Other troubles for system administrators: March is confirming the 2013 dangerous trend with several high profile breaches against industrial, financial and governmental targets.
The first two weeks of March have begun with the breach to Evernote, and continued with (among the others) the third phase of the infamous Operation Ababil, targeting U.S. Banks and an alleged Chinese attack against the Reserve Bank of Australia.
Additional noticeable events include a wave of DDoS attacks against several Czech Republic’s targets (belonging to media, news and financial sector), a breach suffered by the NIST Vulnerability Database (unfortunately not an isolated example of the attacks against US governmental targets happened in these two weeks) and also the leak of 20,000 records from an Avast! German distributor.
Last but not least, the examined period has also confirmed the role of Twitter as the new mean to make resounding attacks against single individuals or organizations. Qatar Foundation, Saudi Aramco, and France 24 are only several of the organizations fallen victims of accounts hijacking.
Of course, these are only the main events, feel free to scroll down the list to analyze in detail what happened in these two weeks.
If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012 and now 2013 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.
Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).
Once again, a special thanks to Kim Guldberg AKA @bufferzone for continuously advising me about significant cyber events through the Submit Form! Much Appreciated!
Cyber War News has just reported the details of a small database leak against Udinese Calcio, one of the oldest and most important Italian “Serie A” Football teams (Udinese ended the last Italian season at the third place and is going to play the preliminary phase of the prestigious UEFA Champions League).
As far as I remember, this is the first time that a “Serie A” Football Team gets hacked, and among the remarkable records that Udinese collected during the 2011-2012 season, this is probably the most unwelcome. The leak has been performed by norton-z, who has exploited an SQL Injection vulnerability on the team’s web site and has hence dumped on pastebin some details including administrative accounts.
If you follow my timelines you will have probably noticed that norton-z has been very active in the last period, so it looks like he has decided to turn his attention to Italy and just to a Football team (in the same days in which the continent is watching the European Championship EURO 2012 in Poland and Ukraine).
If you are just wondering if the leak is somehow related to the recent scandal (AKA Calciopoli AKA Operation Last Bet) which has dramatically hit the Italian Football Landscape, you will probably be disappointed. According to the autohor’s pastebin statement, there is no other reason than fun!
Is it time for football teams to allocate some budget for securing their online services?
Thanks to @Cyber_War_News for the fresh info!
Click here for part 1.
The second half of January is gone, and it is undoubtely clear that this month has been characterized by hacktivism and will be remembered for the Mega Upload shutdown. Its direct and indirect aftermaths led to an unprecedented wave of cyber attacks in terms of LOIC-Based DDoS (with a brand new self service approach we will need to get used to), defacements and more hacking initiatives against several Governments and the EU Parliament, all perpetrated under the common umbrella of the opposition to SOPA, PIPA and ACTA. These attacks overshadowed another important Cyber Event: the Middle East Cyberwar (which for the sake of clarity deserved a dedicated series of posts, here Part I and Part II) and several other major breaches (above all Dreamhost and New York State Electric & Gas and Rochester Gas & Electric).
Chronicles also reports a cyber attack to railways, several cyber attacks to universities, a preferred target, and also of a bank robbery in South Africa which allowed the attackers to steal $6.7 million.
Do you think that cyber attacks in this month crossed the line and the Cyber Chessboard will not be the same anymore? It may be, meanwhile do not forget to follow @paulsparrows to get the latest timelines and feel free to support and improve my work with suggeastions and other meaningful events I eventually forgot to mention.
- 858,360 hits since November 2010
08/13/2011 - My Post on Android Malware Mentioned on Engadget.
04/14/2011 - The Article Smart Grid: L'ultima Frontiera del Cybercrime published on ICT Security Magazine May 2011.
03/14/2011 - Security Summit 2011: Paolo Passeri guest at Round Table "Mobile Security: Rischi, Tecnologie, Mercato"
02/14/2011 - The Article Gears of Cyberwar published on ICT Security Magazine January 2011.
About This Blog
In this blog I express my personal opinion, which does not necessarily reflects the opinion of my organization, about events and news or interest, concerning information security, winking to mobile world and, why not, to some curious personal event.
Every information is reported with its source.
Anyone intending to use information contained in my post is free to do so, provided that mention my blog in your article.
Top Posts & Pages
- List Of Hacked Celebrities Who Had (Nude) Photos Leaked
- 2014 Cyber Attacks Timeline Master Index
- 1-15 July 2014 Cyber Attacks Timeline
- 2013 Cyber Attacks Statistics
- 2013 Cyber Attacks Timeline Master Index
- 2012 Cyber Attacks Statistics
- May I Be Arrested For Using LOIC?
- A (Graphical) World of Botnets and Cyber Attacks
- 2013 Cyber Attacks Statistics (Summary)
- 1-15 June 2014 Cyber Attacks Timeline
- Ready to take off... Flying to Santa Barbara to meet my colleagues of @LastlineLabs - 8 hours ago
- P.F. Chang's incident calls for updating payments tech lnkd.in/dQpjRE8 - 4 days ago
- @artbyalida @thepacketrat he did the same one week ago for CNET… - 4 days ago
- WSJ website hacked, data offered for 1 bitcoin -> Here's a cyber attack that will be included in the next timeline: arstechnica.com/security/2014/… - 4 days ago
- @HP TippingPoint and @lastlineinc team up to offer advanced network protection h30499.www3.hp.com/t5/HP-Security… - 4 days ago
- Without a good Italian espresso it's impossible to build cutting-edge technology! http://t.co/GZTZFXktsc - 4 days ago
- @lastlineinc recognized by CRN as a 2014 Emerging Vendor | Business Wire businesswire.com/news/home/2014… - 6 days ago
- 1-15 July 2014 Cyber Attacks Timeline #Infosec #Cyberattacks wp.me/p14J6X-2D9 - 1 week ago
- @ckreibich same test worked with an @A10Networks SSL inspector: malicious files downloaded through an https connection perfectly detected! - 1 week ago
- RT @lastlineinc: 'Cloud malware analysis a must-have for advanced threat protection' @TechTarget bit.ly/W70Opa http://t.co/ji5qWtt… - 1 week ago