Despite still related to December 2014, here is the first timeline for 2015 covering the main events occurred between the 16th and 31st December 2014 (first part here).
No doubt, this Christmas will be remembered for the unwelcome surprise of the DDoS attack performed by the infamous Lizard Squad against the online services of Sony and Microsoft. An attack that has shattered the dreams of many players, just few minutes after unwrapping their brand new consoles under the Christmas Tree. However, the light that burns twice as bright burns half as long, and inevitably two members of the collective have allegedly been arrested (not before having attempted a Sybil Attack against Tor).
But the latter was not the only attack targeting the Tor anonymity service in this period, which also suffered an unexplained outage affecting a cluster of Tor Directory Authority Servers in a Rotterdam data center.
Other noticeable events concern the outage of the Internet connection in North Korea (despite it is not completely clear if caused by a cyber attack or a fault), a malware detected in a South Korea power plant, the attacks targeting the ICANN and the ISC Consortium, two among the most important organizations for the Internet, and (yet another) breach targeting NVIDIA.
Moving to a different topic, all in all the hacktivists decided to enjoy the Christmas vacations with the exception of the Syrian Electronic Army who were back, and defaced an online magazine, the International Business Time, for an article against the Syrian regime.
Last but not least, with regard to Cyber Espionage, there have been two operations discovered in this period: an alleged attack perpetrated by Chinese hackers against an Afghan CDN targeting directly many local governmental sites, and indirectly many foreign institutions, and also the discovery of the Anunak group, a well-organized crew able to steal USD $25 Million with a long lasting cyber espionage operation against targets in Europe and the US.
If you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013 and now 2014 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.
Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).
Update December 26: 2011 is nearly gone and hence, here it is One Year Of Lulz (Part II)
This month I am a little late for the December Cyber Attacks Timeline. In the meantime, I decided to collect on a single table the main Cyber Attacks for this unforgettable year.
In this post I cover the first half (more or less), ranging from January to July 2011. This period has seen the infamous RSA Breach, the huge Sony and Epsilon breaches, the rise and fall of the LulzSec Group and the beginning of the hot summer of Anonymous agsainst the Law Enforcement Agencies and Cyber Contractors. Korea was also affected by a huge breach. The total cost of all the breaches occurred inthis period (computed with Ponemon Institute’s estimates according to which the cost of a single record is around 214$) is more than 25 billion USD.
As usual after the page break you find all the references.
Sony states than a total of 93,000 accounts corrsesponding to one tenth of one percent (i.e. 0.1%) of their PSN, SEN and SOE consumers may have been affected (PSN/SEN: approximately 60,000 accounts; SOE: approximately 33,000). In these cases the attempts succeeded in verifying valid sign-in IDs and passwords, so the accounts were temporalily locked. As a preventative measure, Sony will be sending email notifications to these account holders and will be requiring secure password resets or informing consumers of password reset procedures.
At least this time the defense were active and the Company states it was able to stop these attempts taking steps to mitigate the activity, moreover Sony also stated that credit card numbers associated with these accounts are not at risk as a result of the unauthorized attempts.
The attempts appear to include a large amount of data obtained from one or more compromised lists from other companies, sites or sources. These were unauthorized attempts to verify valid user accounts on our services using very large sets of sign-in IDs and passwords. Between October 7 – 10 US Pacific Daylight Time, we confirmed that these were unauthorized attempts, and took steps to thwart this activity.
A couple of hot considerations:
- The Japanese giant learned the lesson. After the infamous breaches of March (with more than 100 million users affected and estimated cost of $21 billion), Sony hired Philip Reitinger (who annouced the attack on Playstation Blog), the former deputy under secretary at the U.S. Department of Homeland Security, as senior vice president and chief information security officer at Sony. The nomination was made on September but is possible that the strategy of establishing a security strategy has already been successful: it looks like the company was able to immediately detect the attack (and also is also immediately sending email notifications to the owners of the compromised accounts);
- I cannot help but notice the strategy of the attack consisting in a “very large sets of sign-In IDs and passwords obtained from on ore more compromised lists of company”. Probably read “spearphishing”: once again old techniques with new motivations. The organizations seems to have learned how to deal with these trhreats. The users are still far from that.
Hope to have more news very soon, most of all which were the compromised lists of companies (Epsilon?).
You need to give people information and transparency so that they can understand security. It’s essential to make them a part of the security process and ensure they are aware of the company security policy.
These words were told yesterday, may, the 4th 2011 on Barcelona during the Check Point Experience, by Gil Shwed, the founder and Chairman of the Information Security Vendor, for unleashing the 3D Security model of the company, a model which focuses on policy people and enforcement.
No better moment could be found for emphasizing the role of the user inside the information security process!
The dramatic events of RSA, Epsilon and Sony Data Breach are redefining the information (in)security landscape and consequently rising many questions and concerns among the security professionals for the true extent of the events. RSA tokens, whose seeds were allegedly compromised during the breach are used in more than 25.000 corporations all over the Globe. The Epsilon Data Breach involved 2% of customers: for a company which sends out over 40 billion e-mails a year on behalf of over 2,500 clients, this means millions of individuals at risk and needing to be on alert from scams and phishing for years. Last but not least Sony, for which a total of more than 100 million records were stolen during two separate waves of attack on its PlayStation Network and Qriocity Service.
Now the question is: what do Mr. Shwed’s words deal with the latter events?
Well, (too) many words have been spent so far: recalling the security concerns for cloud based services (mostly in case of Epsilon and Sony) and the role of Advanced Persistent Threats which are becoming an harmful attack vectors for Enterprises, using spear-phishing mail to overwhelm the first line of defence made by the employees. Apparently old school techniques under renewed dresses. Nevertheless there is a point which, in my opinion, has not been adequately emphasized so far, and the point is just the answer to the previous question.
Simply said the uncovered point is the role of the people in the (in)security process which led to the breach. Hopefully this is not exactly the kind of role wished by Mr. Swhed, anyway if we reverse the paradigm, the result is exactly the same: on one hand, if it is true that the individual made aware of the policy enforces the first level of security and is the core of the security process itself, it is also tue that the unaware individual is the core of the breach. This is exactly what happened in the affair of RSA and Epsilon where the people, the first line of defense of any organization, was the first line to be breached, well before the systems, and the breach in the people was the trigger for the breach in the systems as well.
RSA clearly explained this occurrence in a blog post, and the appealing subject “2011 Recruitment Plan” of the phishing e-mail, hiding a zero-day Adobe Flash vulnerability (CVE-2011-0609) embedded into an excel spreadsheet, went into the annals of Information Security. Clearly the poisoned spreadsheet injected a RAT (Remote Access Tool) used to gain privileges and move freely into the network up to the final target.
Things were not so different for Epsilon, in which individual company employees were initially targeted for email scams and used to gain access to the internal database as happened.
So far there is not evidence of a similar occurrence for Sony, however today’s Sony’s Response to the U.S. House of Representatives, written by Kazuo Hirai, Chairman of the Board of Directors of Sony Computer Entertainment America, in response to questions posed by the subcommittee members of the House Commerce Committee, in some steps closely resembles original RSA announcement.
Sony has been the victim of a very carefully planned, very professional, highly sophisticated criminal cyber attack.
And in case of RSA:
Recently, our security systems identified an extremely sophisticated cyber attack in progress being mounted against RSA.
(Not too much) curiosly the two steps are very similar, and likely the adjective sophisticated was used to emphasize an external origin of the attack aimed to exclude an internal fault and the presumable consequent fall of shares), nevertheless I could not help joining the two sentences and, presumably the two events, even if so far Sony did not show the same transparency of RSA and only few details are known.
Ultimately these events (to which I should add the Night Dragon malware), show that the new cyber-attacks are targeting users, and employees inside the Organization. Not only they targeted users to achieve the attack, but also the aftermaths will keep on targeting users for years: as a matter of facts, even if the full consequences of the RSA breach are not completely clear so far, PSN and epsilon users will presumably be the targets of a new wave of spear-phishing and spam emails (so far no news have been reported of a fraudulent use of Credit Cards Number stolen, which, according to Sony, were encrypted).
In all the cases, quoting Mr. Shwed’s words, we deduce the need for the user to be the core of the security process. The security process must shift to a level which involves policy definition, people awareness and, policy enforcement, at the device level, through an appropriate configuration, and most of all at the user level, through an appropriate education.