all the references.
Last but not least… This post is my very personal way to wish you a happy new infosec year.
Update 12/01/2011: November Cyber Attacks Timeline (Part II)
This first half of November has been very hard for Steam. The Valve Online Gaming Platform suffered a security breach putting at risk a potential sample of 37 million of users and hence wins the crown for the Major Breach of the First Half of November.
Also a sportswear giant like Adidas fell among the victims of cybercriminals, with a “sophisticated attack” targeting 500,000 users.
This month was also hot for the Cold Finland which has suffered two security breaches involving more than 30,000 users (a third breach also happened on November, the 16th, affecting 16,000 users but of course will be reported in the next report).
Two other CAs (KPN and Digicert Sdn Bhd Malaysia, not to be confused with Digicert US-based CA) were compromised. Also F-secure discovered a sample of malware signed with a valid certificate stolen from a Malasyan company.
On a larger scale, after 2 years of hunt, FBI uncovered a huge Botnet in Estonia, which stole $14 million from 4 million users worldwide, while on the other side of the Globe, Brazilian ISPS were targeted by a massive DNS Poisoning attack.
Not even Facebook was safe this month, whose (too) many users were targeted with a malware posting pornographic images on their wall exploiting an Internet Explorer Vulnerability.
As far as hactivism is concerned, the political events in the real world had a predictable echo in the Cyber space, with an attack to Palestine the day after the nation was admitted as a full member of UNESCO.
As a retaliation, some Israeli Government web sites were targeted with a wave of DDoS attacks by the infamous Anonymous hacking group. In any case the Anonymous were active also in other Cyberwar fronts acting a couple of defacements and DDoS (in one case they targeted the Muslim Brotherhood) and were also the authors to one of the two attacks in Finland (the one towards a right-wind party).
A group of Hackers called TeaMp0isoN claimed to have hacked more than 150 Email Id’s of International Foreign Governments even if this statement is controversial.
What is not controversial is the Cyberwar declared against Mexico which was targeted, in November, by a massive waves of Cyber Attacks.
Besides these noticeable events, the month was characterized by many other minor attacks and dumps among which, particularly noticeable are: the attacks to a couple of banks (DDoS and defacements) and Universities (UCLA and Standford hit by data breaches), and the Fox Business Twitter Account Hacking (Oops they did it again!).
The month ends with the first example of malware targeting ambulance.
Please notice that I decided henceforth not to insert attacks targeting a limited amount of users and most of all, claimed without clear evidence: in this month I discovered a claimed fake attack to Italian Police announced recycling old data.
If you think that Facebook’s 600,000 compromised logins per day are not enough, you’d better read an interesting paper issued by a group of researchers from University of British Columbia, concerning the capability to use socialbots, that is software driven fake identities controlled by a bootmaster, to lure real Facebook users with the purpose of stealing sensitive data, and more in general, every kind of information with a potential monetary value.
Social Networks are gaining more and more importance for everyday life, both on a microscopic and on a macroscopic scale. On a microscopic scale they influence the life of a growing number of individuals who concentrate there their personal and professional interests; on a macroscopic scale Social Networks played (and are playing) a crucial role for the Arab Spring, both on a social and military perspective, not only they were the virtual weapons for protesters to witness the events in Tunisia, Egypt, Libya and Syria (but also for the loyalists with actions of propaganda and misinformation), but they were also used by NATO as real weapons in Libya to identify potentially targets to strike after “strong authentication” with conventional technologies (such as satellites).
Of course this constantly growing influence is attracting attentions from governments (which are evaluating technologies to monitor and eventually counteract the streams of information) but also from individuals who look at the weaknesses of social networks (and more in general at the scarce attention towards privacy by many users) as a mean for stealing money and information, a new form of richness of the Web 2.0 era.
The idea behind this research is not completely new, and takes into consideration two well known risk factors for Social Networks: reputation and privacy. The (fake) social reputation of a malicious individual can lure legitimate users to connect with untrusted contacts, after the connection, the poor attention for privacy settings together with a superficial behavior can bring to users to reveal, through the social channel, personal and classified information. This is the reason why resounding examples of fake profiles (with human beings behind) are not new for social networks, for scientific or amusement purposes: the names of Robin Sage and Primoris Era should sound familiar to many.
On the other hand not even the possibility to develop software-based fake social personas is a completely new, at least in theory and, most of all with military purposes, if it is true that the U.S. Department of Defense is developing software personas for propaganda actions inside the Social Network Battlefield.
What is completely new is the fact that no one so far had been able to show the results of a research done with software based socialbots since, so far, only human fake profiles were used to steal informations.
So what happens when bots, a concept proper of Information Security, meet social networks?
The results, at least for Facebook are frustrating: the above mentioned paper shows that, starting with a socialbotnet of 102 socialbots (49 male profiles and 53 female profiles) controlled by a single botmaster, the researchers were able to infiltrate Facebook, fully automating the operation of the Socialbotnet (including fake accounts creation).
The average success rate was 59.1%, with peaks close to 80%, which in several cases, depending on users’ privacy settings, resulted in privacy breaches (harvested data included email addresses, phone numbers, and other profile information with potential monetary value). Even worst, collected data included also private data of users who had not been infiltrated, but were only “guilty” to be somehow connected to infiltrated users, with an average collection day of 175 new chunks of publicly-unaccessible users’ data per socialbot per day.
The infiltration turned into 8,570 connection requests in a timeframe of 8 weeks with 250 Gb of data collected. Moreover the Social Network Defenses, such as the Facebook Immune System, resulted not effective enough in detecting or stopping the infiltration as it occurs: they were effective only when users were able to recognize the fake profiles and mark them as spam. Curiously this happened only in 20 cases (nearly the 20% of the total), all related to female profiles.
From the users’ side, (an easily predictable statement) the research confirms that most users are not careful enough when accepting connection requests sent by strangers, especially when they have mutual connections (the so called triadic closure principle, one of the foundations of the Social Networks).
Personal and Professional Social Networkers (and organizations that are approaching Social Networks) are advised!
- 634,828 hits since November 2010
08/13/2011 - My Post on Android Malware Mentioned on Engadget.
04/14/2011 - The Article Smart Grid: L'ultima Frontiera del Cybercrime published on ICT Security Magazine May 2011.
03/14/2011 - Security Summit 2011: Paolo Passeri guest at Round Table "Mobile Security: Rischi, Tecnologie, Mercato"
02/14/2011 - The Article Gears of Cyberwar published on ICT Security Magazine January 2011.
About This Blog
In this blog I express my personal opinion, which does not necessarily reflects the opinion of my organization, about events and news or interest, concerning information security, winking to mobile world and, why not, to some curious personal event.
Every information is reported with its source.
Anyone intending to use information contained in my post is free to do so, provided that mention my blog in your article.
Top Posts & Pages
- List Of Hacked Celebrities Who Had (Nude) Photos Leaked
- 16-30 November 2013 Cyber Attacks Timeline
- 2013 Cyber Attacks Timeline Master Index
- 2012 Cyber Attacks Statistics
- August 2013 Cyber Attacks Statistics
- 1-15 November 2013 Cyber Attacks Timeline
- 2013 Cyber Attacks Statistics
- 1-15 October 2013 Cyber Attacks Timeline
- A (Graphical) World of Botnets and Cyber Attacks
- 2012 Cyber Attacks Timeline Master Index
- 16-30 November 2013 Cyber Attacks Timeline wp.me/p14J6X-2tY - 1 day ago
- 1-15 November 2013 Cyber Attacks Timeline wp.me/p14J6X-2tO - 1 week ago
- RT @Accumuli_Sec: Accumuli signs partnership with @Lastlineinc and announces availability of integration suite into #SIEM platforms http://… - 2 weeks ago
- October 2013 Cyber Attacks Statistics wp.me/p14J6X-2tw - 2 weeks ago
- Anti-APT startup Lastline heads for London's Tech City - Techworld.com news.techworld.com/security/34895… - 2 weeks ago
- 1-16 October 2013 Cyber Attacks Timeline wp.me/p14J6X-2tp - 3 weeks ago
- It's time to go back to Europe. Thank you @Mandiant @taosecurity for this awesome #MIRcon - 4 weeks ago
- RT @jasonsoroko: Paolo Passeri of Hackmageddon.com discussing attack trends. #MIRcon http://t.co/KDMxh1T2Yu - 4 weeks ago
- Fight against malware developing into arms race itpro.co.uk/malware/20933/… - 1 month ago
- RT @WeldPond: Experts say hackers hit major Israeli roadway, a sign cyber warfare now reality. Tunnel camera system shut down. http://t.co… - 1 month ago