Archive
1-15 March 2013 Cyber Attacks Timeline
Other troubles for system administrators: March is confirming the 2013 dangerous trend with several high profile breaches against industrial, financial and governmental targets.
The first two weeks of March have begun with the breach to Evernote, and continued with (among the others) the third phase of the infamous Operation Ababil, targeting U.S. Banks and an alleged Chinese attack against the Reserve Bank of Australia.
Additional noticeable events include a wave of DDoS attacks against several Czech Republic’s targets (belonging to media, news and financial sector), a breach suffered by the NIST Vulnerability Database (unfortunately not an isolated example of the attacks against US governmental targets happened in these two weeks) and also the leak of 20,000 records from an Avast! German distributor.
Last but not least, the examined period has also confirmed the role of Twitter as the new mean to make resounding attacks against single individuals or organizations. Qatar Foundation, Saudi Aramco, and France 24 are only several of the organizations fallen victims of accounts hijacking.
Of course, these are only the main events, feel free to scroll down the list to analyze in detail what happened in these two weeks.
If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012 and now 2013 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.
Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).
Once again, a special thanks to Kim Guldberg AKA @bufferzone for continuously advising me about significant cyber events through the Submit Form! Much Appreciated!
June 2012 Cyber Attacks Statistics
As usual I aggregated the data from the Cyber Attack Timelines of June to provide some aggregated statistics. Data must be taken very carefully since they do refers only to discovered attacks (the so-called tip of the iceberg), and hence do not pretend to be exhaustive but only aim to provide an high level overview of the “cyber landscape” of the month. Moreover, remember that the most dangerous threats are the invisible ones, how I can easily verify thanks to the advanced malware detection campaigns I am performing in these hard days.
Let us start with the Motivations Behind Attacks chart. Cybercrime is undoubtedly on the rise and has reached the unprecedented percentage of 72%. On the other hand Summer seems to be a period of vacation for hacktivists, whose influence on the landscape fell down to 18%. As usual Cyber Warfare and Cyber Espionage are well behind respectively to 6% and 4%. But of course, this is only the tip of the iceberg. On the other hand, I would not expect a complex cyber espionage action to be easily uncovered, or worst, advertised on social media as it happens for (too) many actions allegedly motivated by cyber crime or hacktivism.
Moving to Distribution of Targets, shows a preference of cybercrookers for Industry targets (21%), immediately followed by Government targets (18%). Targets belonging to education sadly confirm their top position, and rank, even in June, at number three with the 8% of occurrences. Of course industry targets are hugely fragmented hence, if we consider each category singularly, it turns out that Governments are still the most vulnerable victims of cyber attacks.
Last but not least, the next chart: Distribution Of Attacks Techniques. Apparently is getting harder and harder to recognize the attack techniques leveraged to execute the reported cyber attacks. Anyway, in those cases where it has been possible to do it, SQL Injection steadily keeps on being the King of Hill. The smaller occurrence of DDoS attacks reflects the minor influence of hacktivism during this month, with account hijacking confirming to be one of the most dangerous vectors. When looking at defacements, consider that typically I do not take them into consideration in my timelines (they are really too many) unless they are executed against very remarkable targets, hence consider that 3% belonging to what I defined high profile defacements.
If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 (regularly updated), and follow @paulsparrows on Twitter for the latest updates.
Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).
June 2012 Cyber Attacks Statistics (Part I)
As usual, here we are with some fresh charts obtained from the first part of the June 2012 Cyber Attacks Timeline.
Let us start with the Motivations Behind Attacks chart. Once again Cyber Crime Ranks at number 1, showing a growing trend respect May, from the 61% to 82% (at least in this first half). On the other hand, hacktivism-led cyber events have dropped from 30% to 14%. Apparently no explicit Cyber Warfare event has been detected, at least according to the data I collected.
Starting, from this month, to make the Distribution Of Targets chart less fragmented and more readable, I decided to aggregate all the attacks against Industries (and Organizations). W
ith this new classification, Government targets go down at rank number 2 with the 15% of occurrences (against the 22% of the previous month), followed by targets belonging to education with the 10% (the same value collected on May). Interesting to notice is the apparent lack of attention by cybercrookers against Law Enforcement targets. In any case, if we consider the fact that Industry data have been aggregated, the chart is not so much different from the one of May: Governements keep on showing a worrying lack of Security.
Last but not least, during the first half of June, it has apparently been difficult to identify the 40% of the attack techniques, although, SQLi (and more in general DB vulnerabilities) keeps on to hold the crown among the identified events. Interesting to notice the drop of DDoS attacks (from 20% of the sample to 10%). Probably it is not a coincidence that it has followed the same trend than the hacktivism-driven Cyber Attacks, having halved its rate with respect to the previous month.
Again, no need to repeat that data must be taken very carefully since they do refers only to discovered attacks (the so-called tip of the iceberg), and hence do not pretend to be exhaustive but only aim to provide an high level overview of the “cyber landscape” of the month.
Furthermore, if you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 (regularly updated), and follow @paulsparrows on Twitter for the latest updates.
Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).
Related articles
- May 2012 Cyber Attacks Statistics (hackmageddon.com)
- April 2012 Cyber Attacks Statistics (hackmageddon.com)
- June 2012 Cyber Attacks Timeline (Part I) (hackmageddon.com)
April 2012 Cyber Attacks Timeline (Part II)
Here the first part covering the cyber attacks from 1 to 15 April.
April is over and here it is the second half of the Cyber Attacks Timeline covering the time period spanning from 16 to 30 april 2012.
The last two weeks of this month have been characterized by several remarkable events (at least for the newspapers), such as the #OpBahrain which unleashed a trail of attacks from the Anonymous against websites related to the Formula 1 GP in Bahrain. Other noticeable events triggered by hacktivism include several DDoS attacks against CIA, MI6, Department of Justice, and a couple of Law Enforcement Agencies which continue to be a preferred target for hackers.
On the Cyber Crime front (still the major apparent motivation for the attacks) this month reports, among the events, a breach to Nissan and other DDoS attacks against the District of Columbia, the State of Washington and Nasdaq (I would not define them just motivated by hacktivism). Other events include a couple of 0-day vulnerabilities targeting popular e-mail services and affecting potentially million of users.
Last but not least, April has brought a new cyber attack to Iran crude oil industry, despite, so far, there are no clear evidences of a new Stuxnet-like Cyber Attack. This is not the only episode targeting Iran which also suffered 3 million of banks accounts compromised.
For the chronicle I decided to insert in the timeline also the breach to the game publisher Cryptic Studios. Although it happened in 2010 (sic) it was discovered only few days ago…
If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 (regularly updated), and follow @paulsparrows on Twitter for the latest updates.
April 2012 Cyber Attacks Timeline (Part I)
As usual, here is the list of the main cyber attacks for April 2012. A first half of the month which has been characterized by hacktivism, although the time of the resounding attacks seems so far away. Also because, after the arrest of Sabu, the law enforcement agencies (which also were targeted during this month, most of all in UK), made two further arrests of alleged hackers affiliated to the Anonymous Collective: W0rmer, member of CabinCr3w, and two possible members of the infamous collective @TeaMp0isoN.
In any case, the most important breach of the first half of the month has nothing to deal with hacktivism, targeted the health sector and occurred to Utah Department of Health with potentially 750,000 users affected. According to the Last Ponemon Study related to the cost of a breach ($194 per record) applied to the minimum number of users affected (250,000), the monetary impact could be at least $ 55 million.
Another interesting event to mention in the observed period is also the alleged attack against a Chinese Military Contractor, and the takedown of the five most important al-Qaeda forums. On the hacktivist front, it worths to mention a new hijacked call from MI6 to FBI, but also the alleged phone bombing to the same Law Enforcement Agency. Both events were performed by TeamPoison, whose two alleged members were arrested the day after.
For the sample of attacks I tried to identify: the category of the targets, the category of the attacks, and the motivations behind them. Of course this attempt must be taken with caution since in many cases the attacks did not target a single objective. Taking into account the single objectives would have been nearly impossible and prone to errors (I am doing the timeline in my free time!), so the data reported on the charts refer to the single event (and not to all the target affected in the single event).
As usual the references are placed after the jump.
By the way, SQL Injection continues to rule (the question mark indicates attacks possibly performed by SQL Injection, where the term “possibly” indicates the lack of direct evidences…).
If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 (regularly updated), and follow @pausparrows on Twitter for the latest updates.
About The Author
Support My Work!
Share:
News
08/13/2011 - My Post on Android Malware Mentioned on Engadget.
04/14/2011 - The Article Smart Grid: L'ultima Frontiera del Cybercrime published on ICT Security Magazine May 2011.
03/14/2011 - Security Summit 2011: Paolo Passeri guest at Round Table "Mobile Security: Rischi, Tecnologie, Mercato"
02/14/2011 - The Article Gears of Cyberwar published on ICT Security Magazine January 2011.
Visitors from…
