About these ads

Archive

Posts Tagged ‘Sophos’

Browsing Security Predictions for 2013

December 26, 2012 5 comments

The period between November and December is particularly interesting for the Infosec community, since nearly all the main security vendors use to unveil their predictions for the next year, trying to anticipate the trends and the issues that will trouble the system administrators’ sleeps.

Exactly as I did last year, I analyzed the predictions of 7 vendors, choosing the ones that I consider particularly meaningful for the presence of the vendor in the market and for the coverage of their respective solution portfolio. In comparison with the last year, I was not able to find any prediction from Cisco (at least so far). However I was able to include the ones issued by Symantec, that were missing from my initial version. Hence the list of the vendors taken into consideration is the following:

Nearly all the analyzed vendors went through deep transformations during the past year, reflecting the changing trends in the market. Fortinet is considered a vendor focused on UTM Technologies, although it offers a wide portfolio of solutions ranging from endpoint to WAFs. After the acquisition of Astaro, Sophos is expanding its offering from the endpoints to the UTM segment. McAfee covers a wide area: historically focused on the endpoints, the long trail of acquisitions allows the company to be present in all the segments of the security market. Websense went through its historical flagship, the URL filtering, moving its security model to the endpoint. Symantec and Trend Micro have their foundation on the endpoints, but are more and more concentrated on securing the cloud. Kaspersky is still concentrated on the endpoints, although the company has been very active in the last year in the analysis of the cyberwar events, most of all in Middle East.Security Predictions 2013

Yes, the rise of the malware on mobile platforms seems unstoppable, not only it reached unprecedented levels in 2012, but apparently it will be the protagonist even for 2013, at least for 5 vendors on 7. Indeed the vendors are 6 if one considers also the cross-platform malware which is equally a threat for mobile platforms. Furthermore one vendor (Fortinet), considers the role of mobile threats also as a threat vector for APTs in 2013.

Politically motivated attacks rank at number 2, even if with different connotations: Kaspersky and Websense mention explicitly state-sponsored attacks, while Symantec and Trend Micro include also attacks motivated by hacktivism in this category. It is not a coincidence that Kaspersky and Websense include Hacktivism into an explicit prediction.

It is also interesting to notice the ransomware at number 3 with just 3 preferences. Particularly interesting the indication of Sophos that speaks of “Irreversible” malware, since this class of threats is increasingly using encryption to make the compromised content unrecoverable.

The trend is even more visible from the distribution chart, that also emphasizes the role of the cloud, in the double shape of source and target of the cyber attacks.

Security Predictions Distributions 2013

Two vendors (McAfee and Trend Micro) include the proliferation of embedded systems (for instance Smart TV equipped with Android) as one of the main security issues for 2013. Honestly speaking I would have expected a major impact for this threat.

Last but not least, two vendors (Kaspersky and McAfee) believe that Targeted Attacks and Signed Malware will experience a major rise in 2013.

About these ads

Value Added Distributors of Botnets

September 22, 2012 Leave a comment

Cyber Crime, and in particular botmasters, never cease to amaze. If you were (not so much) surprised in discovering the compromised supply chain behind the Nitol Botnet (that allowed Chinese manufacturers to sell compromised computers pre-installed with the botnet), you’d better have a look at the ZeroAccess Botnet, which has recently been analyzed by Sophos.

ZeroAccess has some impressive “state-of-the-art” features such as:

  • Pure User-Mode on 32-bit Windows platforms;
  • A Peer-to-peer protocol for communicating with other members of the Botnet to receive updates and downlad plugins;
  • A modular architecture (via plugins) that allows to generate revenues for Botnet owners in different ways: Click Fraud or Bitcoin Mining (revenues that the security firms estimates in USD 100,000 per day with the botnet at full power);
  • A compromised population of over 9 million of PCs infected.

Really impressive features indeed, even if I must confess they were not the ones that impressed me most.

One of the challenges of a “successful” botnet is the capability to spread as quickly as possible, and infect and insert in the botnet (read enroll) the largest number of hosts in the shortest possible time.

Cyber Criminals are becoming increasingly aware of this, and hence, have developed a lucrative Pay-Per-Install partnership affiliate scheme to distribute the dropper. This affiliate scheme (I like to call it Partnership program) foresees wall paid revenues for affiliates who are able to execute successful installation of the dropper. This is exactly what happens in case of ZeroAccess and it is the reason of its large-scale extent.

The scheme is typically advertised on underground forums and, in case of ZeroAccess, the revenues are differentiated based on the country (probably US victims are the most lucrative, since US gets paid the most, then UK, Canada and Australia), and also on the access rights of the infected user (Admin gets paid more).

After the discovery of compromised supply chains and programs that foresee revenues for botnet distributors, have you still doubts about the fact that Cyber Crime is really becoming an industry?

April 2012 Cyber Attacks Timeline (Part I)

April 16, 2012 2 comments

As usual, here is the list of the main cyber attacks for April 2012. A first half of the month which has been characterized by hacktivism, although the time of the resounding attacks seems so far away. Also because, after the arrest of Sabu, the law enforcement agencies (which also were targeted during this month, most of all in UK), made  two further arrests of alleged hackers affiliated to the Anonymous Collective: W0rmer, member of CabinCr3w, and two possible members of the infamous collective @TeaMp0isoN.

In any case, the most important breach of the first half of the month has nothing to deal with hacktivism, targeted the health sector and occurred to Utah Department of Health with potentially 750,000 users affected. According to the Last Ponemon Study related to the cost of a breach ($194 per record) applied to the minimum number of users affected (250,000), the monetary impact could be at least $ 55 million.

Another interesting event to mention in the observed period is also the alleged attack against a Chinese Military Contractor, and the takedown of the five most important al-Qaeda forums. On the hacktivist front, it worths to mention a new hijacked call from MI6 to FBI, but also the alleged phone bombing to the same Law Enforcement Agency. Both events were performed by TeamPoison, whose two alleged members were arrested the day after.

For the sample of attacks I tried to identify: the category of the targets, the category of the attacks, and the motivations behind them. Of course this attempt must be taken with caution since in many cases the attacks did not target a single objective. Taking into account the single objectives would have been nearly impossible and prone to errors (I am doing the timeline in my free time!), so the data reported on the charts refer to the single event (and not to all the target affected in the single event).

As usual the references are placed after the jump.

By the way, SQL Injection continues to rule (the question mark indicates attacks possibly performed by SQL Injection, where the term “possibly” indicates the lack of direct evidences…).

If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 (regularly updated), and follow @pausparrows on Twitter for the latest updates.

Read more…

Categories: Cyber Attacks Timeline, Security Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Exclusive Infographic: All Cyber Attacks on Military Aviation and Aerospace Industry

February 22, 2012 2 comments

Cross Posted from TheAviationist.

2011 has been an annus horribilis for information security, and aviation has not been an exception to this rule: not only in 2011 the corporate networks of several aviation and aerospace industries have been targeted by digital storms (not a surprise in the so-called hackmageddon) but, above all, last year will be probably remembered for the unwelcome record of two alleged hacking events targeting drones (“alleged” because in the RQ-170 Sentinel downed in Iran episode, several doubts surround the theory according to which GPS hacking could have been the real cause of the crash landing).

But, if Information Security professionals are quite familiar with the idea that military contractors could be primary and preferred targets of the current Cyberwar, as the infographic on the left shows, realizing that malware can be used to target a drone is still considered an isolated episode, and even worse, the idea of a malware targeting, for instance, the multirole Joint Strike Fighter is still something hard to accept.

However, things are about change dramatically. And quickly.

The reason is simple: the latest military and civil airplanes are literally full of electronics, which play a primary role in managing avionics, onboard systems, flight surfaces, communcation equipment and armament.

For instance an F-22 Raptor owns about 1.7 millions od line of codes , an F-35 Joint Strike Fighter about 5.7 millions and a Boeing 787 Dreamliner about 6.5 millions. Everything with some built in code may be exploited, therefore, with plenty of code and much current and future vulnerabilities, one may not rule out a priori that these systems will be targeted with specific tailored or generic malware for Cyberwar, Cybercrime, or even hacktivism purposes.

Unfortunately it looks like the latter hypothesis is closer to reality since too often these systems are managed by standard Windows operating systems, and as a matter of fact a generic malware has proven to be capable to infect the most important U.S. robots flying in Afghanistan, Pakistan, Libya, and Indian Ocean: Predator and Reaper Drones.

As a consequence, it should not be surprising, nor it is a coincidence, that McAfee, Sophos and Trend Micro, three leading players for Endpoint Security, consider the embedded systems as one of the main security concerns for 2012.

Making networks more secure (and personnel more educated) to prevent the leak of mission critical documents and costly project plans (as happened in at least a couple of circumstances) will not be aviation and aerospace industry’s information security challenge; the real challenge will be to embrace the security-by-design paradigm and make secure and malware-proof products ab initio.

While you wait to see if an endpoint security solution becomes available for an F-35, scroll down the image below and enjoy the list of aviation and aerospace related cyber attacks occurred since the very first hack targeting the F-35 Lightning II in 2009.

Of course aviation and aerospace industries are not the only targets for hackers and cybercriminals. So, if you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 (regularly updated) at hackmageddon.com. And follow @pausparrows on Twitter for the latest updates.

As usual the references are after the jump…

Read more…

What Security Vendors Said One Year Ago…

January 10, 2012 2 comments

I did not resist, so after publishing the summary of Security Predictions for 2012, I checked out what security vendors predicted one year ago for 2011. Exactly as I did in my previous post, at the beginning of 2011 I collected the security predictions in a similar post (in Italian). I also published in May an update (in English) since, during the Check Point Experience in Barcelona held in May 2011, the Israeli security firm published its predictions. Even if the latters have been published nearly at the half of 2011, for the sake of completeness, I decided to insert them as well in this year-to-year comparison.

Then, I included Symantec (for which this year I did not find any prediction), McAfee, Trend Micro, Kaspersky, Sophos and Cisco. I included Check Point in a second time and I did not include Fortinet, At that time I missed their five security predictions, which I only discovered later so I decided to provide an addendum for this post including Fortinet as well in order to provide a deeper perspective.

The security predictions for 2011 are summarized in the following chart, which reports what the vendors (with the partial above described exception of Checkpoint) expected for the past year in terms of Information Security trends.

But a strict side-by-side comparison with the 2012 information security predictions (extracted by my previous post) is more helpful and meaningful:

As you may notice mobile threats were on top even among the predictions for 2011. This prediction came easily true most of all for Android which suffered (and keeps on suffering) a huge increase in malware detection samples (even if the overall security risk remains contained). Social Media were on top as well: they have been crucial for the Wind of the Changes blown by the Arab Spring but in the same time Social Media have raised many security concerns for reputation, the so called Social Network Poisoning (who remembers Primoris Era?). Although 2011 was the year of the Anonymous, hacktvism ranked “only” at number 4, behind Advanced Persistent Threats, which however played a crucial role for information security (an APT was deployed for the infamous RSA Breach, but it was not an isolated case).

Also botnets, web threats and application vulnerabilities ranked at the top of Security predictions for last year (and came true). As far as botnets are concerned, fortunately 2011 was a very important year for their shutdown (for instance Hlux/Kelihos, Coreflood, Rustock). In several cases the botnets were taken down thanks to joint operations between private sectors and law enforcement agencies (another prediction came true). On the application side, this prediction came true most of all thanks to the Sony breach, the Liza Moon infection and the huge rate of SQLi based attacks and ASP.NET vulnerabilities. We have also assisted to an hard blow to SSL/TLS and XML Encryption.

But what is more surprising (and amusing) in my opinion is not to emphasize which predictions were correct, but rather to notice  which predictions were dramatically wrong: it looks like that, against the predictions, virtualization threats were snubbed by cybercrookers in 2011 (and nearly do not appear in 2012). But the most amusing fact is that no security vendor (among the ones analyzed) was able to predict the collapse of the Certification Authority model thanks most of all to the Comodo and Diginotar Breaches.

Browsing Security Predictions for 2012

January 8, 2012 4 comments

Update 01/11/2012: Year-to-Tear comparison with 2011 Security Predictions

The new year has just come, vacations are over, and, as usually happens in this period, information security professionals use to wonder what the new year will bring them from an infosec perspective. The last year has been rich of events, whose echo is still resounding, and as a consequence, if RSA and Sony breach were not enough, the main (and somehow obvious) question is: will 2012 stop this trend or rather bring it to unprecedented levels, or, in other words, which threat vectors will disturb the (already troubled) administrators’ sleep?

Unfortunately my divination skills are not so developed (in that case I would not be here), but security firms can give a crucial help since they started to unveil their security predictions for 2012, at least since the half of December, so putting them together, and analyzing them is quite a straightforward and amusing task. Maybe even more amusing will be, in twelve years, to see if they were correct or not.

The security prediction that I take into consideration included, at my sole discretion (and in rigorous alphabetical order):

•    Cisco;
•    Fortinet;
•    Kaspersky;
•    McAfee;
•    Sophos;
•    Trend Micro;
•    Websense;

That is the only leader vendors for which I found predictions issued with original documents (feel free to indicate if I missed someone and I will be very glad to include them in the chart).

In any case, the landscape is quite heterogeneous since it encompasses security vendors covering different areas: one vendor, McAfee, covering all the areas (network, endpoint and content security), two vendors and one half focused on network and content security (Cisco, Fortinet and partially Sophos thanks to the Astaro acquisition), and two vendors focused essentially on endpoint security (Kaspersky and Trend Micro).

The following table summarizes their predictions:

In order to correctly understand the chart a premise is needed: as you will probably have already noticed, in several cases the predictions reflect the specific security focus for the analyzed vendor. For instance, Websense is focused on DLP, and that is the reason why the adoption of DLP is one of its predictions. Analogously McAfee is investing huge resources for Security on Silicon, and this implies that embedded systems and Malware Moving Beyond OS are present among its predictions. Same speech could be applied for Trend Micro and its Cloud Prediction and so on.

Some trends for this year are clearly emphasized: easily predictable Hactivism appears on 6 of the 7 vendors, as mobile (with different connotations) does. Social Media is on the spot as well as are SCADA, Embedded Systems and, quite surprisingly in my opinion, cloud. I would have expected a greater impact for APTs, but for a complete and more accurate analysis one should consider them together with threats targeting embedded systems or ICS. Even because according to several security firms, for instance Kasperky, APT Stuxnet-like will be used for tailored campaigns, whilst more “general purpose malware”, including botnets will be used for massive campaigns (this item is summarized as Mass Targeted Campaigns).

 

Some “old acquaintances” will be with us in 2012: consumerization, at least according to Sophos and Trend Micro (even if consumerization is strictly connected, if not overlapped with mobile) and, if the Comodo and Diginotar affaires were not enough, Rogue Certificates, according to McAfee. Instead some “new entries” are absolutely interesting, such as the threats related to NFC (even if in this case I would have expected a greater impact) or related to Virtual Currency. Besides let us hope that the prediction to adopt DNSSEC be more than a prediction but a consolidated practice.

The most conservative security firm? In my opinion Cisco. The most “visionary”? Maybe Fortinet, I found the “Crime as a Service (CaaS)” absolutely awesome, and most of all not so visionary, since there are already some (even if clumsy) attempts.

In any case with this plenty of Cyber Nightmares is not a surprise the fact the Enterprise security market is going to reach $23 billion worldwide in 2012 with a 8.7% growth year-on-year.

October 2011 Cyber Attacks Timeline (Part II)

November 2, 2011 Leave a comment

Halloween has just gone and here it is Part II of the October 2011 Cyber Attacks Timeline covering the second half (15-31) of this month.

From an Information Security Perspective, the 10th month of 2011 has been characterized by Duqu, the brand new Advanced Persistent Threat dubbed “The Sun Of Stuxnet”, whose echo is far from being silent (a brand new 0-day vulnerability targeting Windows Kernel has just been discovered in the Malware Installer). Duqu affected the timeline in two circumstances: not only the malware was discovered, but also an Indian Provider called Web Werks had some servers seized from a Data Center in Mumbai because they were discovered to be involved in the C&C communication of the infected endpoints.

Other noticeable events of the month involved:

  • The wave of alleged Cyber Attacks from China against Japan Parliament and Embassies and also against Canadian Finance and Treasury Board. These were not the only Cyber Events allegedly affecting China in October: even if occurred months before, news were reported that the attack against Mitsubishi Heavy Industries led to the theft of sensitive data, moreover other 760 organizations worldwide were attacked with the same methodology used for RSA Breach and originating from China as well.
  • A new tide of Hacktivism by Anonyomous and Antisec, encouraged from the OccupyWallStreet Movement, including a dramatic face-to-face of Anonymous Mexico against Las Zetas one of the most powerful Mexican Drug Cartel.

A particular rank in this month is deserved by Israel and Sweden, the first reported a huge data breach (affecting 9,000,000 users) occurred in 2006, while the latter suffered a Black October with a data leak involving nearly 200,000 users of the social platform bloggtoppen.se including Politicians and Journalists. At this point is clear that the cold Sweden won the Prize for the “Hottest Breach of The Month”.

Also Facebook was targeted with an alleged dump of 10,000 accounts, nothing if compared with the 600,000 compromised logins per day that the social network admitted to suffer).

According to my very personal estimate (based on the indications from the Ponemon’s insitute) the cost of the breaches for this months (in all those cases where enough information was available) is around $500 million, excluding the massive data breach in Israel reported today but occurred in 2006.

As usual, this Timeline was compiled with Useful Resources by:

And my inclusion criteria do not take into consideration “simple” defacement attacks (unless they are particularly resounding) or small data leaks.

Date

Author

Description

Organization

Attack

Oct 16

Fatal Error

UNESCO E-Platform Domain

The E-Platform domain of one of the Biggest Organizations: United Nations Educational, Scientific and Cultural Organization (UNESCO) gets hacked and defaced by Fatal Error Crew hackers.

Defacement

Oct 17

10,000+ FaceBook accounts

A Hacking Crew From Nepal called TeamSwaStika hacks more than 10,000 facebook accounts. The hacking crew declares next target will be Nepal Government website and e-governance for Freedom. Estimated cost of the breach is $2,140,000.

Account Hacking (Phishing?)

Oct 17

?

Sesame Street’s Youtube Channel

Sesame Street had its YouTube channel hacked on Sunday, and its highly popular child-friendly videos of muppets like Kermit the frog and the Big Bird replaced with hard core porn movies.

Account Hacking

Oct 17

?

NHS Direct Twitter Account

NHS Direct, the UK helpline which provides expert health advice via the telephone and internet, has had its Twitter account taken over by spammers promoting an Acai Berry diet.

Account Hacking

Oct 18

TurkisH -RuleZ

proXPN

proXPN, one of the famous VPN client based on OpenVPN Service, is hacked by TurkisH-RuleZ.

Defacement

Oct 19

?

Gameloft

Gameloft, a Paris-based video game company that’s a leading mobile-game developer, acknowledges that a security breach has prompted it to pull the plug on one of its Web sites, the Order and Chaos online site.

SQLi?

Oct 19

?

Duqu

In a blog post, Symantec explains it came across the first samples of a new malware infecting some computer systems in Europe that appears to be very similar to Stuxnet. More analysis shows the malware is a “simple” keylogger using the same Stuxnet Technology

N/A

APT

Oct 19

?

Lord Of The Rings On Line

A FAQ on the official forum of the Lord Of The Rings Community On Line reveals that the site was breached although no financial data has been obtained by the attackers.

SQLi?

Oct 20

?

Phishing The Phisher

Finally someone decides to give a lesson to a phisherm by hacking the phishing website with a message educating the potential victims.

Phishing

Oct 21

Vikram Pandit (Citigroup CEO)

Mobile phone number and home address of Vikram Pandit, CEO of Citigroup, have been placed on the web by hacking group CabinCr3w in retaliation for the cuffing of protesters at an Occupy Wall Street demo. In their online statement the hackers say that they had accessed the data – which also included family information and some financial figures – and uploaded it online in response to events during the recent anti-bank protests on Wall Street.

N/A

Oct 21

Law Enforcement Agencies

Anonymous and Antisec broke their apparent October silence and renewed the tradition of the Friday Dumps against law enforcement agencies releasing a 600MB data dump of confidential data belonging to Law enforcement agencies. A couple of days later an AntiSec hacker tells police in a phone call that boredom drove him to hack their website.

Defacement

Oct 22

40 Child Porn Websites

As part as what they call #OpDarknet, Anonymous takes down more than 40 darknet-based child porn websites over the last week. They also leak personal details of 1500 users. Detalils on “AnonMessage” and “BecomeAnonymous” YouTube channels.

40 child Porn Websites

SQLi

DDoS

Oct 23

?

Microsoft’s Official YouTube Channel

Hackers take control of Microsoft’s official YouTube Channel (24,000+ subscribers), remove the company’s videos and replace them with videos of their own. Neither Microsoft nor Google (which owns YouTube) have disclosed information on how the security breach was perpetrated.

N/A

Oct 23

One Hit Play

@DiabloElite dumps 1008 accounts from onehitplay.com, with no other reason beside to show the need of a stronger security. All the accounts have been stored as plain text. Estimated cost of the breach is around $214,000.

SQLi?

Oct 23

Xbox A new hackers’ crew @DestructiveSec dumps some Xbox Live accounts.

SQLi?

Oct 24

?

cheaptickets.nl

The database of CheapTickets.nl (containing 715,000 customers) is leaked. Stolen information include 1,200,000 tickets and 80,000 passport numbers. Total cost of the breach might exceed $153 million.

SQLi?

Oct 24

Intra Web Security Exploit Team

LG Australia Web Site

One of the Australian websites belonging to global electronics giant LG (lge.com.au) is hacked by a collective calling itself the Intra Web Security Exploit Team. The attackers replaced the site with some lightly-obfuscated JavaScript pretending to be conducting an injection attack.

Defacement,

Simulated SQli

Oct 24

Malicious Employee

Israely Ministry of Labor and Social Welfare

Employee with access to the Population Registry has been discovered to steal the details of over 9 million residents and then passed them to someone else. Estimated cost of the breach is nearly $2 billion.

Malicious Access

Oct 24

760 Organizations Worldwide

Brian Kerbs publishes in his blog a list of companies whose networks were shown to have been connecting to the same control infrastructure that was used in the attack on RSA. The first victims appear to have begun communicating with the attacker’s control networks as early as November 2010. According to the list 760 other organizations had networks compromised with some of the same resources used to hit RSA and almost 20 percent of the current Fortune 100 companies are on this list.

760 Organizations Worldwide

APT

Oct 25

?

bloggtoppen.se

The usernames and passwords of around 90,000 accounts at Bloggtoppen.se have been made public after a hacker attack against the website. Several journalists and politicians are among the bloggers whose log-in details have been published. On Oct 26, the Aftonbladet newspaper reported that a further 57 other websites had also been hacked, and the login details of up to 200,000 people are at risk. Estimated cost of the breach is around $42 million.

SQLi?

Oct 25

Chinese Hacker?

Japanese Parliament

According to local media reports, hackers were able to snoop upon emails and steal passwords from computers belonging to lawmakers at the Japanese parliament for over a month. PCs and servers were infected after a Trojan horse was emailed to a a Lower House member in July. The Trojan horse then downloaded malware from a server based in China – allowing remote hackers to secretly spy on email communications and steal usernames and passwords from lawmakers.

APT

Oct 25

Mitsubishi Heavy Industries

Mitsubishi Heavy Industries, a high-tech military contractor, which suffered an attack from hackers earlier this year, is reported to have lost sensitive data related to defence equipment including fighter jet planes and nuclear power plant plans, according to The Ashai Shimbun. Once again suspects are directed to China.

APT

Oct 25

Inside Error

United States Department Of Education

Highly sensitive information (including SSN) belonging to around 5,000 students was exposed after a computer error causing a federal government student loan website to reveal the data: a glitch in the website allowed students who were logged in to freely view the data of other scholars. Fortunately, the site was compromised only for 7 minutes at most, but it is possible that some users were able to steal sensitive information. Estimated cost of the breach is around $ 1 million.

Inside Error

Oct 26

?

awurval.se

314 job seekers’ e-mail addresses and clear-text passwords acquired and dumped. Estimated Cost of the breach is around $67,000.

SQLi?

Oct 26

?

Mobile Tele Systems

MTS is a primary Mobile Operator in Russia with more than 70 million subscribers. Personal data of 1.6 million mobile phone users appeared online in the second such leak in three months. The database, posted on Zhiltsy.net, included the full names and phone numbers of MTS subscribers in St. Petersburg and Bashkortostan, as well as residential addresses and passport data for some of them. According to MTS the database goes back to 2006 and most numbers are no longer valid. Estimated cost of the breach could potentially achieve $300 million.

N/A

Oct 26

@_V4ND

nationmultimedia.com

@_V4ND dumps what they say is a teaser of accounts obtained from nationmultimedia.com in what appears to be another havij or similar SQLi vun tool based attack. The leak contains user emails and passwords in clear text.

SQLi

Oct 26

Robert Delgado

Massive Identity Theft

Robert Delgado, a 40 years old California man, was sentenced to eight years in prison for identity theft after federal police GPS-tracked his phone and discovered a hard drive with over 300,000 victim profiles during a raid of his home. Estimated Cost of the thiet (not including purchases made with stolen data) is around $65 million.

300,000 frauded users

Bank Fraud

Oct 26

Pakistani Hacker

Bharat Sanchar Nigam Limited (BSNL)

Another occurrence of the Cyberwar between Pakistan and India: A Pakistani hacker “KhantastiC haX0r” hacks into the official website of India’s leading telecom Company Bharat Sanchar Nigam Limited (BSNL).

Defacement

Oct 27

Law Enforcement Authorities

@_f0rsaken a member of @TeaMp0isoN publishes a list of websites utilized by law enforcement authorities that are supposed to be vulnerable to MSAccess SQL injection attacks. A number of six sites that are listed are supposedly utilized by the police for their updates, the cybercriminals urging Occupy Wall Street supporters to take them down.

Law Enforcement Authorities

MSAccess SQLi

Oct 27

Oakland Police Department Web Site

Cyber activists associated with Anonymous target the Oakland Police Department (OPD) and other law enforcement agencies that participated in a controversial crackdown against OccupyOakland protestors with a DDoS (distributed denial-of-service) attack against the department’s website. Moreover According to TG Daily, the infamous collective is offered a $1,000 reward for anyone who can provide information on an officer that allegedly injured a war veteran that was taking part in the protest.

DDoS

Oct 27

?

Clarinda Bank Iowa

In a letter dated Tuesday, Oct. 25, bank vice president Jon Baier notifies specific customers of a data breach. The letter states the bank was not provided details of the security compromise, but to protect the impacted debit card accounts, replacement cards with new numbers were ordered. The number of affected users is unknown.

N/A

Oct 27

Japanese Embassies

There are new reports that dozens of diplomatic computers Japanese embassies abroad were infected with malware this Summer. The news comes on the heels of recent news about malicious software attacks on Japanese defense contractors and the Japanese Parliament. A report in a local Japanese publication, The Daily Yomiuri, places the infected diplomatic computers in Canada, China, France, Myanmar, the Netherlands, South Korea, and the United States. Again China is suspected since a China Link is found on the malware.

APT

Oct 27

U.S. Government Satellites

Bloomberg reports that Computer hackers, possibly from the Chinese military, interfered with two U.S. government satellites four times in 2007 and 2008 through a ground station in Norway, according to a congressional commission.

N/A

Oct 28

Canadian Finance and Treasury Board

Ottawa Citizen reveals that, in Jan 2011, the Canadian Finance and Treasury Board’s networks were targeted by hackers in an attempt to steal sensitive information about the potash industry even though Finance and Treasury Board representatives denies it. It looks that the hackers were actually foreign, the first clues indicating that the attack originated from China.

APT

Oct 28

PayFail

PayPal Executives’ Contact Information

In what looks to be the first of a number of “name and shame” postings, an individual or individuals posting as “PAYFAIL” upload some personal information on dozens of former and current PayPal executives. The dumped data do not seem to be particularly sensivite, nevertheless, although deleted three times so far, the original statement keeps on appearing on pastebin.

N/A

Oct 28

?

Again on Duqu

Two workers at an Indian web-hosting company called Web Werks tell Reuters that last week officials from India’s Department of Information Technology seized several hard drives and other components from a server hosted on a Mumbai Data Center, that security firm Symantec Corp indicated as communicating with computers infected with Duqu.

APT

Oct 29

El Paso County Community College

@DestructiveSec hacks the El Paso Country Community College, defacing the web site and dumps some data.

SQLi?

Oct 29

Las Zetas (Mexican Drug Cartel)

Anonymous Mexico faces one of the most dangerous criminal organizations in the World, the Las Zetas Mexican Drug Cartel. In a video they warn the Cartel to release one of their members kidnapped during a street protest, otherwise the hacker group will disclose (or dox) the identities of members of the cartel including corrupted politicians and policeman. Another example of an hacking action with huge real aftermaths in terms of possible deadly retaliations.

Mexican Droug Cartel

SQLi?

Oct 29

Dominican Republic Police

As part of their Spanish Solidarity Saturday Anonymous release a pastebin document containing a list of finds and vulnerabilities on the Dominican Republic Police system and some other sites too. They also left a website defaced.

Several Vulns,

Defacement

Oct 31

3xp1r3 cyber army

hi5ads.com

A hacker group going by the name of 3xp1r3 cyber army dumps two separate pastes with respectively 5,065 and 3,149 account details to www.hi5ads.com. The leaks contain emails and plain text passwords. Estimated cost of the breach is around $680,000.

SQLi

Oct 31

3xp1r3 cyber army

Bangla TV

The Same group hacks Bangla TV and releases 1,517 usernames and clear-text password. Estimated cost of the breach is around $320,000.

SQLi

Oct 31

ScreamDevz

Penguin Elite

A group or individual dubbed ScreamDevz hacks Club Penguin Elite Database and dumps nearly 400 usernames, emails and MD5 hashed passwords. Estimated cost of the breach is around $80,000.

SQLi

Oct 31

Chinese Government Web Site

@TehMaskz, a member of @ChaoticSec defaces a web site belonging to Chinese Government (at the time of writing http://www.wfaic.gov.cn/index.html is still defaced). In the same circumstance other 9 sites all over the World are defaced.

Defacement

Oct 31

One Hit Play

@ChaoticSec hacks One Hit Play (once again) and releases more than 1000 User information, including emails, passwords, and usernames. Estimated cost of the breach is around $214,000.

SQLi

Oct 31

comitet.ru

@DeleteSec attacks comitet.ru and dumps more than 2000 records with email and passwords. Estimated cost of the breach is around $420,000

SQLi

Oct 31

plusline.org

@DeleteSec attacks plusline.org and dumps more than 1000 records with email and passwords. Nearly in contemporary the same group dumps 700+ accounts from several sites. Estimated cost of the breach is around $420,000.

SQLi

Oct 31

Mr. DarkCoderz

Adult Site

Another occurrence of hackers dumping data from adult sites. Estimated cost of the breach is around $43,000.

Adult Site

SQLi?

September 2011 Cyber Attacks Timeline (Part II)

October 2, 2011 5 comments

Here it is the second part of my traditional monthly Cyber Attacks Timeline (Part I available here). From an information Security Perspective the main events of this month were the infamous Diginotar breach which led to Bankrupt for the Dutch Company and also the BEAST attack to SSL, two events which, together, thumbed the Infosec Community in its stomach.

Of course these events did not divert the attention of hackers who kept on to carry on attacks against different targets.

The Anonymous continued their campaign: although mainly focused on the #OccupyWallStreet Operation (in which a Senior Officer who used pepper spray against protestors was “doxed”, they targeted several governments including Mexico, Austria, (where they also performed an unconfirmed hack against an health insurance Firm targeting 600,000 dumped users) and Syria. In particular the latter attack triggered a retaliation by Syrian Electronic Soldiers against the prestigious Harvard University.

Chronicles also report a Japan defense contractor hit by hackers, Mitsubishi Heavy Industries, (China denied its involvement on the attack), another Twitter Account hacked by The Script Kiddies (this time against USA Today), an indirect attack perpetrated against (through) Oracle by infecting its MySQL.com domain with downloadable malware and, last but not least a massive defacement of 700,000 sites hosted by Inmotion.

US Navy was also victim of defacement.

As far as the prize for the “Most Expensive Breach of the Month” is concerned, the laurel wreath is undoubtedly for SAIC (Science Applications International Corp.) which lost a tape database backup containing data of 4,900.000 users with an estimated cost of approximately 1 billion of bucks…

As usual, useful Resources for compiling the table include:

My inclusion criteria do not take into consideration simple defacement attacks (unless they are particularly resounding) or small data leaks.

Update: On 09/30/2011, Betfair reported a 3.15 million records breach with a total estimated cost of 1.3 billion USD winning the laurel wreath of the most expensive breach of the month.

Date Author Description Organization Attack
Sep 16


Websites of several Mexican government ministries

As part of OpIndipendencia, websites of several Mexican government ministries, including Defense and Public Security, are teared down in the same day of the symbolic beginning of Mexico’s independence from Spain.


DDoS
Sep 16 Mikster
Clubmusic.com

Clubmusic.com, a worldwide dj website. is hacked and the leak dumped on pastebin.


SQLi
Sep 16 Sec Indi Security Team
Official Website of The United States Navy

An hacker crew called Sec Indi Security Team Hacker uploads a custom message on the server to warn a WebDav vulnerability.

WebDav Vulnerabilty
Sep 16 ? California State Assembly

More than 50 employees of the California State Assemby, including some lawmakers, have been warned that their personal information might have been obtained by a computer hacker.


?
Sep 17 ?
Intelligence And National Security Alliance

Names and email addresses of hundreds of U.S. intelligence officials have been posted on an anti-secrecy website. On Monday Sep 10 INSA published a major report warning of an urgent need for cyberdefenses. Within a couple of days, in apparent retaliation, INSA’s “secure” computer system was hacked and the entire 3,000-person membership posted on the Cryptome.org website

  N/A
Sep 17 ?
Fake FBI Anonymous Report

A Fake FBI Psychological profile of the Anonymous group is published. Although not a direct cyber attack, this event can be considered an example of psychological hacking and a “sign of the times” of how information and counter information may play a crucial role in hacking.

  SQLi?
Sep 18
Texas Police

Anonymous/Anti-sec releases a document containing a list of about 3300 members of the Texas Police Association

  N/A
Sep 19

?

Mitsubishi Heavy Industries

Mitsubishi Heavy Industries, Japan’s biggest defense contractor, has revealed that it suffered a hacker attack in August that caused some of its networks to be infected by malware. According to the firm,  45 network servers and 38 PCs became infected with malware at ten facilities across Japan. The infected sites included its submarine manufacturing plant in Kobe and the Nagoya Guidance & Propulsion System Works, which makes engine parts for missiles.


APT
Sep 19
City Of Rennes

TeaMp0isoN takes responsibly to hack the official website of The City Of Rennes (France) via a tweet. They also publish the reason of hack on the defacement page.

Defacement
Sep 19
?

Hana SK

Hana SK Card Co., a South Korean credit card firm, announces that Sep 17, some 200 of its customers’ personal information has been leaked. Total cost of the breach is $42,800.

Hana SK Card
SQLi?
Sep 20
? Former USSR Region

Source report that at least 50 victim organizations ranging from government ministries and agencies, diplomatic missions, research institutions, and commercial entities have been hit in the former Soviet Union region and other countries in an apparent industrial espionage campaign that has been going on at least since August 2010.The advanced persistent threat (APT)-type attacks — dubbed “Lurid” after the Trojan malware family being used in it — has infected some 1,465 computers in 61 countries with more than 300 targeted attacks.


APT
Sep 20
 Shad0w Fox Sports Website

Fox Sports website, on of the most visited Websites in the world (rank 590 in Alexa) gets hacked. An Hacker named “Shad0w” releases SQL injection Vulnerability on one of the sub domain of Fox Sports and exploit it to extract the database. Leaked database info posted on pastebin. Vulnerable link is also posted together admin password hashes.


SQLi?
Sep 22
Core Security Technologies

Another security Firm target of hacking: Core Security Technologies is hacked by an hacker called Snc0pe, who defaces some websites belonging to the firm. Mirror of the hack can be seen here.


N/A
Sep 24 ?
UKChatterbox

Popular IRC service UKChatterbox advises users to change their passwords following a series of hacks which culminated in an attack that may have compromised user details. The password reset follows on from a succession of outages previously attributed to maintenance upgrades, back to the start of the summer. In a notice to users, UKChatterbox advises users to change their passwords and not to re-use them on other sites. The number of hacked account is unknown.


N/A
Sep 25

Seven Major Syrian Cities and Government Web Sites

The Anonymous unleash a chain of defacement actions against the Syrian Government, hacking and defacing the official sites of seven major Syrian cities, which stayed up in their defaced version for more than 16 hours. The defacement actions kept on the following day in which 11 Syrian Government Sites were defaced as part of the same operation.


Defacement
Sep 25 ?
Indira Gandhi International Airport

Although happened three months ago, it turns out that a ‘technical snag’ hittinh operations at the Indira Gandhi International Airport (IGIA) T3 Terminal was caused by a “malicious code” sent from a remote location to breach the security at the airport.


APT
Sep 26
Inmotion Hosting Server

700,000 websites hosted on InMotion Hosting network are hacked by TiGER-M@TE. The hackers copied over the index.php in many directories (public_html, wp-admin), deleted images directory and added index.php files where not needed. List of all hacked 700,000 sites here.

Defacement
 Sep 26
Austrian Police

The Austrian Anonymous branch publishes the names and addresses of nearly 25,000 police officials, raising fears for officers’ personal security. An Austrian Interior ministry spokesman said the information came from an “association closely related with the police”. Estimated cost of the breach is around $ 5,400,000.


SQLi?
Sep 26
USA Today Twitter Account

The USA Today Twitter account is hacked and starts to tweet false messages mentioning the other accounts hacked by the authors of the action: the Script Kiddies (already in the spotlight for hacking the FoxNews Twitter Account at the Eve of 9/11 anniversary)


Account Hacking
Sep 26
?
MySQL.com

MySQL.com website is struck by cybercriminals, who hacked their way in to serve up malicious code to visiting computers with a Java exploit that downloaded and executed malicious code on visiting Windows computers. Brian Krebs reports that just few days before, he noticed on a Russian underground website that a hacker was offering to sell admin rights to MySQL.com for $3000. MySQL.com receives almost 12 million visitors a month (nearly 400,000 a day).


Java Exploit to install malware
Sep 26
Harvard University

In retaliation for the defacements performed by the Anonymous targeting Syria, Syrian Electronic Soldiers deface the website of the prestigious Harvard University. The same group came in the spotlight during July and August for defacing Anonoplus engaging a “de facto” cyberwar against The Anonymous.


Defacement
Sep 26 ?
#Occupywallstreet

The month of September is characterized by the OccupyWallStreet Operation, started on September, the 17th and still ongoing. Although not directly configurable as an hacking action, it may rely on the support of the Anonymous who “doxed” a senior police who controversially usec pepper spray against a group of female protesters.


N/A
Sep 27
COGEL, Council On Governmental Ethical Law

Once again in this month,Snc0pe claims another resounding action. This time the alleged target is the official website of The Council on Governmental Ethics Laws (COGEL). He posts a message on pastebin, along with the database download link.


SQLi?
Sep 28
Tiroler Gebietskrankenkasse (TGKK)

AnonAustria in the spotlight again after the resounding hack against Austrian Police. This time the victim is an health insurance firm Tiroler Gebietskrankenkasse (TGKK) whose database of some 600,475 medical records AnonAustria claims to have hacked. The databse includes some celebrities. The total cost of the breach is around $128,500,000.00.


SQLi?
Sep 29 ?
SAIC (Science Applications International Corp.)

SAIC, one of the Pentagon‘s largest contractors reveals to have discovered a data breach occurred a couple of weeks before, affecting as many as 4.9 million patients who have received care from military facilities in San Antonio since 1992. The breach involved backup computer tapes from an electronic health care record. Some of the information included Social Security numbers, addresses, phone numbers and private health information for patients in 10 states. Statement of the data breach here Estimated cost of the breach is around $ 1 billion.


Car Burglary
Sep 30 ?
Laptop Virus Repair

Although not resounding as the one which targeted MySQL.com, here it is another example of a website infected with malicious code targeting a free antivirus cloud based service.

Laptop Virus Repair
Malicious Code
Sep 30 ?
Betfair

Betfair reports a leak including not only the payment card details of most of its customers but also “3.15m account usernames with encrypted security questions”, “2.9m usernames with one or more addresses” and “89,744 account usernames with bank account details”. The incident occurred on 14 March 2011 but was announced only 18 months later. Estimated cost of the breach is around $1.3 billion.


?

September 2011 Cyber Attacks Timeline (Part I)

September 15, 2011 5 comments

So here it is, also for this month, the first part of My Cyber Attacks Timeline covering the first half of September.

Apparently It looks like the wave of the Anonymous attacks that characterized August has stopped. Even if several isolated episodes occurred, their impact was slightly lower than the previous months.

Probably the most important security incident for this month was the Diginotar Hack, not only because the Dutch Certification Authority has been banned forever by the main browsers and OSes but also because all the authentication model based on CAs is under discussion. Moreover once again a cyber attack has been used as a mean of repression. This incident is a turnkey point for information security but in my opinion also the DNS hacks by Anonymous Sri Lanka and Turkguvenligi are noticeable since they reinforce the need for a quick adoption of DNSSEC.

For the first time not even the Linux Operating System (an open world) was immune from hackers: both the Linux Kernel and the Linux Foundation Web Sites were hacked during this month, two episodes that Penguin Lovers will remember for a long time.

Easily predictable an attack recalling 9/11 carried on against the Twitter Account of NBC News was also reported.

Other noticeable events: three huge data breaches were reported, four attacks with political motivations targeting India, Nigeria, Colombia, and the Russia Embassy in London were perpetrated and another security vendor (Panda Security) was indirectly targeted.

The remainder of the month was characterized by many smaller attacks (mostly defacements and data leaks) and an actress (Scarlett Johansson) was also victim of data leaks.

Useful Resources for compiling the table include:

And my inclusion criteria do not take into consideration simple defacement attacks (unless they are particularly resounding) or small data leaks.

Date Author Description Organization Attack
Sep 1

?

Kernel.org

The site of Kernel.org suffered a security breach leading which caused the server to be rooted and 448 credential compromised. Although it is believed that the initial infection started on August the 12th, it was not detected for another 12 days.


rootkit (Phalanx)
Sep 1
Apple, Symantec, Facebook, Microsoft, etc.

The Sri Lankan branch of Anonymous claims to have hacked into the DNS servers of Symantec, Apple, Facebook, Microsoft, and several other large organizations over the past few days,  posting the news and records of its exploits on Pastebin.


DNS Cache Snoop Poisoning
Sep 1 ?
Birdville Independent School District

Two students hack into their school district’s server and accessed a file with 14,500 student names, ID numbers, and social security numbers. Estimated cost of the breach is around $3,000,000.

?
Sep 2 Texas Police Chiefs Association

As usual happens on Fridady, Texas Police Chiefs Association Website is hacked by Anonymous for Antisec Operation. Hacker defaced their website and posted 3GB of data in retaliation for the arrests of dozens of alleged Anonymous suspects. According to Hackers the site has been owned for nearly one month.

SQLi?
Sep 2
EA Game Battlefield Heroes

One of the most famous games over the world Battlefield Heroes developed by EA Games is hacked by a hacker named “Why So Serious?” who leaks the User Login passwords on pastebin

SQLi?
Sep 2
vBTEAM Underground

Vbteam.info, the underground vBulletin Hacking website is hacked by “Why So Serious?“, who leaks 1400+ accounts of the Vbteam.info forum in pastebin.

SQLi?
Sep 3 Nomcat
Indian Government

An Indian Hacker named “nomcat” claims to have been able to hack into the Indian Prime Ministers Office Computers and install a Remote Administration Tool) in them. He also Exposes the Vulnerability in Income Tax website and Database Information.

SQLi?
Sep 4

Popular Websites: : Daily Telegraph, The Register, UPS, Vodafone

Popular websites including The Register, The Daily Telegraph, UPS, and others fall victim to a DNS hack that has resulted in visitors being redirected to third-party webpages. The authors of the hack, a Turkish group called Turkguvenligi, are not new to similar actions and leave a message declaring this day as World Hackers’ Day.


DNS Hijacking
Sep 5
Mobile App Network Forum

Mobile APP Network Forum is Hacked by “Why So Serious?”. He leaks over 15.000 accounts of the community (Forum) on Pastebin in two parts (Part 1 and Part 2).

SQLi?
Sep 5

European Union Institute For Energy and Transport

One of the Sub domain of European Union (Institute for Energy) is hacked and Defaced by Inj3ct0r. Hackers deface the web page, release some internal details and leave a message against Violence in Lybia and Russian influence in Ukraine.

http://ie.jrc.ec.europa.eu
Defacement
Sep 5  Cocain Team Hackers United Nations Sub Domain of Swaziland

United Nations Sub-Domain of Swaziland is hacked and defaced by Cocain Team Hackers. 

UN Logo
Defacement
Sep 5
Uronimo Mobile Platform

The Uronimo Mobile platform is hacked by Team Inj3ct0r. They leak the web site database and release on Pastebin internal data including Username, Hash Password, emails and Phone Numbers of 1000 users. Estimated Cost of the Breach is $214,000.


SQLi?
Sep 6 Comodo Hacker
Diginotar

The real extent of the Diginotar breach becomes clear: 531 bogus certificates issued including Google, CIA, Mossad, Tor. Meanwhile in a pastebin message Comodo Hacker states he own four more CAs, among which GlobalSign which precautionally suspends issuance of certificates.


Several Vulnerabilities
Sep 7 ?
Beaumont Independent School District

The superintendent of schools for Beaumont Independent School District announces that letters are being mailed to parents of nearly 15,000 of its 19,848 students to inform them of a potential breach of data that occurred recently. Inadvertently, private information including the name, date of birth, gender, social security number, grade and scores on the Texas Assessment of Knowledge and Skills (TAKS) exam of students who were in the third through 11th grades during the 2009-2010 school year–were potentially exposed.  Estimated cost of the breach is $3,210,000.


Human Mistake
Sep 7 ?
Stanford Hospital, Palo Alto, Calif.

A medical privacy breach leads to the public posting on a commercial Web site of data for 20,000 emergency room patients at Stanford Hospital in Palo Alto, Calif., including names and diagnosis codes. The information stayed online for nearly a year from one of its vendors, a billing contractor identified as Multi-Specialty Collection Services, to a Web site called Student of Fortune, which allows students to solicit paid assistance with their schoolwork. Estimated Cost of The Breach is $4,280,000.

Human Mistake
  Sep 9 Comodo Hacker
GlobalSign

After suspending issuing certificates, GlobalSign finds evidence of a breach to the web server hosting the www website. The breached web server has always been isolated from all other infrastructure and is used only to serve the http://www.globalsign.com website.


?
Sep 9
 Comodo Hacker
Google

As consequence of the infamous Diginotar Breach Google advises its users in Iran to change their Gmail passwords, and check that their Google accounts have not been compromised. Google also indicates that it is  directly contacting users in Iran who may have been hit by a man-in-the-middle attack.


Man In The Middle
Sep 9
NBC News

The NBC News Twitter account is hacked and starts to tweet false reports of a plane attack on ground zero. The account is suspended and restored after few minutes.


Trojan Keylogger  via Email
Sep 9 ?
Samsung Card

Data of up to 800,000 Samsung Card clients may have been compromised after an employee allegedly extracted their personal information. The Breach was discovered on Aug. 25 and reported to police on Aug. 30. It is not clear what kind of information has been leaked, maybe the first two digits of residence numbers, the names, companies and mobile phone numbers were exposed. Estimated cost of the breach is $171,200.000.


Unauthorized Access
Sep 10 ?
BuyVIP (Amazon Owned)

Although not officially confirmed, BuyVIP users received an e-mail informing that their database had been hacked. Apparently, the website had been offline for a couple days and it looks like that not only names and email addresses were retrieved, but also birth dates, real shipping addresses as well as phone numbers.


SQLi
Sep 11 ?
Linux Foundation

Few weeks after the kernel.org Linux archive site suffered a hacker attack, the Linux Foundation has pulled its websites from the web to clean up from a security breach. A notice posted on the Linux Foundation said the entire infrastructure including LinuxFoundation.org, Linux.com, and their subdomains are down for maintenance due to a security breach that was discovered on September 8, 2011.

Linux Foundation
SQLi?
Sep 11
AryansBook.com

Anonymous leaks the complete database from a well known nazi website AryansBook.com and posts the content on The Pirate Bay. This is a fight towards racism of any kind.

AryansBook
SQLi?
Sep 12 ?
Bitconitalk Forum

An unknown hacker uses a zero day flaw to steal email addresses, hashed passwords and read personal messages from the bitcointalk.org forum. Forum administrators said the attacker gained root access on 3 September and was able to run arbitrary PHP code not detected until the attacker injected “annoying JavaScript” into the forum pages a week later: the Javascript splashed actor Bill Cosby across the forums and replaced all references to BitCoin with CosbyCoin.

Bitcoin
0-day exploit in SMF
Sep 12 ?
Nigerian Government Website

Nigerian Government Website is hacked and defaced by Brazilian Hackers that leave a message in the main page.


Defacement
Sep 12 ?
Vacationland Vendors

A hacker gains unauthorized access to the card processing systems at Wilderness Waterpark Resort  and improperly acquires 40,000 credit card and debit card information. Estimated Cost of the Breach is $8,560,000.


N/A
Sep 12 X-Nerd Panda Security

Another Security Company Hacked: a hacker going by the name of X-Nerd hacks and defaces the Pakistan Server of a very well known security software website:  Panda Security.


SQLi?
Sep 12 ?
Russian UK Embassy

Just before Prime Minister David Cameron’s first visit to Moscow, the website belonging to the Embassy Of The Russian Federation in London was taken down by hackers. It seems as the attack was launched in sign of protest to the upcoming visit after a 5-year break in which no British leader went to Moscow.

DDoS
Sep 13 Cyb3rSec
thetvdb.com

Cyb3rSec dumps a list of 3500+ Accounts from the forum thetvdb.com.

SQLi?
Sep 13
top100arena.com

Albanian hackers belonging to Albanian Cyber Army exploit one of the biggest Game Arena site “Top100″ database using SQL injection attack. They leak the database on mediafire.

SQLi
Sep 14
President of Bolivia (presidencia.gob.bo)

SwichSmoke crew hacks the site belonging to President of Bolivia and dumps the leaked data on pastebin.

Various Exploits
Sep 14 ?
uTorrent.com

The uTorrent.com Web servers has been compromised and consequently the standard Windows software download was replaced with a type of fake antivirus “scareware” program.

  SQLi
Sep 14 ?
Bright House Networks

Bright House Networks, the sixth largest owner and operator of cable systems in the U.S., has sent a letter to customers warning that they may have been exposed after servers used to process Video on Demand (VOD) were breached.

  ?
Sep 14 ?
Scarlett Johansson

Also an actress may be victim of hackers: The FBI investigate reports that nude photos of a famous celebrity (allegedely Scarlett Johansson) have been leaked onto the web. The day before Twitter was flooded with messages claiming to link to naked pictures of her, which were allegedly stolen from her iPhone by a hacker earlier this year.

  ?
Sep 15 Stohanko
Various Sites

More than 101 sites, with huge amount of data and personal information which ranges from emails, phone numbers, to full names and addresses, have been hacked by an hacker dubbed Stohanko. At this link a list of the hacked sites and the links to dumped data.

?

August 2011 Cyber Attacks Timeline

September 2, 2011 8 comments

Here it is the complete list of Main Cyber Attacks for July: definitively it looks like the Dog Days did not stop the Cyber Attacks, which have been particularly numerous during August.

Following the trail of July, an attack against PCS Consultants, another U.S Government contractor opened this hot month, even if the controversial shady RAT affair monopolized (and keeps on to monopolize) the infosec landscape (and not only during the first half of the month). Easily predictable nearly every endpoint security vendor (and McAfee competitors) tend to minimize the event considering it only the latest example of RAT based cyber attacks with no particular features (see for instance the comment by Sophos, Kaspersky and Symantec).

Analogously the Dog Days did not stop hactivism with the infamous hacking group Anonymous (and its local “chapters”) author of several attacks in different countries and most of all of author of a kind of arm wrestling against BART (Bay Area Rapid Transit), sometimes carried out with questionable methods. Research in Motion was indirectly involved on the Anonymous Campaign during the London Riot, but also Anonymous was hit by (another) defacement attack carried on by Syrian hackers which affected Anonplus, the alternative Social Network.

South Korea was also hit with other massive breaches (involving also Epson Korea) and a defacement against the local branch of HSBC.

According to my very personal estimates, based on the Ponemon Institute indications, the cost for the data breach for which enough information was available, is around $ 126 million mainly due to the impressive Epson Data Breach.

Useful resources for compiling the table include:

And my inclusion criteria do not take into consideration simple defacement attacks (unless they are really resounding) or small data leaks.

Enjoy the complete list!

Date Author Description Organization Attack
Aug 1

PCS Consultants

Another U.S. Government contractor, PCS Consultants gets hacked by Anonymous & Antisec. Hackers extract website Database and leak it on the internet via Twitter on Pastebin (as usual!). Leaked Data include Admin’s and 110 users emails, plus passwords in encrypted hashes.


SQLi?
Aug 2
Vitrociset

72 hours after the first defacement, Vitrociset, a contractor of Italian Cyber Police, is hacked and defaced again by Anonymous.


SQLi? Defacement
Aug 3
United Nations (Shady RAT)

In an interview to Vanity Fair (as to say, information Security is a fashion), a McAfee Security Researcher declares UN and other international institutions have been victims of a large scale Remote Access Tool based attack from a Foreign Country. The attack is dubbed shady RAT and suspects are directed to China.


Remote Access  Tool
Aug 3
Colombia

Anonymous and Colombian Hackers shut down the websites of Colombia’s president, the interior and justice ministry, the intelligence service DAS and the governing party. The hacker attack was meant as a protest against government censorship.

DDoS
Aug 3
The SUN and News Corp. International

Britain’s Rupert Murdoch-owned tabloid The Sun sends a message to readers warning them that computer hackers may have published their data online after an attack on the paper’s website last month. A hacker styled ‘Batteye‘ claims to have posted details taken from The Sun on the Pastebin.

SQLi?
Aug 3
Front National

As a consequence of the Massacre of Oslo, Anonymous France claims to have hacked a server belonging to Front National, leaking a list of 100 leaders of the party


?
Aug 5 ?

Citi Cards Japan (Citigroup)

Eight weeks after a hacker cracked its credit card database, the company’s credit card unit in Japan, Citi Card, reported in a message to its user base that “certain personal information of 92,408 customers has allegedly been obtained and sold to a third party illegally.” Estimated cost of the breach is about $19.8 million.


unfaithful outsourcer
Aug 6 Law Enforcement Agencies

After the first attack to Law Enforcement Institutions in July, Anonymous and LulzSec, as part of what they define the ShootingSheriffsSaturday, leak again 10 Gb of Data from the same Law Enforcement Agencies, including private police emails, training files, snitch info and personal info. The attack was made in retaliation for anonymous arrests


SQLi?
Aug 6
SAPPE (Sindacato Autonomo Polizia Penitenziaria)

Anonymous defaces the Web Site of SAPPE (Independent Union of Prison Guards) and leaves a message on pastebin (here in italian) claiming more rights for detainees


SQLi?
Aug 6
Policia Federal (Brazilian Police)

LulzSec Brazil hacks Brazilian Police and discloses 8 gb of data from what they defined the Pandora’s Box


USB Key Stolen?
Aug 7
Syrian Ministry of Defense

The Syrian Ministry of defense is hacked by Anonymous which defaces the web site and post a note supporting the Syrian people


Defacement
Aug 9
Anonplus (Anonymous Social Network)

In retaliation for the defacement of the Syrian Ministry of Defence, a Syrian Group of hackers dubbed Syrian Electronic Army, has defaced (for the third time), Anonplus, the alternative Social Network in phase of deployment by Anonymous, posting several gruesome images.


Defacement
Aug 9
Research In Motion

As an (in)direct consequence of the London Riots, a crew of hackers called TeaMp0isoN defaces The Official BlackBerry Blog after RIM has indicated to assist London police, who are investigating the use of the messaging service in organizing riots, with a “very extensive monitoring of the BlackBerry Messenger model”.


SQLi?
Aug 9
Operation Satiagraha

As part of Operation Antisec, LulzSec and Anonymous, release 5gb of documents, photos, audio files and videos, exposing that wich was one of the greatest corruption scandals in the recent history of Brazil


SQLi?
Aug 10 ?
University Of Wisconsin Milwaukee

The Social Security numbers of 75,000 students and employees at the University of Wisconsin-Milwaukee arE exposed after hackers planted malware in a campus server.ty-of-wisconsin-server. Estimated Cost of the Breach is $16 million.


APT
Aug 10 ?
Hong Kong Stock Exchange (HKEx)

The Hong Kong stock exchange (HKEx) halts trading  for seven stocks in the afternoon trading session after its website was attacked during the morning trading session. The seven stocks in question were all due to release sensitive results to the website that could impact the price of their stocks. Initially the attack was believed to have compromised the web site. Later it was discovered to be a DDoS.


DDoS
Aug 12 Headpuster
Welt.de

An hacker called Headpuster, to protest against the sale of user data to a third party operator, hacks Welt.de using an SQL Injection (http://boot24.welt.de/index_welt..php?ac =***) and steals a large amount of data  including credit card information of 30,264 users from the database He then publishes censored excerpts. Estimated cost of the breach is around $6.5 million.


SQLi?
Aug 12 ?
Hong Kong stock exchange (HKEx)

The Hong Kong stock exchange comes under attack for the second day in a row on Thursday. The exchange blamed a Distributed Denial of Service (DDoS) attack against its news web server, hkexnews.hk. A Suspect has been arrested on Aug, the 23rd.


DDoS
Aug 14
Mybart.org

As part of their #OpBART and #Bart-Action in response to a temporary shutdown of cell service in four downtown San Francisco stations to interfere with a protest over a shooting by a BART police officer, Anonymous attacks the myBART.org website belonging to San Francisco’s BART (Bay Area Rapid Transit) system. They perform a SQL injection (SQLi) attack against the site and extract 2,450 records containing names, usernames, passwords (plain text), emails, phone numbers, addresses and zip codes. Estimated Cost of the Breach is $524,300.


SQLi
Aug 15 ?
GOMTV.NET

After SK, Another South Korean service provider reports a large-scale data breach of usernames and passwords for subscribers worldwide. This time, it’s the turn of Seoul-based streaming media service GOMTV to suffer a data-spilling intrusion. According to GOM TV, the breach happened early in the morning of Friday 12 August 2011 Korean time; the company sent out a warning email to its subscribers on Sunday 14 August 2011.


SQLi?
Aug 16
Vanguard Defense Industries

Antisec targets Richard Garcia, the Senior Vice President of Vanguard Defense Industries (VDI). During the Breach nearly 4,713 emails and thousands of documents are stolen. The attack has been performed on August the 16th, but, as a consolidated tradtion, the torrent has been released on Friday, August the 19th.


Vulnerability in WordPress Hosting Platform
Aug 16
Ebay

Hacker group Cslsec (Can’t stop laughing security) leaks some accounts from Ebay and post them on pastebin.


SQLi?
Aug 17
BART Police

A database belonging to the BART Police Officers Association is hacked, and the names, postal and email addresses of officers are posted online. Over 100 officers are listed in the document posted, as usual, on pastebin. Estimated cost of the breach is $21,400.


SQLi?
Aug 20

HSBC Korea

A turkish based hacker hacks and defaces the Korean branch of HSBC, the global banking group.

defacement
Aug 21 pr0tect0r AKA mrNRG

Nokia Developer Forum

The developer forum section of Nokia Website is hacked by Indian Hacker “pr0tect0r AKA mrNRG“. He was able to deface the site and access to email records. According to an official statement from Nokia a “significantly larger” number of accounts has been accessed although they do not contain sensitive information.

SQLi
Aug 21
Danish Government

Anonymous Hackers upload a file on Torrent containing the snapshot of the Danish Government database of companies. The snapshot was obtained during the summer of 2011 by systematically harvesting data from the public parts of the cvr.dk website.

SQLi?
Aug 22 ?
Epson Korea

Hacking in South Korea: After GOMTV.NET Epson Korea is hit by a massive data breach, involving the personal information of 350,000 registered customers. Hackers break into Epson Korea’s computer systems, and steal information including passwords, phone numbers, names, and email addresses of customers who had registered with the company. Estimated cost of the breach is $74,900,000.

 ?
Aug 22 Electr0n
Libyan domain name registry

Hackers deface the nic.ly website, the main registry which administers .ly domain names (the “.ly” stands for “Libya”) and replace it with anti-Gaddafi message.


defacement
Aug 22 Allianceforcebiz.com

@ThEhAcKeR12, an admirer of Anonymous acts independently to breach an outsourced provider and steal a customer list with 20,000 log-in credentials. Many on the list were U.S. government employees. Estimated cost of the breach is around $4,280,000.


SQLi?
Aug 22

UK MET Police

As part of the Murder Military Monday, Metropolitan UK Police is hacked for #Antisec by CSL Security using SQL injection Vulnerability and the vulnerable link is also shown on Twitter and pastebin. Other attacked sites include: USarmy.com, GoArmy.com.


SQLi
Aug 23
U.S. Government

F-Secure discovers that on 17th of July, a military documentary program titled “Military Technology: Internet Storm is Coming” was published on the Government-run TV channel CCTV 7, Millitary and Agriculture (at military.cntv. While they are speaking about theory, they actually show camera footage of Chinese government systems launching attacks against a U.S. target.

DDoS?
Aug 24
Cslsec

Another example of Cyberwars between different hacker crews: TeaMp0isoN hacks Cslsec which claimed to be the new LulzSec


Defacement
Aug 25 ?
U.S. Military Base

Another example of military emails leaked by hackers.


SQLi?
Aug 27 Division Hackers Crew
Borlas.net

Division Hackers Crew hacks the Database of Borlas.net (Free SMS Site) and leaks the usernames, Passwords, emails and phone numbers of 14800 registered users. As usual, leaked database has been posted on pastenbin. Estimated cost of the breach is $3,167,200.


SQLi?
Aug 28
Orange.fr

Anonymous Hacker hacks Orange.fr and uploads the database and Site source code backup on file sharing site.


SQLi?
Aug 29 Iranian Hackers
Diginotar

A user named alibo on the Gmail forums posts a thread about receiving a certificate warning about a revoked SSL certificate for SSL-based Google services. The certificate in question was issued on July 10th by Dutch SSL certificate authority DigiNotar. The fake certificate was forged by Iranian Hackers, and revoked immediately. This is the second episode of a MITM attack against Google after the Comodo Affair in May.


Vulnerability
Aug 29 ?
Gabia (South Korean domain registrar)

Another Cyber Attack in South Korea: Gabia a South Korean domain registrar is hacked on Saturday Aug 27, according to a report Monday by the Korea Herald. The hack exposed over 100,000 domains and 350,000 users data. The information included names, user IDS, passwords and registration numbers.

?
Aug 29
densetsu.com

Sometimes they come back: one of the lulzsec members seems to have made a quick returning hacking a child porn trading forum and leaking over 7000 accounts.

densetsu.com SQLi?
Aug 30
Wikileaks (1)

Der Spiegel reports that a WikiLeaks file containing the original leaked US State Department cables has inadvertently been released onto the Internet. The documents have not been edited to protect sources, meaning that the lives of informants could be at risk.

?
Aug 30 ?
Wikileaks (2)

The WikiLeaks website, which contains thousands of U.S. embassy cables, has crashed in an apparent cyberattack. The anti-secrecy organization said in a Twitter message Tuesday that Wikileaks.org “is presently under attack.”

  DDoS
Aug 30
swgalaxies.net

@neatstuffs leaks over 23,000 emails and passwords from a Star Wars Fan Club, and all the passwords are in clear text…sad isnt it? that a website would store so many users information with no security.

SQLi?
Follow

Get every new post delivered to your Inbox.

Join 2,898 other followers