Here is the summary of the Cyber Attacks Timeline for February. A month that will probably be remembered for the “sophisticated” cyber attacks to the two main social networks: Facebook and Twitter.
But the attacks against the two major social networks were not the only remarkable events of this period. Other governmental and industrial high-profile targets have fallen under the blows of (state-sponsored) cyber criminals: the list of the governmental targets is led by the U.S. Department of Energy and the Japan Ministry of Foreign Affairs, while Bit9, a primary security firm, was also targeted, leading the chart of Industrial targets.
Hacktivists have raised the bar and breached the Federal Reserve, leaking the details of 4,000 U.S. Banks executives. Similarly, the Bush family was also targeted, suffering the leak of private emails.
Even if the list is not as long as the one of January, it includes other important targets, so, scroll it down to have an idea of how fragile our data are inside the cyberspace. Also have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, and the related statistics (regularly updated), and follow @paulsparrows on Twitter for the latest updates.
Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts). To do so, you can use this form.
November has gone and it’s time to review this month’s cyber landscape.
From a Cyber Crime perspective, November 2012 will be probably remembered for the breach to Nationwide, one of the largest insurance and financial services providers in the US, a breach that has potentially left up to 1 million users exposed. Unfortunately, in terms of massive breaches, this is not the only remarkable event of the month, just at the end Acer India has suffered a massive cyber attack culminated in the leak of nearly 15,000 records. Not comparable with the breach that affected Nationwide, but for sure of big impact.
Also on the cyber-espionage front this month has been interesting: JAXA, the Japan Space agency has been targeted by yet another targeted attack (after January 2012) and Symantec has discovered W32.Narilam, a new destructive malware targeting several nations in Middle East.
The hacktivist front has been characterized by the dramatic events in Gaza, the attacks have reached a peak around the first half of the month (as in the first part, I did not take into consideration the attacks carried on in name of OpIsrael for which I wrote a dedicated timeline), in any case the Anonymous have found another way to mark this month, leaking 1 Gb of documents from the Syrian Ministry of Foreign Affairs.
Last but not least, this month has seen three large-scale DNS Poisoning attacks (against the Pakistani Registrar PKNIC, Inc., GoDaddy, and the Romanian Registrar). A very rare occurrence!
If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 and the related statistics (regularly updated), and follow @paulsparrows on Twitter for the latest updates.
Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).
- 1-15 November 2012 Cyber Attacks Statistics (hackmageddon.com)
- Timeline of Opisrael (hackmageddon.com)
Last week, for the second time since June, Google warned his Gmail users of possible state-sponsored attacks. According to Mike Wiacek, a manager on Google’s information security team, Google started to alert users to state-sponsored attacks three months ago. Meanwhile the security team has gathered new intelligence about attack methods and the groups deploying them, and that information was used to warn “tens of thousands of new users”, possible targets of the attack.
Apparently this increase in state-sponsored activity comes from the Middle East, although no particular countries have been explicitly quoted.
This is not the first time that Gmail is the target of alleged state-sponsored attacks, unfortunately the secrets hidden inside the mailboxes have proven to be a too tempting target for states without scruples.
June 5, 2012: Eric Grosse, Google VP Security Engineering issues a Security warnings for suspected state-sponsored attacks.The warning seems more a preventive measure than the result of a true campaign.
September 8, 2011: As consequence of the infamous Diginotar Breach by the so-called Comodo Hacker, Google advises its users in Iran to change their Gmail passwords, and check that their Google accounts have not been compromised. Several Iranian users who may have been hit by a man-in-the-middle attack are contacted directly.
June 1, 2011: In an unusual blog post, Google declares to have discovered and alerted hundreds of people victims of a targeted “phishing” scam originating from Jinan, the capital of Shandong province. Hackers aimed to get complete control of the personal Gmail accounts of hundreds of users including, among others, senior U.S. government officials, Chinese political activists, officials in several Asian countries (predominantly South Korea), military personnel and journalists. Google does not rule out the possibility of the attack being state-sponsored, although China firmly denies Gmail hacking accusations.
January 13, 2010: In a blog post, Google discloses the details of the infamous Operation Aurora. A highly sophisticated and targeted attack on its corporate infrastructure originating from China that resulted in the theft of intellectual property from Google. At least twenty other large companies from a wide range of businesses have been targeted, but the primary goal of the attackers was accessing the Gmail accounts of Chinese human rights activists (only two Gmail accounts appear to have been accessed with limited damage). As part of the investigation (but independent of the attack on Google), it turns out that the accounts of dozens of U.S.-, China- and Europe-based Gmail users, advocates of human rights in China, appear to have been routinely accessed via phishing scams or malware placed on the users’ computers.
State-Sponsored attacks or not, setting a complex password and enabling 2-step verification are two effective countermeasures to mitigate the risk.
An Advanced Anti-Malware solution can be really effecive as well, such as Lastline. It is not a coincidence that Wepawet, based on our technology, was the first to detect the Internet Explorer “Aurora” Memory Corruption exploit behind the state-sponsored Operation Aurora.
So Google has acquired Virus Total, the Spanish company which provides the well-known cloud-based free service that analyzes suspicious files and URLs to detect malware, by comparing the results of 42 different antivirus engines and 30 URL scanning services. The news has been given today with a blog post.
Google’s move does not come so unexpected if you consider that Anti-Malware services are moving towards the cloud which is the only way to provide the resources and the holistic perspective needed to analyze the growing number of malware samples (and variants), a task which requires a huge amount of computational resources and a real-time intelligence. To have an idea of the resources needed, try to have a look at the Virus Total Statistics.
On the other hand, the Spanish company has admitted in the blog post that the Virus Total service will undoubtedly benefit from Google’s horsepowers:
- The quality and power of our malware research tools will keep improving, most likely faster; and
- Google’s infrastructure will ensure that our tools are always ready, right when you need them.
Continuing to operate independently, and to maintain the existing partnerships with other antivirus companies and security experts.
And Google? Even if detractors claim that the company will exert a strict control on malware data, the target of the acquisition is a quantum leap in web security, with the possibility to include Virus Total Security Services and Technologies inside the rich service portfolio of Mountain View. Think for instance to real time scanning (with 30 engines) of the URLs in search engine results.
Time will tell who is right, in the meantime keep on submitting malware samples!