As already suggested, I considered the original 2011 Cyber Attacks Timeline graph by Thomson Reuters not enough complete since it did not show some important attacks occurred during this tremendous 2011. This is the reason why I decided to draw an enhanced version which shows, according to my personal opinion (and metric), the list of 2011 major cyber attacks both for size and impact. Moreover in this version I added the cost of the breaches (where possible), and the alleged kind of attack perpetrated.
All the data were taken from the bulletins or statements released by the victims, or from the tweets released by the attackers.
Costs were calculated, where possible, using the indications from the Ponemon’s insitute: the average cost of a Data Breach is US $214 for each compromised record, if the targeted company decided to respond immediately the cost is around UD $268 for each compromised record, which drops to US $ 174 if the company takes longer to react.
The Total Cost is an incredible number: nearly US $ 18 billion.
Useless to say, Sony achieves rank #1 with US $ 13.4 billion. In this unenviable chart, Epsilon gains the second place with an estimated cost for its breach, of US $ 4 billion.
The others breaches, although not comparable with the previous ones, if summed, allow to achieve the grand total.
Even if smaller in size, and apparently in importance, I decided to insert in the chart also the attack to Comodo Certificates, happened in March, the 24th. In this annus horribilis, it came immediately after the RSA affaire and it has decreed, together with the RSA breach, the fall of the modern bastions of Strong Authentication (in few days tokens and certificates have proved to be vulnerable). Moreover I consider the message of the author a memorable declaration of Cyberwar. On the trail of the RSA breach the wave of attacks towards US contractors is noteworthy as well.
Hackers focused on Media Sites (Fox, PBS, Sony, Sony BMG), with a clear message against censorship (and probably the neverending problem of copyright). Interesting the second attack to PBS made to show the poor skill of LuzSecs by Warv0x, one of their enemies. In the last part of June Videogame industry was the preferred target (also Epic suffered a breach) with different intentions: LulzSec attacked Nintendo and Bethesda (the second attack resulted in data breach for the victim), but offered to avenge Sega (the manufacturer of Dreamcast), after the disastrous breach.
Direct attacks to governments focused essentially on LOIC based DDoS, albeit some infamous breaches to related sites (as in case of Infoguard/FBI and NATO) lead to Data Breaches.
Last but not least, please notice the intense activity from LulzSec in their intense “50 days of living dangerously”, just before the sudden dissolution of the group happened on June, the 25th.
- What do RSA, Epsilon and Sony breaches have in common? (paulsparrows.wordpress.com)
- It was only a matter of time… (paulsparrows.wordpress.com)
- More Random Thoughts on the RSA Breach (paulsparrows.wordpress.com)
- 2011 CyberAttacks Timeline (paulsparrows.wordpress.com)
Update June 29: 2011 Cyber Attacks (and Cyber Costs) Timeline (Updated)
I found this interesting graph from an original Thomson Reuters post, showing the timeline of the major 2011 CyberAttacks.
The graph shows all the main Cyber Events of this tremendous 2011 up to June, the 16th. Actually to be perfect it should include also the infamous Epsilon Data Breach, happened on March, the 30th. Probably it had a major impact on the U.S. rather than in Europe, but it is clear that the aftermaths of this breach will last for years in terms of spear-phishing attacks tarteting the affected users.
Moreover, to be “ultra perfect”, it shpould also include the other attacks discovered against U.S. Defense Contractors (L-3 on April, the 6th, and Northrop Grumman on May, the 26th) should be considered as well.
Even if some attacks are missing, the graph is useful (and meaningful) to show the easiness with which our data are at risk.
Of course after June, the 16th, another cyber-attack leading to a breach was perpetrated against Sega (to be added to the list of Game Publisher), affecting 1.3 million users.
Following the Sega Breach, in these last two days, after the #Antisec Manifesto and the consequent teaming between LulzSec and Anonymous, several government sites have been hit by massive DDoS attacks, including SOCA in UK, some sites affiliated to PM Silvio Berlusconi in Italy, and some Government Sites in Brazil.