About these ads

Archive

Posts Tagged ‘June’

June 2014 Cyber Attacks Statistics

It’s time to aggregate the Cyber Attacks Timelines of June (Part I and Part II) into statistics.

So, as usual, let’s start with the Daily Trend of Attacks chart, which shows quite an irregular trend with a sharp peak on the 11th.

Daily Attack Trend June 2014

The Motivations Behind Attacks chart confirms once again Cyber Crime at number one with 65% of occurrences. Overall the values are almost specular to the previous month. Particularly meaningful is the 11% of operations motivated by Cyber Espionage.

Motivations June 2014

The Distribution Of Attack Techniques chart shows a 27.4% of unknown attacks, a result in line with the previous month when this value was 26%. The rise of DDoS is another interesting aspects (this technique is increasingly used to blackmail victims), as also the 9.7% of targeted attacks, a relatively high value for this class, and, again, in line with the previous month.

Techniques June 2014

Once again, Industry leads the Distribution of Targets Chart with 35.5%. Governmental targets rank at number two, close to 20%, well ahead of Organizations at number three with a modest 6.5%.

Targets June 2014

Drilling down the Distribution of targets belonging to industry, shows quite an heterogeneous landscape. Software industries lead the chart with 22.7%, followed by Restaurants (??) with 13.6% and Financial Services (9.1%). All the other categories are well behind with a “flat” 4.5% each.

Industry Drill Down Jun 2014

As usual, please bear in mind that the sample must be taken very carefully since it refers only to discovered attacks included in my timelines. The sample does not pretend to be exhaustive but only aims to provide an high level overview of the “cyber landscape”, or at least of the ones that gained space in the media (yes, using an abused expression this is just the tip of the Iceberg).

Additionally, if you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013 and now 2014 (regularly updated). You may also want to have a look at the Cyber Attack Statistics.

Of course follow @paulsparrows on Twitter for the latest updates, and feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

About these ads

1-15 June 2014 Cyber Attacks Timeline

It just looks like attackers are enjoying the beginning of the Summer, since the first half of June confirms the decreasing trends.

The controversial 2014 World Cup has revived the hacktivists, and in particular the Anonymous collective who kicked off the Operation OpWorldCup, targeting Brazilian Governmental institutions and Sponsors of the World Cup.

Looking at the Cyber Crime, the most remarkable event of the month is the extortion attempt against  Belgian and French customers of Domino’s Pizza (650,000 users affected). It is also worth to mention the wave of DDoS attacks against Feedly and Evernote, in the first case motivated by extortion, and also the compromising of a US Army database in South Korea.

Last but not least, chronicle report the details of two Cyber Espionage Operations: Operation Molerat, originating allegedly from Middle East, and yet another one from China, discovered by Crowdstrike and attributed to a group dubbed Putter Panda.

As usual, if you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012 and now 2013 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

1-15 June 2014 Cyber Attacks Timeline

Read more…

June 2013 Cyber Attacks Statistics

Here we are with the statistics for the cyber attacks included in the June 2013 timelines (part I and part II). A priori this month should have been characterized by huge operations (such as the infamous OpPetrol), instead, all in all, the cyber activity was quite moderated as shown by the Daily Trend of Attack chart, that shows a single remarkable peak around the 3rd of July (when several primary DNS providers were the victims of DDoS attacks).

Trend June 2013

The Motivations Behind Attacks chart shows an evident predominance of Cyber Crime (with 62% of the occurrences). Please keep in mind that the stats cannot take into considerations all the attacks made under the umbrella of the so-called OpPetrol, since many attacks were considered fake or even old dumps “recycled” for this occasion. Without these attacks, hacktivism ranks at number two, well below, with the 26% of occurrences. It is also interesting the growing weight of cyber-espionage, with an 8% substantially in line with the 9% of the previous month.

Motivations June 2013

The Distribution of Attack Techniques chart is substantially in line with the previous month: SQLi leads the chart with nearly one third of the known occurrences, while DDoS ranks at number three with nearly 15%. A factor particular interesting in this chart is the growing influence of targeted attacks (11.1%) at the third rank among the known attacks, and fourth rank in general since in many cases (18.5%) it was not possible to detect the attack technique used.

Distribution June 2013

The Distribution of Target chart confirms the industry sector on top of the unwelcome attentions of the cybercrooks, immediately followed by governmental targets and essentially in line with the previous month. The news sector ranks at number three, immediately before Internet Services (as a consequence of the uncommon number of attacks reported against DNS Providers).

Target

As usual, please bear in mind that the sample must be taken very carefully since it refers only to discovered attacks included in my timelines. The sample does not pretend to be exhaustive but only aims to provide an high level overview of the “cyber landscape”.

If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012 and now 2013 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

16-30 June 2013 Cyber Attacks Timeline

It’s time for the second part of the June 2013 Cyber Attacks Timeline (first part here).

The last two weeks of June have been characterized by an unusual cyber activity in the Korean Peninsula. In a dramatic escalation of events (coinciding with the 63rd anniversary of the start of the Korean War), both countries have attracted the unwelcome attentions of hacktivists and (alleged) state-sponsored groups, being targeted by a massive wave of Cyber attacks, with the South suffering the worst consequences (a huge amount of records subtracted by the attackers).

On the hacktivism front, the most remarkable events involved some actions in Brazil and Africa, and the trail of attacks in Turkey that even characterized the first half of the month. The chronicles of the month also report an unsuccessful operation: the results of the so-called OpPetrol have been negligible (most of all in comparison to the huge expectations) with few nuisance-level attacks.

On the cyber crime front, the most remarkable events involved the attacks against Blizzard, that forced the company to temporarily close mobile access to its auction service, a serious breach against a Samsung service in Kazakhstan, a targeted attack against the internal network of Opera Software (aimed to steal code signing certificates) and several attacks to some DNS registrars. In particular the most serious has been perpetrated against Network Solutions, affecting nearly 5000 domains, among which LinkedIn.

As usual, if you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012 and now 2013 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

16-31 June 2013 Cyber Atacks Timeline Read more…

1-15 June 2013 Cyber Attacks Timeline

Here it is the first part of the June 2013 Cyber Attacks timeline covering the first half of the month.

This period has been characterized by the protests in Turkey, that, easy predictable, have also influenced the cyber landscape. Many attacks (in several cases even with noticeable impact) have been carried on in name of OpTurkey.

Other noticeable facts include the attacks against the European Police College (14,000 records affected), the Bangladeshi Air Force recruitment website (110,000 credentials affected), and, most of all, against the Danish Police which affected the country’s driver’s license database, social security database, the shared IT system across the Schengen zone, and the e-mail accounts and passwords of 10,000 police officers and tax officials.

Last but not least, the first two weeks of June has brought us yet another high profile cyber-espionage operation, dubbed NetTraveler.

As usual, if you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012 and now 2013 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

1-15 June 2013 Cyber Atacks Timeline Read more…

Categories: Cyber Attacks Timeline, Security Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

June 2012 Cyber Attacks Statistics

July 13, 2012 1 comment

As usual I aggregated the data from the Cyber Attack Timelines of June to provide some aggregated statistics. Data must be taken very carefully since they do refers only to discovered attacks (the so-called tip of the iceberg), and hence do not pretend to be exhaustive but only aim to provide an high level overview of the “cyber landscape” of the month. Moreover, remember that the most dangerous threats are the invisible ones, how I can easily verify thanks to the advanced malware detection campaigns I am performing in these hard days.

Let us start with the Motivations Behind Attacks chart. Cybercrime is undoubtedly on the rise and has reached the unprecedented percentage of 72%. On the other hand Summer seems to be a period of vacation for hacktivists, whose influence on the landscape fell down to 18%. As usual Cyber Warfare and Cyber Espionage are well behind respectively to 6% and 4%. But of course, this is only the tip of the iceberg. On the other hand, I would not expect a complex cyber espionage action to be easily uncovered, or worst, advertised on social media as it happens for (too) many actions allegedly motivated by cyber crime or hacktivism.

Moving to Distribution of Targets, shows a preference of cybercrookers for  Industry targets (21%), immediately followed by Government targets (18%). Targets belonging to education sadly confirm their top position, and rank, even in June, at number three with the 8% of occurrences. Of course industry targets are hugely fragmented hence, if we consider each category singularly, it turns out that Governments are still the most vulnerable victims of cyber attacks.

Last but not least, the next chart: Distribution Of Attacks Techniques. Apparently is getting harder and harder to recognize the attack techniques leveraged to execute the reported cyber attacks. Anyway, in those cases where it has been possible to do it, SQL Injection steadily keeps on being the King of Hill. The smaller occurrence of DDoS attacks reflects the minor influence of hacktivism during this month, with account hijacking confirming to be one of the most dangerous vectors. When looking at defacements, consider that typically I do not take them into consideration in my timelines (they are really too many) unless they are executed against very remarkable targets, hence consider that 3% belonging to what I defined high profile defacements.

If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 (regularly updated), and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

June 2012 Cyber Attacks Timeline (Part II)

July 5, 2012 1 comment

Part I (1-15 June) at this link

From an information security perspective, the second half of June has been characterized by the hacking collective UGNAZI (and its members) and also by an individual hacker: .c0mrade AKA @OfficialComrade.

Both entities have left behind them a long trail of Cyber Attacks against different targets (in several cases the real extent of the attack is uncertain) and with different techniques, although it is likely that the UGNAZI collective will be forced to change the plans after the arrest of the group’s leader, JoshTheGod, nearly at the end of the month (27thof June), effectively they have considerably reduced the rate of their cyber attacks in the second part of the analyzed period.

On the other hand, hospitals, banks, several major airlines are only few examples of the preys fallen under the attacks carried on by .c0mrade. Plese notce that from  Cyber Crime perspective,  is also interesting to notice the High Roller Operation, a giant fraud against the banking industry, unmasked by McAfee.

Needless to say, the Cyber War front is always hot, most of all in Middle East, were several DDoS attacks targeted some Israeli institutions and, most of all, an alleged unspecified massive Cyber Attack targeted tje Islamic Republic of Iran.

The hacktitic landscape is completely different: maybe hacktivists have chosen to go on vacation since June 2012 has apparently shown a decreasing trend, in sharp contrast with an year ago, when the information security community lived one of its most troubled periods.

If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 (regularly updated), and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timeline.

Read more…

Categories: Cyber Attacks Timeline, Security Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
Follow

Get every new post delivered to your Inbox.

Join 3,091 other followers