Tag Archives: McAfee

16-30 June 2013 Cyber Attacks Timeline

It’s time for the second part of the June 2013 Cyber Attacks Timeline (first part here).

The last two weeks of June have been characterized by an unusual cyber activity in the Korean Peninsula. In a dramatic escalation of events (coinciding with the 63rd anniversary of the start of the Korean War), both countries have attracted the unwelcome attentions of hacktivists and (alleged) state-sponsored groups, being targeted by a massive wave of Cyber attacks, with the South suffering the worst consequences (a huge amount of records subtracted by the attackers).

read more

Browsing Security Predictions for 2013

The period between November and December is particularly interesting for the Infosec community, since nearly all the main security vendors use to unveil their predictions for the next year, trying to anticipate the trends and the issues that will trouble the system administrators’ sleeps.

Exactly as I did last year, I analyzed the predictions of 7 vendors, choosing the ones that I consider particularly meaningful for the presence of the vendor in the market and for the coverage of their respective solution portfolio. In comparison with the last year, I was not able to find any prediction from Cisco (at least so far). However I was able to include the ones issued by Symantec, that were missing from my initial version. Hence the list of the vendors taken into consideration is the following:

read more

Here’s Shamoon!

So, it looks like that the destructive impacts of the cyber attack targeting Aramco, where definitively true. In the same hours in which the first details about the malware were disclosed, Kasperky Lab, McAfee and Symantec have dedicated respectively three blog posts to describe what appears to be the latest example of a large scale cyber attack targeting Middle East (apparently focused on companies belonging to Energy Sector).

Shamoon (or W32/DistTrack), this is the name of the malware, has some points in common (the name of a module) with the infamous Flame, but according to Kaspersky this is the only similarity:

read more

June 2012 Cyber Attacks Timeline (Part II)

Part I (1-15 June) at this link

From an information security perspective, the second half of June has been characterized by the hacking collective UGNAZI (and its members) and also by an individual hacker: .c0mrade AKA @OfficialComrade.

Both entities have left behind them a long trail of Cyber Attacks against different targets (in several cases the real extent of the attack is uncertain) and with different techniques, although it is likely that the UGNAZI collective will be forced to change the plans after the arrest of the group’s leader, JoshTheGod, nearly at the end of the month (27thof June), effectively they have considerably reduced the rate of their cyber attacks in the second part of the analyzed period.

read more

Exclusive Infographic: All Cyber Attacks on Military Aviation and Aerospace Industry

Cross Posted from TheAviationist.

2011 has been an annus horribilis for information security, and aviation has not been an exception to this rule: not only in 2011 the corporate networks of several aviation and aerospace industries have been targeted by digital storms (not a surprise in the so-called hackmageddon) but, above all, last year will be probably remembered for the unwelcome record of two alleged hacking events targeting drones (“alleged” because in the RQ-170 Sentinel downed in Iran episode, several doubts surround the theory according to which GPS hacking could have been the real cause of the crash landing).

read more

What Security Vendors Said One Year Ago…

I did not resist, so after publishing the summary of Security Predictions for 2012, I checked out what security vendors predicted one year ago for 2011. Exactly as I did in my previous post, at the beginning of 2011 I collected the security predictions in a similar post (in Italian). I also published in May an update (in English) since, during the Check Point Experience in Barcelona held in May 2011, the Israeli security firm published its predictions. Even if the latters have been published nearly at the half of 2011, for the sake of completeness, I decided to insert them as well in this year-to-year comparison.

read more

Browsing Security Predictions for 2012

Update 01/11/2012: Year-to-Tear comparison with 2011 Security Predictions

The new year has just come, vacations are over, and, as usually happens in this period, information security professionals use to wonder what the new year will bring them from an infosec perspective. The last year has been rich of events, whose echo is still resounding, and as a consequence, if RSA and Sony breach were not enough, the main (and somehow obvious) question is: will 2012 stop this trend or rather bring it to unprecedented levels, or, in other words, which threat vectors will disturb the (already troubled) administrators’ sleep?

read more

One Year Of Lulz (Part II)

Christmas has just gone and here it is my personal way to wish you a Happy New Year: the second part of my personal chart (first part here) of Main 2011 Cyber Attacks covering the time window from August to November 2011 (December is not yet finished, and featuring remarkable events, so expect an update very soon). This memorable year is nearly over and is time, if you feel nostalgic, to scroll down the second part of the list to review the main Cyber Events that contributed, in my opinion, to change the landscape and the rules of the (information security) game. Many events in this period among whom, IMHO, the most noticeable is the one carried on against Diginotar. Since then our trust in conventional authentication models is not (and will not be) the same anymore.

read more

Advanced Persistent Threats and Security Information Management

Advanced Persistent Threats are probably the most remarkable events for Information Security in 2011 since they are redefining the infosec landscape from both technology and market perspective.

I consider the recent shopping in the SIEM arena made by IBM and McAfee a sign of the times and a demonstration of this trend. This is not a coincidence: as a matter of fact the only way to stop an APT before it reaches its goal (the Organization data), is an accurate analysis and correlation of data collected by security devices. An APT attack deploys different stages with different tactics, different techniques and different timeframes, which moreover affect different portion of the infrastructure. As a consequence an holistic view and an holistic information management are needed in order to correlate pieces of information spread in different pieces of the networks and collected by different, somewhat heterogeneous and apparently unrelated, security devices.

read more