About these ads

Archive

Posts Tagged ‘Saudi Arabia’

16-31 January 2014 Cyber Attacks Timeline

February 17, 2014 Leave a comment

Even if with several days of delay, it is time for the second Cyber Attacks Timeline of June January 2014 (Part I here).

Unfortunately the trail of massive breaches has continued even in the second half of the month with the two remarkable events of the 16 million of records scraped by a German botnet and also the discovery of the ChewBacca malware by RSA. Cyber Crime Chronicles also report a global password reset issued by Yahoo! after the discovery of a coordinated effort to compromise accounts.

Cyber Espionage Chronicles report of an attempted malware attack against the Electronic Frontier Foundation, the Israeli Defense Ministry and, most of all, the discovery of an operation allegedly orchestrated by Russian hackers against Western energy interests.

Looking at the attacks motivated by Hacktivism, the Syrian Electronic Army were behind the most noticeable events.

As usual, if you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012 and now 2013 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

16-31 Jan 2014 Cyber Attacks Timeline

Read more…

About these ads

1-15 January 2014 Cyber Attacks Timeline

February 5, 2014 2 comments

It’s time for the Cyber Attacks Timeline for the first half of January 2014. I wish we had a better start for this Infosec year. Not even a month has passed (actually this timeline covers the first two weeks) and we have already seen several massive breaches (Snapchat) and other resounding events, maybe less relevant from a mere numeric perspective, but equally meaningful for the high profile of the victims involved (Microsoft).

Besides Snapchat, other important organizations have been targeted by Cyber crooks with very bad consequences: World Poker Tour (175,333), Staysure (93,000 individuals involved) and OpenSUSE (79,500 victims) are the most noticeable examples. On the cyber crime front other meaningful events include a wave of attacks against Video Games industries, and the hacking of Yahoo advertise network, infecting, potentially 27,000 users per hour.

Hacktivists of the Syrian Electronic Army are back with the result that even Microsoft is now part of the list of their victims (however their web site was also hacked in the same period). Other hacktivists very active in the same period include the infamous RedHack collective.

Last but not least, the control room of the Nuclear Plant of Monju in Japan was found infected with a malware capable of allegedly exfiltrate 42,000 emails.

As usual, if you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012 and now 2013 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

1-15 Jan 2014 Cyber Attacks Timeline

Read more…

16-31 December 2013 Cyber Attacks Timeline

January 12, 2014 Leave a comment

Let’s give the welcome to this new infosec year with the first timeline of 2014 (or better the last of 2013) summarizing the main events occurred in the second half of December 2013.

With no doubt, this holiday season has been characterized by the Target breach, whose size is constantly growing (110 million the number of potential victims according to recent estimates). This massive incident has somehow shadowed another massive breached occurred in Turkey, were Russian hackers have allegedly been able to obtain 54 million citizens’ ID Data. With similar numbers, the 300.000 users potentially affected by the Cyber Attack involving Affinity Gaming appear risible.

Other considerable events include a Christmas Intrusion on a BBC server (with the author possibly selling the backdoor access on the underground) and yet another possible intrusion by Chinese hackers on a US target, specifically the Federal Election Commission.

Nothing particularly significant on the hacktivism front characterized by the consolidated “background noise” of events whose sizes are well far from the levels of the recent years.

As usual, if you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012 and now 2013 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

16-31 December 2013 Cyber Attacks Timeline Update2 Read more…

Categories: Cyber Attacks Timeline, Security Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

1-15 June 2013 Cyber Attacks Timeline

Here it is the first part of the June 2013 Cyber Attacks timeline covering the first half of the month.

This period has been characterized by the protests in Turkey, that, easy predictable, have also influenced the cyber landscape. Many attacks (in several cases even with noticeable impact) have been carried on in name of OpTurkey.

Other noticeable facts include the attacks against the European Police College (14,000 records affected), the Bangladeshi Air Force recruitment website (110,000 credentials affected), and, most of all, against the Danish Police which affected the country’s driver’s license database, social security database, the shared IT system across the Schengen zone, and the e-mail accounts and passwords of 10,000 police officers and tax officials.

Last but not least, the first two weeks of June has brought us yet another high profile cyber-espionage operation, dubbed NetTraveler.

As usual, if you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012 and now 2013 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

1-15 June 2013 Cyber Atacks Timeline Read more…

Categories: Cyber Attacks Timeline, Security Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

15-31 May 2013 Cyber Attacks Timeline

And here we are with the second part of the Cyber Attacks Timeline for May (first part here).

The second half of the month has shown an unusual activity with several high-profile breaches motivated by Cyber-Crime or Hacktivism, but also with the disclosure of massive Cyber-Espionage operations.

The unwelcome prize for the “Breach of the Month” is for Yahoo! Japan, that suffered the possible compromising of 22 million users (but in general this was an hard month for the Far East considering that also Groupon Taiwan suffered an illegitimate attempt to access the data of its 4.1 million of customers).

On the cyber-espionage front, the leading role is for the Chinese cyber army, accused of compromising the secret plans of advanced weapons systems from the U.S. and the secret plans for the new headquarter of the Australian Security Intelligence Organization.

On the Hacktivism front, this month has been particularly troubled for the South African Police, whose web site has been hacked with the compromising of 16,000 individuals, including 15,700 whistle-bowlers.

Other noticeable events include the unauthorized access against the well known open source CMS Drupal (causing the reset of 1 million of passwords), the trail of hijacked Twitter accounts by the Syrian Electronic Army and also an unprecedented wave of attacks against targets belonging to Automotive.

If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012 and now 2013 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

May 2013 Cyber Attacks Timeline Part II Read more…

Categories: Cyber Attacks Timeline, Security Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

1-15 January 2013 Cyber Attacks Timeline

January 17, 2013 4 comments

So here we are with the first Cyber Attacks Timeline for 2013 covering the first half of January.

Apparently the new year has begun with an intense activity by Cyber Crooks. Hacktivists and Cyber Criminals had many time to spend in front of their keyboards during the holiday break, and as a consequence the number of breaches with more than 10.000 accounts compromised is incredibly high. WWF China, the City of Steubenville, Ohio and The German Chamber of Commerce are only three examples of institutions that suffered massive breaches during the beginning of this year.

But the massive breaches are not the only remarkable events of this period: the waves of DDoS Attacks against US banks continued (and promise to extend also in the next weeks), Kaspersky Lab discovered a new massive Cyber Espionage Campaign dubbed “Red October”, and also the Japan Farm Ministry was hit by yet another Cyber Attack, allegedly originating from China…

If this is only the beginning… 2013 promises to be pretty much troubled for system administrators…

If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 and the related statistics (regularly updated), and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts). To do so, you can use this form.

1-15 January 2013 Cyber Attacks Timeline Read more…

Categories: Cyber Attacks Timeline, Security Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

The Human Targeted Attack To Saudi Aramco

September 10, 2012 Leave a comment

After nearly a month, the Cyber Attack to Saudi Aramco continues to attract the attentions of Infosec Professionals. If you still have doubts about the fact the human beings are the most dangerous forms of targeted attacks, you should read this article by Reuters: according to internal anonymous sources familiar with the company’s investigation (six firms with expertise in hacking attacks have been hired, bringing in dozens of outside experts to investigate the attack and repair computers), one or more insiders with high-level access are suspected of having assisted the hackers who damaged 30,000 computers at Saudi Arabia’s national oil company last month.

So, apparently, it looks like that Shamoon, in order to unleash its destructive rage, was assisted by an internal mole, “someone who had inside knowledge and inside privileges within the company” according to sources familiar with the company. An event which sounds a little strange, and apparently in contrast with the fact that some coding errors inside the malware seemed a priori to exclude a “state-sponsored” origin for the attack: it is really hard to think about an amateurish operation involving an internal saboteur.

So far, two different groups claimed the responsibility of the cyber attack: The Cutting Sword of Justice and Arab Youth Group, motivating the action with political reasons against what they call Al-Saud corrupt regime (sic). In any case, none of them mentioned an internal assistance for successfully carrying on the attack.

Meanwhile the saga continues, other Oil companies have been hit (Quatari RasGas) by the same malware, and Symantec, few days ago, has reported news of further attacks of W32.Disstrack (Symantec’s Name for the threat vector inside the Shamoon). I wonder if internal moles were involved also in those cases.

Saudi Aramco Admits 30K workstations affected

August 27, 2012 Leave a comment

Yesterday Saudi Aramco issued a public statement declaring to have fixed most damage and restored all its main internal network services affected by the Cyber Attack occurred on August 15, 2012 (or a “malicious virus” to quote the same term used by the company).

In the same statement, the company has unveiled the real entity of the attack, confirming what was reported in my original blog post: the malicious virus originated from external sources and affected about 30,000 workstations (on a total of 40,000).

The light at the end of the Cyber Tunnel seems quite close, since the company has stated that the workstations have been cleaned and restored to service. There are however some restrictions still in place: as a precaution, remote Internet access to online resources is still restricted and the website aramco.com is offline showing a courtesy page in which the company confirms that all the electronic systems are isolated from outside access.

You will probably remember that the attack occurred nearly in contemporary with the discovery of the latest malware in Middle East, Shamoon, tailored for targeting companies belonging to the Energy Sector, which had consequently put in close relationship with the cyber attack to Saudi Aramco. At the beginning, security researchers believed to have found a brand new cyber weapon in Middle East, but some coding errors found inside the malicious program have convinced the community that Shamoon is not the work of experienced cyber weapons programmers (anyway I believe that if Shamoon is really the source of the troubles for Saudi Aramco, 30,000 erased computers are a respectable results for a team of amateur programmers).

But if the situation is close to normal, hackers all over the world continue to threaten the company: a couple of days ago, an isolated group posted a new menace to Aramco, announcing a new attack for the 25th of August, at 21:00 GMT.Even if the website of aramco.com is still offline, this does not seem the effect of the latest alleged cyber attack: the hackers have posted today, Monday 29 August (sic), a new statement containing the result of their action (several password of internal router and a couple of accounts) but it appears lame and does not seem too much convincing.

Another Massive Cyber Attack in Middle East

August 16, 2012 5 comments

Update August 17: More details about Shamoon, the malware targeting Saudi Aramco and other Middle East companies belonging to Energy Sector. Apparently the destructive details unveiled yesterday are confirmed.

Upate August 27: Saudi Aramco Admits 30K workstations affected.

I have just received a couple of tweets from an unknown user @cyberstrikenews providing more details about the latest Cyber Attack in Middle East targeting Saudi Arabian Oil Company (Saudi Aramco).

The Oil Company declared that “production had not been affected” and even if the virus affected some computers, it did not penetrate key components of the network. The company also said it would return to normal operating mode soon.

From the information I have received (I cannot verify the integrity of the source, so I report the data integrally), the situation appears quite different:

  • The company has about 40000 computer clients and about 2000 servers, the destructive virus was known to wipe all information and operation system related files in at least 30000 (75%) of them all data lost permanently.
  • Among the servers which (were) destroyed are the company main web server, mail server (smtp and exchange), and the domain controller which as the central part of their network.
  • All clients are permanently shut down and they will not be able to recover them in a short period.
  • The main company web site ( http://www.aramco.com ) was down during 24 hours and at last they redirected it to an outside country web site called “www.saudiaramco.com”.

Apparently the web site has just been restored to normal operation redirecting the user to Saudi Aramco.

After Stuxnet, Duqu, Flame and Gauss, yet another confirm that there is no cyber peace in middle East!

References:

http://pastebin.com/p5C4mCCD

http://pastebin.com/5YB3TUH1

Middle East Cyber War Timeline (Part IV)

February 11, 2012 3 comments
Another week, another wave of attacks between the two cyber contenders (here: Part I, Part II, Part III).

After some mutual attacks in terms of DDoS and defacements (with a new entry from Morocco and a resounding defacement against the Tel Aviv University Security Studies Program website, the head of the National Cyber Defense Authority), this week has seen the revamping of Credit Cards leaks “thanks” to Zcompany Hacker crew, who dumped more than 200 Credit Cards belonging to Israel And United States.

Even considering this latter event, however, the timeline seems to have confirmed the descending trend, with the early actors of both parties apparently quiet inside their virtual shelters (maybe to elaborate new strategies). But in this apparently calm sky a new thunderstorm threatens the horizon: it is the Anonymous which posted a message promising a reign of terror for Israel…

If you have a look to the Middle East nations involved in the cyber conflict which made attacks or suffered attacks (depicted in the map below that does not include U.S. victim of the latest Credit Card leak and France whose Council of Jewish Institutions was hacked earlier in June), you may easily notice that the virtual geopolitics reflect nearly exactly the real ones (the dotted arrow from Iran indicates the uncertainty of the nationality of OxOmar) with the new entry of Pakistani ZHC.

Read more…

Follow

Get every new post delivered to your Inbox.

Join 2,898 other followers