Tag Archives: RAT

16-31 August 2014 Cyber Attacks Timeline

August is gone, and here we are with the list of the most noticeable cyber attacks occurred during the second half of the month (first part here).

This period will be probably remembered for the massive cyber attack against Community Health Systems (4.5 million records compromised), the wave of coordinated attacks targeting JPMorgan Chase and at least four other US banks, the malware targeting 51 franchised stores of UPS, and, last but not least, the mother of all breaches in Korea (220 million records containing personal information 0f 27 million people). Another noticeable event was also the coordinated DDoS attacks against Sony Entertainment Network, Xbox Live and other online gaming services.

read more

16-30 September 2012 Cyber Attacks Timeline

Part One with 1-15 September 201 Timeline Here.

September is over and it’s time to analyze this month from an Information Security perspective with the second part of the Cyber Attack Timeline.

Probably this month will be remembered for the massive outage of six  U.S. Banks (Bank of America, JPMorgan Chase, Citigroup, U.S. Bank, Wells Fargo and PNC ) caused by a wave of DDoS attack carried on by alleged Muslim hackers in retaliation for the infamous movie (maybe this term is exaggerated) “The Innocence of Muslims”.

read more

February 2012 Cyber Attacks Timeline

Find here February 2012 Cyber Attacks Timelime Part I.

With a small  delay (my apologies but the end of February has been very busy for me and not only for Cybercrooks as you will soon see), here it is the second part of my compilation with the main Cyber Attacks for February 2012.

read more

Back to The Future of Stuxnet

While the U.S. and U.K. are debating whether to use Cyberwarfare, someone, somewhere, has decided not to waste further time and has anticipated them, developing what appears to be a precursor of Stuxnet 2.0. In a blog post, Symantec explains how it came across the first samples of the malware thanks to a research lab with strong international connections, which, on October 14 2011, alerted the security firm to a sample that appeared to be very similar to Stuxnet.

read more

Advanced Persistent Threats and Security Information Management

Advanced Persistent Threats are probably the most remarkable events for Information Security in 2011 since they are redefining the infosec landscape from both technology and market perspective.

I consider the recent shopping in the SIEM arena made by IBM and McAfee a sign of the times and a demonstration of this trend. This is not a coincidence: as a matter of fact the only way to stop an APT before it reaches its goal (the Organization data), is an accurate analysis and correlation of data collected by security devices. An APT attack deploys different stages with different tactics, different techniques and different timeframes, which moreover affect different portion of the infrastructure. As a consequence an holistic view and an holistic information management are needed in order to correlate pieces of information spread in different pieces of the networks and collected by different, somewhat heterogeneous and apparently unrelated, security devices.

read more

Five Years of Hacking (Updated)

Strange Days for Information Security, you may watch my July 2011 Attacks Chart for noticing how troubled July has been. August promises to be even worse, but this is not the point…

The point is that in an Interview to Vanity Fair, which is not tipically an Information Security Magazine, Dmitri Alperovitch, Vice President of threat research at McAfee reported that, for at least five years, a high-level hacking campaign, dubbed Operation Shady RAT (like Remote Access Tool), has infiltrated the computer systems of national governments, global corporations, nonprofits, and other organizations. This infiltration has made more than 70 victims in 14 countries for what has been defined “Biggest-ever series of cyber attacks uncovered”, an attack so big that, according to Alperovitch: “It’s been really hard to watch the news of this Anonymous and LulzSec stuff, because most of what they do, defacing Web sites and running denial-of-service attacks, is not serious. It’s really just nuisance.”

read more

Some Random Thoughts On RSA Breach

Security tokens from RSA Security designed as ...
Image via Wikipedia

June 7 Update: RSA admits some stolen seeds were used to attack Lockeed Martin and will replace SecurID tokens for customers with concentrated user bases typically focused on protecting intellectual property and corporate networks.

May 31 Update: Wired reports that L-3, a Second Defense Contractor, has been targeted by an attack using information stolen during the RSA Breach

read more