Archive

Posts Tagged ‘ISIS’

16-31 December Cyber Attacks Timeline

January 5, 2015 Leave a comment

Despite still related to December 2014, here is the first timeline for 2015 covering the main events occurred between the 16th and 31st December 2014 (first part here).

No doubt, this Christmas will be remembered for the unwelcome surprise of the DDoS attack performed by the infamous Lizard Squad against the online services of Sony and Microsoft. An attack that has shattered the dreams of many players, just few minutes after unwrapping their brand new consoles under the Christmas Tree. However, the light that burns twice as bright burns half as long, and inevitably two members of the collective have allegedly been arrested (not before having attempted a Sybil Attack against Tor).

But the latter was not the only attack targeting the Tor anonymity service in this period, which also suffered an unexplained outage affecting a cluster of Tor Directory Authority Servers in a Rotterdam data center.

Other noticeable events concern the outage of the Internet connection in North Korea (despite it is not completely clear if caused by a cyber attack or a fault), a malware detected in a South Korea power plant, the attacks targeting the ICANN and the ISC Consortium, two among the most important organizations for the Internet, and (yet another) breach targeting NVIDIA.

Moving to a different topic, all in all the hacktivists decided to enjoy the Christmas vacations with the exception of the Syrian Electronic Army who were back, and defaced an online magazine, the International Business Time, for an article against the Syrian regime.

Last but not least, with regard to  Cyber Espionage, there have been two operations discovered in this period: an alleged attack perpetrated by Chinese hackers against an Afghan CDN targeting directly many local governmental sites, and indirectly many foreign institutions, and also the discovery of the Anunak group, a well-organized crew able to steal USD $25 Million with a long lasting cyber espionage operation against targets in Europe and the US.

If you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013 and now 2014 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

16-31 December 2014 Cyber Attacks Timeline Read more…

1-15 December 2014 Cyber Attacks Timeline

December 22, 2014 Leave a comment

It’s time for the first Cyber Attacks Timeline of December (and the last for 2014).

Of course the attention of the infosec professionals is still concentrated on the devastating cyber attack against Sony happened in November (and the world as we know it, won’t be the same again), nonetheless this first 15 days have shown some remarkable events, not least the news of a breach happened earlier this year to Sony (once again), which went unreported.

At least for once, let us start from hacktivism. The hacktivists seem to be back in action: the Anonymous have taken part, directly or indirectly to several operations motivated by the racial tensions in the US (DDoS attacks against Oakland and Ontario), the raids against the Pirate Bay (leaks of Governmental emails), and the protests against the new High Speed Train line connecting Turin and Lyon (the defacement of  Official website of the Rhône-Alpes region).

A different form of hacktivism (but the border with Cyber Warfare in this case is really blurred) hit Sands Casinos earlier this year. Bloomberg has revealed that an apparent innocuous defacement happened in February was actually the mark of a more devastating attack perpetrated by Iranian hackers, who were able to wipe out all the internal clients and servers.

The Cyber Crime landscape (again maybe it should be more correct to call it Cyber Warfare) is still dominated by the outcome of the Infamous attack to Sony. Other interesting events concern the attack to an unnamed steel industry in Germany, causing physical damages, yet another wave of DDoS attacks against Sony (again!) and XboX Live, and the alleged compromise of Ars Technica requiring the registered users to change their passwords.

Last but not least, the level of state-sponsored operations is always high: at least three of them deserve to be mentioned: Operation Cleaver (allegedly backed by Iran), the resurrection of the Red October Group (Cloud Atlas or Inception) and also the discovery that the ISIS is active also in the Cyber Space, targeting a group of Syrian activists.

If you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013 and now 2014 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

1-15 December 2014 Cyber Attacks Timeline Read more…

Fortune 500 Cyber Attacks Timeline

November 25, 2014 3 comments

For the Infosec professionals, this troubled 2014 will be remembered for the trail of gigantic breaches unleashed nearly exactly one year ago, when the real outcome of the infamous Target breach became to emerge. The real extent of the breach was yet to be known, like also the fact that it would not have been an isolated case, but just the beginning of a nightmare.

However this is not the only example of a Fortune 500 company deeply hit, and thanks to a very smart hint by @bufferzone, I took the opportunity to collect in this timeline all the main cyber incidents involving Fortune 500 and Fortune 500 Global companies since 2011 to nowadays.

The adopted selection criteria take into considerations only incidents involving a direct impact on end users, so defacements have not been taken into consideration.

Fortune 500 Global companies are characterized by a blank value in the Rank column, whereas Fortune 500 companies are characterized by a red value. Also, when possible I inserted both values if the targeted company belongs to both charts and, in those cases in which a subsidiary company has been targeted, I have obviously inserted the rank of the parent company.

Fortune 500 Cyber Attacks TImeline Read more…

1-15 November 2014 Cyber Attacks Timeline

November 17, 2014 Leave a comment

The first half of November is gone, so it’s time for the list of the main cyber attacks occurred during these fifteen days.

Confirming the trend of the last months, the activity has been quite sustained. For sure, the most remarkable attack has targeted the Turkish branch of HSBC, and has affected 2.7 million customers, whose credit cards have been compromised (and apparently the bank has decided not to issue new cards for the impacted users).

Again the operations related to cyber espionage have played an important role: some new campaigns have come to light (for instance Darkhotel), and also several noticeable attacks have been discovered, like the one against the United States Postal Service (600,000 users affected) or the one against the National Oceanographic and Atmospheric Administration.

Even hacktivists have been quite active: the RedHack collective has reemerged from several months in stealth mode (they claim to have deleted 650,000 USD worth 0f electricity power debt), and some hackers claiming to be affiliated to the Anonymous collective have performed similar operations in Italy (in parallel with the delicate social and economical period) and the Philippines.

If you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013 and now 2014 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

1-15 November 2014 Cyber Attacks Timeline Read more…

Categories: Cyber Attacks Timeline, Security Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

16-31 October 2014 Cyber Attacks Timeline

November 3, 2014 4 comments

It’s time for the second timeline of October (Part I here) covering the main cyber attacks between the 16th and 31st: yet another consistent list confirming the growing trend of the last period.

In particular, in these two weeks the most important events have been spotted inside Cyber Espionage, whose chronicles report, among other, a state-sponsored attack to an unclassified network of the White House, a relevant number of operations (APT 28, Operation Pawn Storm, Operation SMN, Operation DeathClick, a tail of the infamous Sandworm), and even a man-in-the-middle attack against Chinese iCloud users.

Cybercrime is also on a roll: the trail of attacks against retailers seems unstoppable (Staples is the latest victim), but chronicles also report a massive breach in South Korea, involving Pandora TV and a gigantic SQL Injection attack, driven by CVE-2014-3704, against every unpatched website running Drupal, existing on this desperate planet. There is also space for a little bit of irony, as in case of Sourcebooks, the publisher hacked few days before releasing the latest book of Brian Krebs.

Israel and Ukraine keep on being two hot fronts for Hacktivism, whereas India is again the cradle of  cyberwar, many events event in this months (despite limited to skirmishes involving defacements of governmental and military websites).

If you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013 and now 2014 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

16-31 October 2014 Cyber Attacks Timeline Read more…

Stuxnet, Bufale E Dragoni: Il giorno dopo le rivelazioni del NYT

January 20, 2011 1 comment

L’ondata del giorno dopo sembra stia un po’ mitigando il fuoco mediatico appiccato dal New York Times, dopo la pubblicazione dell’articolo in cui si sosteneva un complotto USA Israeliano, alla base del virus Stuxnet.

I delatori sostengono che il NYT sia spinto un po’ troppo oltre nelle sue speculazioni e che la tesi del patto tra Washington e Tel Aviv non regga per almeno 4 motivi:

  • In primo luogo la ricostruzione del NYT non riporta alcuna prova del fatto che il malware sia stato realizzato nel complesso di Dimona, né appare plausibile che qualche gola profonda sia lasciata sfuggire il segreto verso un giornalista occidentale, vista la particolare attenzione del Mossad nei confronti di chi ha la cattiva abitudine di rivelare segreti militari ai giornalisti stranieri;
  • La dichiarazione del direttore del Mossad Meir Dagan, il giorno prima del suo pensionamento, in cui ha annunciato al Knesset che l’Iran non sarebbe stato capace, al contrario delle previsioni, di sviluppare un’arma nucleare sino al 2015, è stata presa dal quotidiano d’Oltreoceano come ulteriore prova del coinvolgimento israeliano. Il NYT tuttavia non riporta il disaccordo relativo alla dichiarazione, da parte del Primo Ministro Israeliano;
  • Ancora prima della pubblicazione del report dell’Agenzia Internazionale per l’Energia Atomica (IAEA) del 23 novembre era noto che l’Iran stesse incontrando problemi per la produzione dell’Uranio arricchito, ma mentre alcuni fanno risalire la causa dei problemi di produzione al virus Stuxnet, altri li riconducono all’utilizzo di macchine obsolete della famiglia P-1. Nello stesso giorno è stato pubblicato un documento di analisi del report da parte dell’Institute for Science and Security (ISIS), dove si indicava che nello stesso periodo l’Iran aveva incrementato la propria efficienza di operazione in quasi tutti i parametri.
  • Diversi esperti di sicurezza israeliani sostengono che la concezione del virus è troppo semplice per essere stata sviluppata da Israele per scopi militari;
  • Qualcuno ha anche riscontrato una inesattezza cronologica negli articoli del NYT (ma questo forse è un peccato veniale), facendo risalire l’inizio dell’infezione informatica a luglio 2009, ovvero un anno prima della scala cronologica del virus contenuta nel Report Symantec.
  • Un ulteriore documento ISIS “Did Stuxnet Take Out 1,000 Centrifuges at the Natanz Enrichment Plant?” sostiene che l’impatto di Stuxnet è stato, tutto sommato, limitato, ed ha interessato un numero limitato di centrifughe (modello IR-1 che tra il 2008 e il 2009 hanno sostituito le obsolete P-1), riuscendo in definitiva, solo parzialmente al suo scopo ed in maniera limitata nel tempo. Strategia diversa da quella sostenuta dal Primo Ministro Israeliano che ritiene le sanzioni come mezzo principale per contrastare la strategia nucleare dell’Iran, e l’opzione militare come seconda scelta.

Aspetto interessante, che ancora mancava all’appello, è costituito dalla presunta, immancabile, pista cinese per il malware, la quale, suffragata da alcune ipotesi, sta cominciando ad acquisire una certa (in)credibilità:

  • I miscelatori attaccati da Stuxnet sono prodotti in Cina da un’azienda finlandese (Vacon);
  • Il primo certificato digitale falsificato (e rubato) da Stuxnet appartiene a RealTek che ha una sede in Cina, nella stessa città (Suzhou) dove vengono prodotti i miscelatori Vacon;
  • La Cina ha accesso diretto al codice sorgente di Stuxnet, che avrebbe consentito di sviluppare così velocemente 4 nuove vulnerabilità 0-day;
  • L’infezione di Stuxnet è arrivata in Cina con 3 mesi di ritardo rispetto al resto del mondo, nonostante la massiccia diffusione di tecnologia Siemens nel paese dei Mandarini. Ironia della sorte, la notizia dell’infezione di milioni di PC appartenenti a 1000 impianti (infezione di cui sono stati accusati gli americani) è stata rilasciata da un produttore locale, Rising International, accusato di aver corrotto un funzionario, condannato a morte, per aver sparso terrorismo psicologico, intimando agli utenti di scaricare un antivirus della stessa azienda per proteggersi da un nuovo tipo di infezione (sembrerebbe che la pratica di sviluppare i virus sia molto diffusa tra i produttori cinesi che poi rivendono ai poveri consumatori gli antidoti informatici).

Perchè Stuxnet avrebbe gli occhi a mandorla? La risposta è (quasi) semplice: Pechino vorrebbe fermare la proliferazione nucleare dell’Iran, mostrando comunque un atteggiamento riverente nei confronti del suo terzo maggior fornitore di petrolio: e allora quale miglior modo del buon vecchio metodo: “un colpo al cerchio e uno alla botte”? Che significa criticare da un lato le sanzioni internazionali e sabotare dall’altro le centrali nucleari con un virus informatico?

Tesi realistica o Fantapolitica? (o meglio fantascientifica?), o più semplicemente controinormazione da pare di chi vuole nascondere la vera origine del virus? (Di nuovo) ai posteri l’ardua sentenza. Io intanto aspetto che venga scoperta qualche attinenza con la storia cinese relativamente a date e simboli contenuti all’interno del codice di Stuxnet, che magari non avrà raggiunto l’obiettivo di sabotare tutte le centrali nucleari iraniane, ma  è comunque riuscito nel ben più difficile intento di attirare su di sè l’attenzione di ricercatori e giornalisti di tuto il globo (sollevando severi interrogativi sul fatto che le le infrastrutture critiche siano effettivamente pronte ad affrontare minacce di siffatta portata).

Follow

Get every new post delivered to your Inbox.

Join 3,316 other followers