About these ads

Archive

Posts Tagged ‘Kaspersky’

1-15 January 2013 Cyber Attacks Timeline

January 17, 2013 4 comments

So here we are with the first Cyber Attacks Timeline for 2013 covering the first half of January.

Apparently the new year has begun with an intense activity by Cyber Crooks. Hacktivists and Cyber Criminals had many time to spend in front of their keyboards during the holiday break, and as a consequence the number of breaches with more than 10.000 accounts compromised is incredibly high. WWF China, the City of Steubenville, Ohio and The German Chamber of Commerce are only three examples of institutions that suffered massive breaches during the beginning of this year.

But the massive breaches are not the only remarkable events of this period: the waves of DDoS Attacks against US banks continued (and promise to extend also in the next weeks), Kaspersky Lab discovered a new massive Cyber Espionage Campaign dubbed “Red October”, and also the Japan Farm Ministry was hit by yet another Cyber Attack, allegedly originating from China…

If this is only the beginning… 2013 promises to be pretty much troubled for system administrators…

If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 and the related statistics (regularly updated), and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts). To do so, you can use this form.

1-15 January 2013 Cyber Attacks Timeline Read more…

About these ads
Categories: Cyber Attacks Timeline, Security Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Browsing Security Predictions for 2013

December 26, 2012 5 comments

The period between November and December is particularly interesting for the Infosec community, since nearly all the main security vendors use to unveil their predictions for the next year, trying to anticipate the trends and the issues that will trouble the system administrators’ sleeps.

Exactly as I did last year, I analyzed the predictions of 7 vendors, choosing the ones that I consider particularly meaningful for the presence of the vendor in the market and for the coverage of their respective solution portfolio. In comparison with the last year, I was not able to find any prediction from Cisco (at least so far). However I was able to include the ones issued by Symantec, that were missing from my initial version. Hence the list of the vendors taken into consideration is the following:

Nearly all the analyzed vendors went through deep transformations during the past year, reflecting the changing trends in the market. Fortinet is considered a vendor focused on UTM Technologies, although it offers a wide portfolio of solutions ranging from endpoint to WAFs. After the acquisition of Astaro, Sophos is expanding its offering from the endpoints to the UTM segment. McAfee covers a wide area: historically focused on the endpoints, the long trail of acquisitions allows the company to be present in all the segments of the security market. Websense went through its historical flagship, the URL filtering, moving its security model to the endpoint. Symantec and Trend Micro have their foundation on the endpoints, but are more and more concentrated on securing the cloud. Kaspersky is still concentrated on the endpoints, although the company has been very active in the last year in the analysis of the cyberwar events, most of all in Middle East.Security Predictions 2013

Yes, the rise of the malware on mobile platforms seems unstoppable, not only it reached unprecedented levels in 2012, but apparently it will be the protagonist even for 2013, at least for 5 vendors on 7. Indeed the vendors are 6 if one considers also the cross-platform malware which is equally a threat for mobile platforms. Furthermore one vendor (Fortinet), considers the role of mobile threats also as a threat vector for APTs in 2013.

Politically motivated attacks rank at number 2, even if with different connotations: Kaspersky and Websense mention explicitly state-sponsored attacks, while Symantec and Trend Micro include also attacks motivated by hacktivism in this category. It is not a coincidence that Kaspersky and Websense include Hacktivism into an explicit prediction.

It is also interesting to notice the ransomware at number 3 with just 3 preferences. Particularly interesting the indication of Sophos that speaks of “Irreversible” malware, since this class of threats is increasingly using encryption to make the compromised content unrecoverable.

The trend is even more visible from the distribution chart, that also emphasizes the role of the cloud, in the double shape of source and target of the cyber attacks.

Security Predictions Distributions 2013

Two vendors (McAfee and Trend Micro) include the proliferation of embedded systems (for instance Smart TV equipped with Android) as one of the main security issues for 2013. Honestly speaking I would have expected a major impact for this threat.

Last but not least, two vendors (Kaspersky and McAfee) believe that Targeted Attacks and Signed Malware will experience a major rise in 2013.

Looking Back…

January 13, 2012 Leave a comment

Actually this post is nearly a couple of weeks in delay (last week I was skiing in at the Italian Dolomites!!). (Un)fortunately now that I am back to home (and to work), I have choosen this Friday The 13th, while preparing my traditional Cyber Attacks Master Index for the first half of January 2012, to give a quick look to the past year in terms of my blogging activity in order to discover which where the posts which collected most views (more than 60,000 in total), of course excluding the home page.

As you will easily notice the articles related to cyber attack statistics dominate the Top 10. For sure it is not a coincidence that some of the included articles were also quoted by leading security firms such as Kaspersky and IBM). Of course, for a correct interpretation of the chart you should also consider the period of the year in which each article was written (before the article is written, greater is the number of potential readers) and also the fact that the master index is continuously updated.

Date

Title

Views

Aug 11, 2011

One Year Of Android Malware (Full List)

16,737

Dec 31, 2011

2011 Cyber Attacks Timeline Master Index

3,668

Aug 16, 2011

Antisec hacks another Defense Contractor

2,406

Apr 17,2011

TCP Split Handshake Attack Explained

2,110

Jun 22, 2011

2011 CyberAttacks Timeline

1,535

Jun 28, 2011

2011 Cyber Attacks (and Cyber Costs) Timeline (Updated)

1,195

Dec 15, 2011

One Year Of Lulz (Part I)

1,090

Sep 15, 2011

Anatomy Of A Twitter Scam

938

May 1, 2011

Social Espionage

696

Sep 2, 2011

August 2011 Cyber Attacks Timeline

590

Yes, the post dedicated to Android Malware ranked undoubtely at number 1 (it even deserved a mention on Engadget) but also the Cyber Attacks Master index “performed well” even if at a great distance (but it was destined for a more professional audience) being quoted in many information security forums.

At rank number 3 there is a summer post dedicated to cyber attacks targeting contractors (clearly it is updated to August and could not include STRATFOR), which, actually a surprise for me, gained an unexpected attention under the Dog Days (a prolific period for blogging).

Clearly my readers have shown a great interest for security statistics, since in order to find a more technical article we have to browse the chart until number 4 with my post dedicated to TCP Split Handshake. In that circumstance I forced myself to investigate the question since when I first stumbled upon it after the NSS report (and the consequent turmoil) I must confess I had never heard about it.

Again statistics at ranks number 5, 6, and 7, until number 8 which is hold by a post dedicated to a scam targeting Twitter and mobile users. At that time the scam lured so many victims, who consequently “googled” the phrase “This made me laugh so hard when i saw this about you lol” (the symptom of the scam) and were hence redirected to that article.

A particular mention is also deserved by the Social Espionage at number 9, dealing with the threats hidden behind social networks: the Social Network Poisoning seen from the perspective of several resounding examples such as Primoris Era and Robin Sage.

In any case, forgive me if I could not do it before, I really would like to say thank you to all the Information Security Professionals who inspired my work (which I decided to quote in a very special manner)…

But most of all I want to say thank you to all the readers who stumbled upon my blog and decided to keep on reading (and retweeting) the articles regularly. Hope they will find in 2012 the same level of interest shown in the past year. Since it is not so easy to conciliate my professional and personal life with my blogging activity (thanks to my wife Romina for her patience), their appreciation is the scope of my work and a crucial driver to improve the level of quality…

December 2011 Cyber Attacks Timeline (Part I)

December 21, 2011 Leave a comment

As usual, here it is my compilation of December Cyber Attacks.

It looks like that Christmas approaching is not stopping hackers who targeted a growing number of  organizations including several security firms (Kaspersky, Nod 32 and Bitdefender) even if in secondary domains and with “simple” defacements.

Cyber chronicles report of Gemnet, another Certification Authority Breached in Holland (is the 12th security incident targeting CAs in 2011) and several massive data breaches targeting Finland (the fifth this year, affecting 16,000 users), online gambling (UB.com affecting 3.5 million of users),  Telco (Telstra, affecting 70,000 users), and gaming, after the well known attacks to Sony, Sega and Nintendo, with Square Enix, which suffered a huge attacks compromising 1,800,000 users (even if it looks like no personal data were affected).

Online Payment services were also targeted by Cybercrookers: a Visa East European processor has been hit by a security breach, but also four Romanian home made hackers have been arrested for a massive credit card fraud affecting 200 restaurants for a total of 80,000 customers who had their data stolen.

As usual, hacktivism was one of the main trends for this first half of the month, which started with a resounding hacking to a Web Server belonging to ACNUR (United Nations Refugees Agency) leaking more than 200 credentials including the one belonging to President Mr. Barack Obama.

But from a mere hactvism perspective, Elections in Russia have been the main trigger as they indirectly generated several cyber events: not only during the election day, in which three web sites (a watchdog and two independent news agencies) were taken down by DDoS attacks, but also in the immediately following days, when a botnet flooded Twitter with Pro Kremlin hashtags, and an independent forum was also taken down by a further DDoS attacks. A trail of events which set a very dangerous precent.

Besides the ACNUR Hack, the Anonymous were also in the spotlight (a quite common occurrence this year) with some sparse attacks targeting several governments including in particular Brazil, inside what is called #OpAmazonia.

Even if not confirmed, it looks like that Anonymous Finland might somehow be related to the above mentioned breach occurred in Finland.

Other interesting events occurred in the first two weeks of December: the 0-day vulnerability affecting Adobe products, immediately exploited by hackers to carry on tailored phishing campaigns and most of hall, a targeted attack to a contractor, Lockheed Martin, but also another occurrence of DNS Cache Poisoning targeting the Republic of Congo domains of Google, Microsoft, Samsung and others.

Last but not least, the controversial GPS Spoofing, which allegedly allowed Iran to capture a U.S. Drone, even the GPS Spoofing on its own does not completely solve the mistery of the capture.

Other victims of the month include Norwich Airport, Coca Cola, and another Law Enforcement Agency (clearusa.org), which is currently unaivalable.

As usual after the page break you find all the references.

Read more…

Categories: Cyber Attacks Timeline, Cyberwar, Security Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

August 2011 Cyber Attacks Timeline

September 2, 2011 8 comments

Here it is the complete list of Main Cyber Attacks for July: definitively it looks like the Dog Days did not stop the Cyber Attacks, which have been particularly numerous during August.

Following the trail of July, an attack against PCS Consultants, another U.S Government contractor opened this hot month, even if the controversial shady RAT affair monopolized (and keeps on to monopolize) the infosec landscape (and not only during the first half of the month). Easily predictable nearly every endpoint security vendor (and McAfee competitors) tend to minimize the event considering it only the latest example of RAT based cyber attacks with no particular features (see for instance the comment by Sophos, Kaspersky and Symantec).

Analogously the Dog Days did not stop hactivism with the infamous hacking group Anonymous (and its local “chapters”) author of several attacks in different countries and most of all of author of a kind of arm wrestling against BART (Bay Area Rapid Transit), sometimes carried out with questionable methods. Research in Motion was indirectly involved on the Anonymous Campaign during the London Riot, but also Anonymous was hit by (another) defacement attack carried on by Syrian hackers which affected Anonplus, the alternative Social Network.

South Korea was also hit with other massive breaches (involving also Epson Korea) and a defacement against the local branch of HSBC.

According to my very personal estimates, based on the Ponemon Institute indications, the cost for the data breach for which enough information was available, is around $ 126 million mainly due to the impressive Epson Data Breach.

Useful resources for compiling the table include:

And my inclusion criteria do not take into consideration simple defacement attacks (unless they are really resounding) or small data leaks.

Enjoy the complete list!

Date Author Description Organization Attack
Aug 1

PCS Consultants

Another U.S. Government contractor, PCS Consultants gets hacked by Anonymous & Antisec. Hackers extract website Database and leak it on the internet via Twitter on Pastebin (as usual!). Leaked Data include Admin’s and 110 users emails, plus passwords in encrypted hashes.


SQLi?
Aug 2
Vitrociset

72 hours after the first defacement, Vitrociset, a contractor of Italian Cyber Police, is hacked and defaced again by Anonymous.


SQLi? Defacement
Aug 3
United Nations (Shady RAT)

In an interview to Vanity Fair (as to say, information Security is a fashion), a McAfee Security Researcher declares UN and other international institutions have been victims of a large scale Remote Access Tool based attack from a Foreign Country. The attack is dubbed shady RAT and suspects are directed to China.


Remote Access  Tool
Aug 3
Colombia

Anonymous and Colombian Hackers shut down the websites of Colombia’s president, the interior and justice ministry, the intelligence service DAS and the governing party. The hacker attack was meant as a protest against government censorship.

DDoS
Aug 3
The SUN and News Corp. International

Britain’s Rupert Murdoch-owned tabloid The Sun sends a message to readers warning them that computer hackers may have published their data online after an attack on the paper’s website last month. A hacker styled ‘Batteye‘ claims to have posted details taken from The Sun on the Pastebin.

SQLi?
Aug 3
Front National

As a consequence of the Massacre of Oslo, Anonymous France claims to have hacked a server belonging to Front National, leaking a list of 100 leaders of the party


?
Aug 5 ?

Citi Cards Japan (Citigroup)

Eight weeks after a hacker cracked its credit card database, the company’s credit card unit in Japan, Citi Card, reported in a message to its user base that “certain personal information of 92,408 customers has allegedly been obtained and sold to a third party illegally.” Estimated cost of the breach is about $19.8 million.


unfaithful outsourcer
Aug 6 Law Enforcement Agencies

After the first attack to Law Enforcement Institutions in July, Anonymous and LulzSec, as part of what they define the ShootingSheriffsSaturday, leak again 10 Gb of Data from the same Law Enforcement Agencies, including private police emails, training files, snitch info and personal info. The attack was made in retaliation for anonymous arrests


SQLi?
Aug 6
SAPPE (Sindacato Autonomo Polizia Penitenziaria)

Anonymous defaces the Web Site of SAPPE (Independent Union of Prison Guards) and leaves a message on pastebin (here in italian) claiming more rights for detainees


SQLi?
Aug 6
Policia Federal (Brazilian Police)

LulzSec Brazil hacks Brazilian Police and discloses 8 gb of data from what they defined the Pandora’s Box


USB Key Stolen?
Aug 7
Syrian Ministry of Defense

The Syrian Ministry of defense is hacked by Anonymous which defaces the web site and post a note supporting the Syrian people


Defacement
Aug 9
Anonplus (Anonymous Social Network)

In retaliation for the defacement of the Syrian Ministry of Defence, a Syrian Group of hackers dubbed Syrian Electronic Army, has defaced (for the third time), Anonplus, the alternative Social Network in phase of deployment by Anonymous, posting several gruesome images.


Defacement
Aug 9
Research In Motion

As an (in)direct consequence of the London Riots, a crew of hackers called TeaMp0isoN defaces The Official BlackBerry Blog after RIM has indicated to assist London police, who are investigating the use of the messaging service in organizing riots, with a “very extensive monitoring of the BlackBerry Messenger model”.


SQLi?
Aug 9
Operation Satiagraha

As part of Operation Antisec, LulzSec and Anonymous, release 5gb of documents, photos, audio files and videos, exposing that wich was one of the greatest corruption scandals in the recent history of Brazil


SQLi?
Aug 10 ?
University Of Wisconsin Milwaukee

The Social Security numbers of 75,000 students and employees at the University of Wisconsin-Milwaukee arE exposed after hackers planted malware in a campus server.ty-of-wisconsin-server. Estimated Cost of the Breach is $16 million.


APT
Aug 10 ?
Hong Kong Stock Exchange (HKEx)

The Hong Kong stock exchange (HKEx) halts trading  for seven stocks in the afternoon trading session after its website was attacked during the morning trading session. The seven stocks in question were all due to release sensitive results to the website that could impact the price of their stocks. Initially the attack was believed to have compromised the web site. Later it was discovered to be a DDoS.


DDoS
Aug 12 Headpuster
Welt.de

An hacker called Headpuster, to protest against the sale of user data to a third party operator, hacks Welt.de using an SQL Injection (http://boot24.welt.de/index_welt..php?ac =***) and steals a large amount of data  including credit card information of 30,264 users from the database He then publishes censored excerpts. Estimated cost of the breach is around $6.5 million.


SQLi?
Aug 12 ?
Hong Kong stock exchange (HKEx)

The Hong Kong stock exchange comes under attack for the second day in a row on Thursday. The exchange blamed a Distributed Denial of Service (DDoS) attack against its news web server, hkexnews.hk. A Suspect has been arrested on Aug, the 23rd.


DDoS
Aug 14
Mybart.org

As part of their #OpBART and #Bart-Action in response to a temporary shutdown of cell service in four downtown San Francisco stations to interfere with a protest over a shooting by a BART police officer, Anonymous attacks the myBART.org website belonging to San Francisco’s BART (Bay Area Rapid Transit) system. They perform a SQL injection (SQLi) attack against the site and extract 2,450 records containing names, usernames, passwords (plain text), emails, phone numbers, addresses and zip codes. Estimated Cost of the Breach is $524,300.


SQLi
Aug 15 ?
GOMTV.NET

After SK, Another South Korean service provider reports a large-scale data breach of usernames and passwords for subscribers worldwide. This time, it’s the turn of Seoul-based streaming media service GOMTV to suffer a data-spilling intrusion. According to GOM TV, the breach happened early in the morning of Friday 12 August 2011 Korean time; the company sent out a warning email to its subscribers on Sunday 14 August 2011.


SQLi?
Aug 16
Vanguard Defense Industries

Antisec targets Richard Garcia, the Senior Vice President of Vanguard Defense Industries (VDI). During the Breach nearly 4,713 emails and thousands of documents are stolen. The attack has been performed on August the 16th, but, as a consolidated tradtion, the torrent has been released on Friday, August the 19th.


Vulnerability in WordPress Hosting Platform
Aug 16
Ebay

Hacker group Cslsec (Can’t stop laughing security) leaks some accounts from Ebay and post them on pastebin.


SQLi?
Aug 17
BART Police

A database belonging to the BART Police Officers Association is hacked, and the names, postal and email addresses of officers are posted online. Over 100 officers are listed in the document posted, as usual, on pastebin. Estimated cost of the breach is $21,400.


SQLi?
Aug 20

HSBC Korea

A turkish based hacker hacks and defaces the Korean branch of HSBC, the global banking group.

defacement
Aug 21 pr0tect0r AKA mrNRG

Nokia Developer Forum

The developer forum section of Nokia Website is hacked by Indian Hacker “pr0tect0r AKA mrNRG“. He was able to deface the site and access to email records. According to an official statement from Nokia a “significantly larger” number of accounts has been accessed although they do not contain sensitive information.

SQLi
Aug 21
Danish Government

Anonymous Hackers upload a file on Torrent containing the snapshot of the Danish Government database of companies. The snapshot was obtained during the summer of 2011 by systematically harvesting data from the public parts of the cvr.dk website.

SQLi?
Aug 22 ?
Epson Korea

Hacking in South Korea: After GOMTV.NET Epson Korea is hit by a massive data breach, involving the personal information of 350,000 registered customers. Hackers break into Epson Korea’s computer systems, and steal information including passwords, phone numbers, names, and email addresses of customers who had registered with the company. Estimated cost of the breach is $74,900,000.

 ?
Aug 22 Electr0n
Libyan domain name registry

Hackers deface the nic.ly website, the main registry which administers .ly domain names (the “.ly” stands for “Libya”) and replace it with anti-Gaddafi message.


defacement
Aug 22 Allianceforcebiz.com

@ThEhAcKeR12, an admirer of Anonymous acts independently to breach an outsourced provider and steal a customer list with 20,000 log-in credentials. Many on the list were U.S. government employees. Estimated cost of the breach is around $4,280,000.


SQLi?
Aug 22

UK MET Police

As part of the Murder Military Monday, Metropolitan UK Police is hacked for #Antisec by CSL Security using SQL injection Vulnerability and the vulnerable link is also shown on Twitter and pastebin. Other attacked sites include: USarmy.com, GoArmy.com.


SQLi
Aug 23
U.S. Government

F-Secure discovers that on 17th of July, a military documentary program titled “Military Technology: Internet Storm is Coming” was published on the Government-run TV channel CCTV 7, Millitary and Agriculture (at military.cntv. While they are speaking about theory, they actually show camera footage of Chinese government systems launching attacks against a U.S. target.

DDoS?
Aug 24
Cslsec

Another example of Cyberwars between different hacker crews: TeaMp0isoN hacks Cslsec which claimed to be the new LulzSec


Defacement
Aug 25 ?
U.S. Military Base

Another example of military emails leaked by hackers.


SQLi?
Aug 27 Division Hackers Crew
Borlas.net

Division Hackers Crew hacks the Database of Borlas.net (Free SMS Site) and leaks the usernames, Passwords, emails and phone numbers of 14800 registered users. As usual, leaked database has been posted on pastenbin. Estimated cost of the breach is $3,167,200.


SQLi?
Aug 28
Orange.fr

Anonymous Hacker hacks Orange.fr and uploads the database and Site source code backup on file sharing site.


SQLi?
Aug 29 Iranian Hackers
Diginotar

A user named alibo on the Gmail forums posts a thread about receiving a certificate warning about a revoked SSL certificate for SSL-based Google services. The certificate in question was issued on July 10th by Dutch SSL certificate authority DigiNotar. The fake certificate was forged by Iranian Hackers, and revoked immediately. This is the second episode of a MITM attack against Google after the Comodo Affair in May.


Vulnerability
Aug 29 ?
Gabia (South Korean domain registrar)

Another Cyber Attack in South Korea: Gabia a South Korean domain registrar is hacked on Saturday Aug 27, according to a report Monday by the Korea Herald. The hack exposed over 100,000 domains and 350,000 users data. The information included names, user IDS, passwords and registration numbers.

?
Aug 29
densetsu.com

Sometimes they come back: one of the lulzsec members seems to have made a quick returning hacking a child porn trading forum and leaking over 7000 accounts.

densetsu.com SQLi?
Aug 30
Wikileaks (1)

Der Spiegel reports that a WikiLeaks file containing the original leaked US State Department cables has inadvertently been released onto the Internet. The documents have not been edited to protect sources, meaning that the lives of informants could be at risk.

?
Aug 30 ?
Wikileaks (2)

The WikiLeaks website, which contains thousands of U.S. embassy cables, has crashed in an apparent cyberattack. The anti-secrecy organization said in a Twitter message Tuesday that Wikileaks.org “is presently under attack.”

  DDoS
Aug 30
swgalaxies.net

@neatstuffs leaks over 23,000 emails and passwords from a Star Wars Fan Club, and all the passwords are in clear text…sad isnt it? that a website would store so many users information with no security.

SQLi?

August 2011 Cyber Attacks Timeline (Part I)

August 29, 2011 3 comments

Update Sep 2: August 2011 Cyber Attacks Timeline (Complete List)

It looks like the Dog Days did not stop the Cyber Attacks, which have been particularly numerous during August. This is the reason why I decided to divide my traditional collection in two parts. Today it is the turn of the first half covering the interval 1-15 August.

Following the trail of July, an attack against PCS Consultants, another U.S Government contractor opened this hot month, even if the controversial shady RAT affair monopolized (and keeps on to monopolize) the infosec landscape (and not only during the first half of the month). Easily predictable nearly every endpoint security vendor (and McAfee competitors) tend to minimize the event considering it only the latest example of RAT based cyber attacks with no particular features (see for instance the comment by Sophos, Kaspersky and Symantec).

Analogously the Dog Days did not stop hactivism with the infamous hacking group Anonymous (and its local “chapters”) author of several attacks in different countries and most of all of author of a kind of arm wrestling against BART (Bay Area Rapid Transit), sometimes carried out with questionable methods. Research in Motion was indirectly involved on the Anonymous Campaign during the London Riot, but also Anonymous was hit by (another) defacement attack carried on by Syrian hackers which affected Anonplus, the alternative Social Network.

South Korea was also hit with another massive breach (but the story for SK does not end here).

According to my very personal estimates, based on the Ponemon Institute indications, the cost for the data breach for which enough information was available, is around $ 43 million.

Date Author Description Organization Attack
Aug 1

PCS Consultants

Another U.S. Government contractor, PCS Consultants gets hacked by Anonymous & Antisec. Hackers extract website Database and leak it on the internet via Twitter on Pastebin (as usual!). Leaked Data include Admin’s and 110 users emails, plus passwords in encrypted hashes.


SQLi?
Aug 2
Vitrociset

72 hours after the first defacement, Vitrociset, a contractor of Italian Cyber Police, is hacked and defaced again by Anonymous.


SQLi? Defacement
Aug 3
United Nations (Shady RAT)

In an interview to Vanity Fair (as to say, information Security is a fashion), a McAfee Security Researcher declares UN and other international institutions have been victims of a large scale Remote Access Tool based attack from a Foreign Country. The attack is dubbed shady RAT and suspects are directed to China.


Remote Access  Tool
Aug 3
Colombia

Anonymous and Colombian Hackers shut down the websites of Colombia’s president, the interior and justice ministry, the intelligence service DAS and the governing party. The hacker attack was meant as a protest against government censorship.

DDoS
Aug 3
The SUN and News Corp. InternationalBritain’s Rupert Murdoch-owned tabloid The Sun sends a message to readers warning them that computer hackers may have published their data online after an attack on the paper’s website last month. A hacker styled ‘Batteye‘ claims to have posted details taken from The Sun on the Pastebin. SQLi?
Aug 3
Front National

As a consequence of the Massacre of Oslo, Anonymous France claims to have hacked a server belonging to Front National, leaking a list of 100 leaders of the party


?
Aug 5 ?

Citi Cards Japan (Citigroup)

Eight weeks after a hacker cracked its credit card database, the company’s credit card unit in Japan, Citi Card, reported in a message to its user base that “certain personal information of 92,408 customers has allegedly been obtained and sold to a third party illegally.” Estimated cost of the breach is about $19.8 million.


unfaithful outsourcer
Aug 6 Law Enforcement Agencies

After the first attack to Law Enforcement Institutions in July, Anonymous and LulzSec, as part of what they define the ShootingSheriffsSaturday, leak again 10 Gb of Data from the same Law Enforcement Agencies, including private police emails, training files, snitch info and personal info. The attack was made in retaliation for anonymous arrests


SQLi?
Aug 6
SAPPE (Sindacato Autonomo Polizia Penitenziaria)

Anonymous defaces the Web Site of SAPPE (Independent Union of Prison Guards) and leaves a message on pastebin (here in italian) claiming more rights for detainees


SQLi?
Aug 6
Policia Federal (Brazilian Police)

LulzSec Brazil hacks Brazilian Police and discloses 8 gb of data from what they defined the Pandora’s Box


USB Key Stolen?
Aug 7
Syrian Ministry of Defense

The Syrian Ministry of defense is hacked by Anonymous which defaces the web site and post a note supporting the Syrian people


Defacement
Aug 9
Anonplus (Anonymous Social Network)

In retaliation for the defacement of the Syrian Ministry of Defence, a Syrian Group of hackers dubbed Syrian Electronic Army, has defaced (for the third time), Anonplus, the alternative Social Network in phase of deployment by Anonymous, posting several gruesome images.


Defacement
Aug 9
Research In Motion

As an (in)direct consequence of the London Riots, a crew of hackers called TeaMp0isoN defaces The Official BlackBerry Blog after RIM has indicated to assist London police, who are investigating the use of the messaging service in organizing riots, with a “very extensive monitoring of the BlackBerry Messenger model”.


SQLi?
Aug 9
Operation Satiagraha

As part of Operation Antisec, LulzSec and Anonymous, release 5gb of documents, photos, audio files and videos, exposing that wich was one of the greatest corruption scandals in the recent history of Brazil


SQLi?
Aug 10 ?
University Of Wisconsin Milwaukee

The Social Security numbers of 75,000 students and employees at the University of Wisconsin-Milwaukee arE exposed after hackers planted malware in a campus server.ty-of-wisconsin-server. Estimated Cost of the Breach is $16 million.


APT
Aug 10 ?
Hong Kong Stock Exchange (HKEx)The Hong Kong stock exchange (HKEx) halts trading  for seven stocks in the afternoon trading session after its website was attacked during the morning trading session. The seven stocks in question were all due to release sensitive results to the website that could impact the price of their stocks. Initially the attack was believed to have compromised the web site. Later it was discovered to be a DDoS
DDoS
Aug 12 Headpuster
Welt.de

An hacker called Headpuster, to protest against the sale of user data to a third party operator, hacks Welt.de using an SQL Injection (http://boot24.welt.de/index_welt..php?ac =***) and steals a large amount of data  including credit card information of 30,264 users from the database He then publishes censored excerpts. Estimated cost of the breach is around $6.5 million.


SQLi?
Aug 12 ?
Hong Kong stock exchange (HKEx)

The Hong Kong stock exchange comes under attack for the second day in a row on Thursday. The exchange blamed a Distributed Denial of Service (DDoS) attack against its news web server, hkexnews.hk. A Suspect has been arrested on Aug, the 23rd.


DDoS
Aug 14
Mybart.org

As part of their #OpBART and #Bart-Action in response to a temporary shutdown of cell service in four downtown San Francisco stations to interfere with a protest over a shooting by a BART police officer, Anonymous attacks the myBART.org website belonging to San Francisco’s BART (Bay Area Rapid Transit) system. They perform a SQL injection (SQLi) attack against the site and extract 2,450 records containing names, usernames, passwords (plain text), emails, phone numbers, addresses and zip codes. Estimated Cost of the Breach is $524,300.


SQLi
Aug 15 ?
GOMTV.NETAfter SK, Another South Korean service provider reports a large-scale data breach of usernames and passwords for subscribers worldwide. This time, it’s the turn of Seoul-based streaming media service GOMTV to suffer a data-spilling intrusion. According to GOM TV, the breach happened early in the morning of Friday 12 August 2011 Korean time; the company sent out a warning email to its subscribers on Sunday 14 August 2011.
SQLi?

Top Security Challenges for 2011: Check Point’s Perspective

May 16, 2011 1 comment

At the last Check Point Experience in Barcelona, the Israeli-based company unleashed its own Top Security Challenges for 2011.

In a certain sense one might say that it could be quite easy for Checkpoint to make predictions at this point of the year considered that we are in the middle of 2011 (and truthful predictions should already come true), but this is not my point of interest. My point of interest is the fact that, in my prevision evaluation of security predictions for 2011 (we were in December 2010), I was a little bit disappointed for the fact that it had not been possible to compare Check Point, a landmark in Network Security, with the other vendors since at that time it did not release any prediction for the current year. The perspective of this vendor, focused on network security, is a really interesting complement to the landscape (that is unifying endpoint, network and cloud security), since Check Point is considered the pioneer of modern firewall, as well as inventor of the stateful inspection technology, the foundation of network protection.

According to John Vecchi, head of product marketing for Check Point, the following areas will be on the radars and agendas of CISOs worldwide

  • Virtualization and the cloud: according to him, the challenges associated with this trend include lack of skills in the security team, cost of new solutions and regulatory issues. To these challenges I would also add fragmentation of Cloud Environments which need powerful tools to normalize, securize and manage such environments. As a matter of fact we are experiencing the proliferation of Hypervisors, operating systems, services and application that must forcefully coexist each other on the same environment;
  • IT consumerization: Tablets and Smartphones are becoming inseparable companions of Organizations and Enterprises, but, although they are breaking the line between personal and professional life, they have not been natively conceived for a professional usage, and this paves the way to new threats that need to be faced. According to the Israeli company 30% of enterprises are implementing tablet computers and by 2013, we will see a 100% increase in smartphone usage. Meanwhile, according to Juniper Networks, Android Malware increases 4 times faster…
  • Consolidation and complexity in security. According to Check Point there is a huge trend to converge and unify information security technologies. This challenge is not a surprise: the company is well known among security professionals for the completeness of its management framework and the consolidation (of vendors and technologies) is a well consolidated trend in market, vendors and technologies;
  • Web 2.0 and social media: this is another consolidated trend whose last (and more relevant) example is the affair of Primoris Era and the consequent risks of social espionage or social (media) engineering which can have a devastating impact for the Enterprises. But this is not the only risks: due to their six degrees of separations: social networks are a powerful (and reliable) mean to spread infections. In my opinion, this challenge is strictly related to IT consumerisation (as mobile technologies, social media is an example of consumer technologies which rapidly spread into Enterprise), and Enterprises are generally not prepared to face similar threats, which are increasingly pushing the users to cross the boundaries which separate personal and professional usage of their working tools. In both cases, in my opinion, the possible countermeasures are similar: not only technology but (most of all) education for users who should be made aware of risks deriving from crossing that line: would you ever store the last financial plan in the same computer when your son chats, surfs the web or share his life on Facebook? Why should you do on the same phone or tablet where you share your life (without considering the fact that data are continuously sent to Apple, Google and so on…).
  • Data security and data loss: according to Check Point, $7.2m is the average cost of a data breach in 2011. USBs and laptops, corporate email and web mail are the largest sources of data ,loss. Agreeable security challenge, but too easy after the affair of Wikileaks.
  • Threat landscape: according to Check Point, this can be broken down into two motives: Crime and profit, and Cyber-warfare and hacktivists. The biggest recent threats include stuxnet, operation aurora (belonging to the second category), and zeus zbot (belonging to the first). These are the so called Advanced Persistent Threats that are increasingly used not as “exercises of style” but as real weapons for fighting wars on the virtual battlefields or stealing money.

The last predictions have little to deal with security (in the sense that they are general concepts) but are worthwhile to be mentioned as well:

  • Governance, risk and compliance: according to Check Point Governance and compliance has the greatest influence on the information security programme for 60% of companies. In my opinion this challenge goes in the same direction of consolidation and complexity in security which need unified management whose role, definitively is just to enforce the policy (at least this is my model);

  • Cost-saving IT and Green IT: the latter two are strictly joined (and in a certain sense also joined with Cloud and virtualization). IT has always been considered an enabler: but probably in the current complicated situation it is not enough and IT must also support the enterprise to control costs (and moreover in this scenario information security must be a business process).

After analyzing Check Point’s Top Threats I enjoyed in comparing them with the available predictions of other vendors. Of course I had to do some assumptions, that is: I mapped the “Threat Landscape” to Advanced Persistent Threat, “IT Consumerization to Mobile”, and “Data Security and Data Loss” to Removable Media.

The results are represented in the following table:

Checkpoint confirms the mobile as the Top Threat for 2011 (as done, in total, by 6 of the 7 examined vendors, the only excluded, Kaspersky, simply put the mobile as a top threat for 2010). Similarly, Advanced Persistent Threats gained the preference of 5 vendors of the 7 examined, including Check Point, as Social Media did. Curiously, as far as Cloud and Virtualization are concerned, Checkpoint’s Top Challenge is similar to the one provided by Symantec (and Trend Micro): I would have expected more vendors addressing the Cloud and Virtualization as a key concern for the 2011 (and the examples of Epsilon, Amazon and Sony are particularly meaningful of the level of attention deserved by this technology).

On Facing the 2011 Top Security Challenges, particolarly meaningful for Check Point is the role played by the unified management technologies. This is not surprising since, on one hand, vendors and technologies are converging and consolidating themselves in few vendors with a multi-domain porfolio (the ast firm in order of example is Sophos with the acquistion of Astaro); on the other hand Check Point management technologies are considered the state-of-the-art for a unified management framework.

Previsioni Di Sicurezza 2011: 6 Produttori A Confronto (Aggiornamento)

January 26, 2011 8 comments

Dopo aver esaminato le previsioni 2011 di Sophos e Cisco, ho pensato di ampliare la griglia di confronto redatta in un post precedente, includendo le previsioni degli ultimi due arrivati. Il quadro che ne risulta conferma che, alla domanda secca: “Quale sarà la maggiore fonte di preoccupazione per gli IT Manager del 2011?”  La risposta è sicuramente una: “Il Mobile!“. L’emicrania da minaccia mobile raccoglie difatti la preferenza di 5 produttori su 6 e il 2011 ci rivelerà se la moda del mobile ha contagiato anche il mondo della sicurezza informatica, oppure se le mele con il jailbaco o gli Androidi dirootati (con le insonnie che ne derivano per gli IT Manager) sono una conseguenza del processo di consumerization dell’IT (ovvero la tendenza ad utilizzare tecnologie provenienti dal mondo consumer e quindi prive nativamente delle caratteristiche di sicurezzza ,e non solo, necessarie per un uso professionale).

Nelle preferenze dei produttori analizzati, seguono a ruota gli Advanced Persistent Threat, Hactivism e Social Media che raccolgono le preferenze di 4 brand sui 6 presi in esame, mentre le altre tipologie di minacce appaiono estremamente frammentate.

Per confrontare correttamente le previsioni occorre considerare il fatto che i produttori esaminati non sono perfettament omogenei tra loro: se da un lato Kaspersky, Sophos ,Symantec e Trend Micro sono vendor focalizzati principalmente sulla sicurezza dell’Endpoint, McAfee rappresenta una via di mezzo (nato dall’Endpoint ha progressivamente ampliato la propria offerta sino a coprire anche la sicurezza di rete), mentre Cisco appare fortemente orientato alla sicurezza di rete. La diversa natura si riflette anche da una diversa impostazione dei report: le previsioni di Cisco e McAfee si basano sulla raccolta di dati da parte della propria rete di sensori, le previsioni di Sophos e Trend sulla raccolta di dati dei propri laboratori che analizzano minacce provenienti dagli endpoint (pertanto le previsiono dei produttori appena citati prendono spunto da eventi e trend del 2010), mentre le previsioni di Symantec e Kaspersky appaiono (soprattutto nel secondo caso) piuttosto visionarie come impostazione.

La diversa prospettiva di analisi (ed in sostanza le diverse strategie dei produttori) si riflettono anche sui risultati della griglia comparativa: le previsioni di Sophos abbracciano una vasta gamma di minacce e sono assimilabili ad una sorta di sintesi tra le previsioni di McAfee e Trend Micro; mentre le previsioni di Cisco appaiono molto vicine a quelle di McAfee (Cisco non cita direttamente le vulnerabilità di Apple poiché le annega all’interno dei sistemi operativi), verosimilimente perché le previsioni dei Cisco Security Intelligence e McAfee Global Labs sono basate sui dati raccolti dalla propria rete di sensori (approccio simile, ciascuno con le proprie tecnologie).

Symantec costituisce il vendor che ha fornito maggiore evidenza dei problemi di sicurezza del cloud e delle infrastrutture virtualizzate (probabile eredità ed influenza di Veritas), mentre Kaspersky appare piuttosto visionaria nelle sue previsioni.

Ultima considerazione: il mobile non registra l’en plein tra le previsioni poiché non figura tra le previsioni del solo Kaspersky. Il motivo? Il produttore Russo aveva inserito il mobile malware tra le previsioni dell’anno passato (e non a caso è stato il primo a scoprire un malware per l’Androide ad Agosto 2010).

Previsioni di Sicurezza 2011: Il turno di Sophos

January 23, 2011 3 comments

Confrontando le previsioni per il 2011 da parte dei principali produttori di sicurezza per l’Endpoint (Symantec, Mcafee, Trend Micro e Kaspersky) avevo evidenziato l’indisponibilità di analoghe predizioni da parte di Sophos, produttore di sicurezza inglese focalizzato su endpoint e protezione perimetrale considerato uno dei leader tecnologici e punto di riferimento assieme alle tecnologie già citate (per la cronaca Symantec, McAfee, Trend Micro e Sophos occupano ormai da alcuni anni posizioni di leadership nel Quadrante Magico di Gartner mentre Kaspersky, tra gli outsider, è la tecnologia che ha registrato la crescita maggiore).

Finalmente il gruppo è completo dal momento che sono da poco state rilasciate le previsioni di Sophos, previsioni che vale la pena analizzare per aggiungere un ulteriore punto di vista alla poco ambita hit parade delle minacce informatiche che turberanno il sonno dei professioni di sicurezza e degli utento nel corso del 2011.

In realtà l’analisi di Sophos prende spunto da quelle che sono state le principali minacce nel 2010 proiettandone l’impatto in ottica 2011, e per questa impostazione si discosta leggermente dalle previsioni degli altri produttori; nonostante le differenze di impostazione è comunque possibile estrapolare quelle che avranno l’impatto maggiore nel corso dell’anno da poco entrato, secondo le indicazioni del produttore di Sua Maestà.

Il 2010 si è chiuso con un impatto elevato da parte di:

  • Falso Software Antivirus, di cui si sono registrate nel corso dell’anno passato, oltre mezzo milione (!!) di varianti;
  • L’utilizzo di tecniche di marketing e ottimizzazione dei motori di ricerca (SEO Search Engine Optimization) per “avvelenare” le ricerche, ovvero fare in modo che i siti malevoli scalino le posizioni nell’ambito dei risultati, aumentando implicitamente la probabilità che utenti inconsapevoli approdino verso siti malevoli;
  • L’utilizzo di tecniche di “ingegneria sociale” all’interno del “social network”. Un aspetto questo che lega indissolubilmente aspetti tecnologici e aspetti sociali e umani (curiosità, debolezze dei singoli) di cui sono vittima gli utenti con meno esperienza (tecnologica ed emotiva) che, seguendo un semplice link, finiscono con l’essere infettati da trojan, o ad inserire i propri dati personali in falsi form, preda di malintenzionati. La piaga è talmente diffusa che è stata coniata una apposita minaccia definita Likejacking che unisce i termini Like (il classico badge con cui gli utenti mostrano il proprio apprezzamento a post e contenuti) e Hijacking usato per indicare i dirottamenti (reali e virtuali come in questo caso).
  • Lo Spam ha continuato ad imperversare anche nel corso dell’anno passato (il report cita il fatto che nei soli Stati Uniti 36 milioni di utenti abbiano comprato medicinali da siti offshore) eludendo i controlli della temibile FDA. Va tuttavia aggiunto il fatto che secondo la ricerca lo spam ha leggermente cambiato forma, privilegiando di veicolare gli utenti verso siti dove è possibile scaricare malware piuttosto che verso improbabili store (dove comunque spesso gli utenti rimangono vittima di truffe successive da parte di falsi agenti FDA).
  • Stuxnet: come poteva mancare il fenomeno informatico dell’anno? Ovviamente anche il produttore anglosassone evidenzia il suo impatto, anche se, in maniera un po’ controcorrente, evidenzia maggiormente l’impatto mediatico rispetto a quello informatico.

Nel corso del 2011, secondo Sophos dovremo invece preoccuparci di:

Debolezza delle Password

Questo aspetto è principalmente umano, piuttosto che tecnologico, ma rischia nel 2011 di avere conseguenze ancora più nefaste rispetto all’anno precedente a causa del sempre maggiore numero di servizi on-line a cui gli utenti si affidano, e alla sempre minore cura nella scelta e nella gestione delle password che spesso sono le stesse per tutti i servizi, deboli e non cambiate da tempi immemorabili. La conseguenza, secondo il produttore blu è presto detta: la debolezza delle password costituisce un rischio maggiore per il furto di identità rispetto al phishing o allo spyware. La soluzione? Una rigorosa politica di controllo (AUP) per tutti gli utenti! Anche perché spesso dove non arrivano gli utenti arrivano i provider che dovrebbero tenere le credenziali al sicuro e sono invece vittime di imbarazzanti incidenti (come nel caso di Gawker rimasto vittima nel 2010 del furto di 1.3 milioni di account.

Mobile e Tablet

I produttori di solito, soprattutto se concorrenti, sono in disaccordo su tutto. Ma se c’è un argomento sul quale, come per miracolo, quasi non esistono divergenze, è proprio la centralità del mondo mobile nelle problematiche di sicurezza per il 2011. Prendendo in esame i diversi sistemi operativi si deduce, nelle previsioni di Sophos, una certa affinità, con le affermazioni a Bloomberg di Steve Chang, presidente di Trend Micro, da cui si deduce una maggiore sicurezza per il sistema operativo per la Mela piuttosto che per l’Androide, fondamentalmente per il maggiore controllo (walled garden) a cui Cupertino sottopone le applicazioni per i propri dispositivi prima di inserirle nell’App Store, e per la natura Open Source del gioiello di casa Page e Brin). Nel report si prendono in esame anche Windophs Phone 7 e RIM (la piattaforma per antonomasia del mondo Enterprise). Ma mentre nel primo caso i problemi di sicurezza provengono soprattutto dalla tendenza da parte del colosso di Redmond di privilegiare la funzionalità rispetto alla sicurezza, nel secondo caso i problemi potrebbero inconsapevolmente provenire prorprio dai governi che stanno chiedendo a RIM di ammorbidire la propria politica di cifratura end-to-end e NOC-Centrica per consentire l’ottemperanza alla legislazione anti terrorismo. Da notare che il povero Symbian occupa posizioni di rincalzo anche in questa classifica, ormai preda dei cracker solo per la maggiore diffusione del sistema.

Un aspetto però deve essere tenuto in considerazione: indipendentemente dalla piattaforma, i sistemi operativi mobili nascono con controlli di sicurezza preventivi (controlli di qualità per l’inclusione negli store) e “consuntivi” (accessi regolati delle applicazioni alle risorse hardware e software del dispositivo). Ad oggi, soprattutto per  la Mela e per l’Androide, tutti i malware mobili riscontrati affliggono dispositivi jailbreakati o rootati e trovano terreno fertile nella scarsa attenzione degli utenti che utilizzano store paralleli e ignorano i permessi di accesso delle applicazioni durante l’installazione.

In questa categoria rientrano anche i Tablet, destinati ad assumere sempre maggiore diffusione nel 2011 anche in ambito corporate.

Social Network

Ovviamente le previsioni di Sophos confermano la maggiore “sensibilità” dei malintenzionati ad utilizzare il social network come mezzo di diffusione del malware, sia perché ormai i diversi siti (Facebook e Twitter in primis) sono ampiamente popolati sia per scopi personali che professionali (si stimano oltre 500 milioni di utenti per la creatura di Zuckerberg con buona pace del suo conto in banca). A detta del produttore in blu, le falle del Social Network si concentrano su:

  • Applicazioni, dove, secondo un sondaggio condotto su 600, il 95% degli utenti di Facebook auspica una maggiore attenzione verso la sicurezza, auspicando un modello di controllo walled garden (giardino recintato) sulla falsa riga di quello adottato da Cupertino per il proprio App Store. Queste misure andrebbero unite ad una maggiore consapevolezza degli utenti verso i permessi delle applicazioni e ad un maggiore controllo sulle stesse;
  • Impostazioni di privacy, vera spina nel fianco del social network Facebook, dove oltre il 76% del campione del sondaggio citato al punto precedente, dichiara che lascerebbe il sito in caso di problemi di privacy;
  • Infrastrutture Sicure: il Caso di Twitter ha portato alla ribalta gli effetti derivanti dalla presenza di bachi nelle applicazioni server dei Social Network, e per questo motivo il produttore inglese auspica maggiore sicurezza (e maggiore attenzione degli utenti) in questo campo.

Software

Ormai le postazioni di lavoro sono diventate un coacervo di applicazioni, tutte fondamentali per svolgere le proprie attività e tutte potenziali vettori di vulnerabilità. Il 2010 è stato l’anno delle vulnerabilità di Adobe (i suoi PDF e Flash sono ormai la base di qualsiasi attività produttiva). Basta dare una occhiata a questa classifica di metà 2010 relativa alle vulnerabilità più sfruttate per rendersi conto dell’impatto delle applicazioni nei problemi di sicurezza (e quante di queste ogni utente utilizza ogni giorno: Internet Explorer, Adobe Reader, Real Player, c’è n’è veramente per tutti i gusti.

Media Rimovibili

Nelle valutazioni di Sophos figurano anche i media rimovibili come vettori di infezione. Il caso di Stuxnet insegna come anche i mezzi più tradizionali e bistrattati non vadano sottovalutati (soprattutto come vettori iniziali di infezione per le postazioni non connesse ad Internet).

Sistemi Operativi

Windows 7 sta ampiamente guadagnando consensi tra gli utenti e, secondo le previsioni condivisibili di Sophos,  tra gli autori di malware, che concentreranno i propri sforzi verso questo sistema operativo. Ovviamente gli sforzi sono direttamente proporzionali alla diffusione dell’OS e pertanto destinati a crescere ulteriormente nel corso del 2011 proporzionalmente all’incremento delle quote di mercato dell’ultimo nato di casa Redmond.

Per quanto riguarda gli utenti della Mela, sino ad oggi questi hanno sempre vissuto circondati da un (falso) senso di sicurezza derivante dal nobile lignaggio UNIX del sistema operativo. In realtà la sicurezza deriva dalla minore attenzione dei malintenzionati come conseguenza della minore diffusione in ambito corporate del Mac OS e quindi, in proporzione, dal minor numero di infezioni. Naturalmente il trend di crescita del sistema operativo della Mela in ambito corporate causerà, con tutta probabilità, un incremento delle infezioni informatiche per questo sistema operativo nel 2011. Poiché l’aumento di infezioni è drasticamente facilitato dal comportamento irresponsabile degli utenti nell’installare software senza verificarne attentamente origine e provenienza, Apple è corsa ai ripari mediante la recente creazione dell’App Store anche per il sistema operativo Mac OS, in cui le applicazioni sono sottoposte al controllo di qualità.

Minacce Veicolate dai Server Web

Le minacce diffuse mediante navigazione Web rimarranno nel corso del 2011 una delle principali fonti di infezione. Queste minacce sono veicolate ad insaputa degli amministratori perché nascoste, ad esempio, su link pubblicitari gestiti all’esterno apparentemente legittimi. Le categorie di minacce veicolate tramite Web, identificate dal produttore anglosassone sono le seguenti:

  • Malvertising: Pubblicità di falsi prodotti (ad esempio i fake antivirus citati in precedenza) che spingono l’utente ad installare software per ottimizzare le prestazioni o curare infezioni informatiche, che si rivelano in realtà essere trojan o malware di altro tipo.
  • Siti Web Compromessi: Sophos stima che ogni giorno ci siano 30.000 siti malevoli, il 70% di questi sono siti legittimi compromessi. Questa tendenza purtroppo verrà confermata nel corso del 2011.

Email Spam

Lo spam rimarrà un mezzo di diffusione delle infezioni anche nel 2011 (in questo senso un previsione analoga era stata redatta anche da Trend Micro).

Vulnerabilità 0-day

Sophos prevede per il 2011 un ulteriore incremento di malware che farà uso di vulnerabilità 0-day.

Cybercrime

In questa area le previsioni di Sophos sono allineate a quelle degli altri produttori, ponendo il problema su due piani: un piano prettamente politico (come nei casi di Operation Aurora e Wikileaks) ed un piano prettamente enterprise, ovvero il Cybercrime verrà utilizzato sempre di più per rubare informazioni da utilizzare direttamente o da vendere al miglior offerente.

In conclusione

Anche nel caso di questo produttore viene confermato, nel 2011, il ruolo centrale di Mobile e Social Networking per quanto riguarda le problematiche di sicurezza. In particolare la continua attenzione verso il Social Networking, ribadita da questo produttore, evidenzia la necessità di un nuovo modello di sicurezza e salvaguardia dei dati. Stupisce, tra i fattori evidenziati, l’assenza del cloud (direttamente o indirettamente – è di questi giorni la notizia dell’utilizzo del servizio cloud di Amazon da parte di un hacker tedesco per decifrare la password WPA del proprio vicino di casa), mentre viene evidenzato, come nel caso di Trend Micro, il ruolo dello Spam e dei siti Web compromessi per la distribuzione del malware.

Previsioni di sicurezza 2011: 4 produttori a confronto

January 13, 2011 3 comments

Mi sono divertito a confrontare una sintesi dei report sulle previsioni per il 2011 emessi dai principali produttori di Sicurezza (Symantec, McAfee, Trend Micro) che ho già commentato in queste pagine.

Ho scelto, non a caso, i produttori che sono considerati leader di mercato e riferimento tecnologico da parte dei principali analisti. A questa lista, come termine di paragone, ho aggiunto Kaspersky considerato un importante outsider. Sebbene nell’elenco spicca un illustre assente, ovvero Sophos, da parte del quale non sono state, almeno per ora, rilasciate previsioni per il 2011, è comunque interessante confrontare globalmente le indicazioni fornite dai singoli vendor per valutare quali nubi offuscheranno maggiormente il panorama della sicurezza informatica nel corso del 2011.

Di seguito le minacce identificate dai vari vendor, sintetizzate per ogni produttore in forma di elenco:

McAfee:

  • Social Media;
  • Mobile;
  • Apple;
  • Applicazioni;
  • Malware talmente sofisticato da apparire legittimo;
  • Sopravvivenza delle Botnet;
  • Hacktivism;
  • Advanced Persistent Threats;

Symantec:

  • Mobile
  • Cloud
  • Virtualizzazione
  • Social Media

Trend Micro:

  • Varietà OS
  • Virtualizzazione
  • OS Obsoleti
  • Social Engineering
  • Mobile
  • Malware talmente sofisticato da apparire legittimo;
  • Botnet
  • Minacce Obsolete
  • Advanced Persistent Threat

Kaspersky

  • Hactivism
  • Minaccia alle Informazioni
  • Advanced Persistent Threat (Spyware 2.0)
  • Attacchi verso utenze corporate
  • Vulnerabilità

Sintetizzando il tutto in una tabella:

Come si nota le previsioni relative a minacce di Advanced Persistent Threat (Stuxnet docet) in cui ho incluso anche lo Spyware 2.0 di Kaspersky), e Mobile Malware, sono condivise da tre produttori su quattro (in realtà Kaspersky aveva previsto la nascita di infezioni per il mobile nel 2010). Botnet, Hactivism, Malware Pseudo Legittimo, Social Media e Virtualizzazione preoccupano due produttori su quattro, mentre le previsioni relative alle restanti tipologie di minacce appaiono piuttosto frammentate e distribuite in maniera unitaria tra i vari produttori.

Chi avrà veramente avuto la palla di cristallo? Ai posteri l’ardua sentenza…

Follow

Get every new post delivered to your Inbox.

Join 2,707 other followers