About these ads

Archive

Posts Tagged ‘SQL Injection’

September 2012 Cyber Attacks Statistics

October 8, 2012 1 comment

It’s time for the statistics derived from the Cyber Attacks Timeline of September 2012 (Part I and Part II).

I have decided to add another chart reporting the Daily Trend for the Cyber Attacks. According to collected data, the first week of the month has shown the higher concentration of events.

The Motivations Behind Attacks chart reveals the predominance of Cyber Crime which ranked, in September, at number one with the 55% of occurrences, followed by Cyber Crime, at number two with the 42% of occurrences. This is in contrast with the result of the previous month, in which the ranks were pratically inversed (respectively 58% Hacktivism and 36% Cyber Crime).

The Distribution Of Attack Techniques Chart confirms the predominance of SQL Injection over Distributed Denial Of Service. Interesting to notice the position of Targeted Attacks at the fifth place with the 5% of occurrences (I wonder how many will go undetected). Of course the main purpose of Targeted Attacks is to remain undetected for long time. Is the fact that they appear in the chart a sign of increasing detection capabilities by technological and human countermeasures?

Last but not least, the Distributon Of Targets Chart confirms the preference of Cyber Crooks against Government targets which rank at number one with the 23.6 of occurrences. Industry targets rank at number two with nearly 15% of occurrences, immediately before targets belonging to various organizations which rank at the third place with 12.2% of occurrences. Targets belonging to finance rank at number four with the 9% of occurrences, mainly due to the wave of DDoS Cyber attacks against U.S. Banks.

Again, I will never get tired of repeating that data must be taken very carefully since they do refer only to discovered attacks (the so-called tip of the iceberg), and hence do not pretend to be exhaustive but only aim to provide an high level overview of the “cyber landscape” of the considered period.

In any case, if you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 (regularly updated), at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

About these ads

1-15 September Cyber Attacks Statistics

September 27, 2012 Leave a comment

I know, September is nearly gone, but it is the time for the cyber stats related to the first half of September. As you know, they are derived from my Cyber Attack Timeline.

A look at the Motivations Behind Attacks chart, shows that apparently the Sun of August is the best period for hacktivism, since September has shown the overtake of Cyber Crime motivated attacks which reported the 56% of occurrences inside the analyzed sample.

The Distribution Of Attack Techniques confirms the domain od SQL Injection with nearly the 50% of the attacks. The fall of DDoS in this unwelcome charts is attributable to the minor number of attacks Motivated by Hacktivism

After all, apparently the Governments keep on investing an inadequate amount of money for securing their infrastructure: in fact they continue to lead the Distribution of Targets chart with the 30% of occurrences, nearly twice than the industry sector which ranks at number two with the 16%. Among the single targets (in fact the sectors od industries and organizations are higly fragmented) the edcuational institutions are the most targeted afer governments. Online activities (miscellaneous services, online games, online gambling and e-commerce sites), summed together reach the considerable number of 14%.

As usual, I will never get tired of repeating that data must be taken very carefully since they do refer only to discovered attacks (the so-called tip of the iceberg), and hence do not pretend to be exhaustive but only aim to provide an high level overview of the “cyber landscape” of the considered period.

If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 (regularly updated), and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

16 – 31 August 2012 Cyber Attacks Timeline

September 5, 2012 Leave a comment

Here the first part with the timeline from 1 to 15 August 2012.

Here we are with the second part of the August 2012 Cyber Attacks Timeline. A second part of the month that has been characterized by hacktivism, most of all because of the so-called OperationFreeAssange, which has targeted many high-profile websites.

Among the targets of the month, Philips has been particularly “unlucky”. The Dutch giant has been the victim of three Cyber Attacks, even if there are several doubts about the authenticity of the hacks.

But maybe the biggest operation of the month is the #ProjectHellFire, carried on by the collective @TeamGhostShell, that has unleashed something as 1 million of accounts belonging to different sectors (banks, government agencies, consulting firms, law enforcement and the CIA). And the group promises new action for this Fall and Winter.

The Middle East confirms to be very hot, with a new Cyber Attack, probably another occurrence of Shamoon, targeting RasGas, yet another Oil Company.

Just one note: of course it is impossible to track all the targets of the #OpFreeAssange. You can find a complete list at cyberwarnews.info.

If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 and the related statistics (regularly updated), and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

Read more…

Categories: Cyber Attacks Timeline, Security Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

July 2012 Cyber Attacks Statistics

Here we are with the statistics from the Cyber Attack Timelines  for the first and the second half of July 2012. The sample included 76 attacks which have been analyzed according the three familiar parameters: Motivations behind attacks, Distribution of attacks techniques and Distribution of targets.

Again, I will never get tired of repeating that data must be taken very carefully since they do refer only to discovered attacks (the so-called tip of the iceberg), and hence do not pretend to be exhaustive but only aim to provide an high level overview of the “cyber landscape” of the considered period. Moreover, remember that the most dangerous threats are the invisible ones.

As far as  the Motivations Behind Attacks are concerned, July has confirmed the predominance of Cyber Crime, although it dropped down to 55% from 72% of the previous month. It is interesting to notice the corresponding growth of Hacktivism, from 18% in June to 32% in July. Although the number of (discovered) attacks motivated by Cyber Espionage is always low, this month their occurrences nearly doubled as a consequence of the events in the Middle East, that confirms to be a “hot area” for the Cyber Arena. Cyber Warfare is positioned at the bottom of the chart with a “poor” 4% of the occurrences.

The Distribution Of Attacks Techniques chart confirms that is getting harder and harder to recognize what the cyber crooks have leveraged to reach their goal. The percentage of the unknown attacks has grown from the 36% of June to the 45% of July. In any case, among the recognized attacks, SQL Injection ranks at number one with the 28% of possible occurrences. DDoS has confirmed his decreasing trend from 16% in June to 9% in July. Maybe the possible victims are learning to effectively defend themselves?

The Distribution of Targets chart confirms that targets belonging to industry are always on top of the preferences of Cyber Crooks with the 32% of occurrences, well above the 21% of the last month. Government targets confirmed their second place with the 15% of occurrences (were the 18% on July) followed by Online Services with the 10%. It is interesting to notice the low occurrences of incidents targeting Law Enforcement Agencies and Military Institutions. Maybe after the high number of cyber attacks suffered, they are learning to enforce adequate countermeasures.

 If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 (regularly updated), and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

July 2012 Cyber Attacks Timeline (Part II)

August 3, 2012 1 comment

Click here for Part I.

The Dog Days are nearly here. Weather forecast are announcing for Italy one of the hottest summers since 2003, and the same can be said for the Infosec temperature, although, July 2012 has been very different from the same month of 2011, which was deeply characterized by hacktvism.

Instead looks like that hacktivists have partially left the scene in favor of cyber criminals who executed several high profile breaches also in the second part of the month: Maplesoft, Gamigo, KT Corporation and Dropbox are the most remarkable victims of cyber-attacks, but also other important firms, even if with different scales, have been hit by (improvised) Cyber Criminals. One example for all? Nike who suffered a loss of $80,000 by a 25-year improvised hacker, who decided that exploiting a web vulnerability was the best way to acquire professional merchandise.

But probably the prize for the most “peculiar” cyber-criminal is completely deserved by Catherine Venusto, who successfully changed her sons’ grade for 110 times between 2011 and 2012.

As far as the Hacktivism is concerned, although we were not in the same condition of one year ago (a leak every day kept security away), this month has offered the massive leak of the Australian Provider AAPT, with 40 gb of data allegedly stolen by the Anonymous.

Last but not least, a special mention for the cyber espionage campaigns, that had an unprecedented growth in this month: Israel, Iran, Japan, the European Union and Canada, are only few of the victims. Iran gained also an unwelcome record, the first nation to be hit by a malware capable of blasting PC speakers with an AC/DC song…

If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 and the related statistics (regularly updated), and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

Read more…

July 2012 Cyber Attacks Statistics (Part I)

Here we are with the statistics from the Cyber Attack Timeline for the first half of July 2012. The sample included 39 attacks which have been analyzed according the three familiar parameters: Motivations behind attacks, Distribution of attacks techniques and Distribution of targets.

As far as Motivations Behind Attacks are concerned, the first two weeks of July confirmed the trend of the last months: Cybercrime ranked at number one with nearly the 70% of the occurrences, well ahead hacktivism, at number two with the 23%. Cyber Warfare and Cyber Espionage are well behind with respectively the 5% and 3% of the attacks.

The Distribution Of Attack Techniques has shown, for the first half of July, a considerable number of attacks of unknown origin. As a matter of fact, in more than one half of the occurrences (53%) it has not been possible to track the attack technique used by cyber croockers, at least according to the available information. In all those cases in which it has been possible to track the attacks, the first half of July has seen an overtake of DDoS (18%) against SQL Injection (13%), although if one sums the total occurrences of SQL Injections (certain and claimed, the latter are characterized by a question mark in the chart), the total of SQLi is a remarkable 21%, slightly greater than DDoS). I had to modify this chart after I came across an article indicating an SQL Injection attack as the vector of the breach suffered by Nvidia.

The Distribution of Targets chart confirms the Industry at rank number one with the 38% of occurrences. In any case, if we do not consider the fragmentation of this category (I have dedicated an apposite chart to drill it down), Governments have confirmed to be the most vulnerable targets with the 10% of the occurrences, corresponding to the most vulnerable single category.

Amongst the single categories, Law Enforcement Agencies rank at number two with the 8% of occurrences, followed by Education targets, online forums and political organizations, each one of them with the 5% of occurrences.

Again, please notice that data must be taken very carefully since they do refer only to discovered attacks (the so-called tip of the iceberg), and hence do not pretend to be exhaustive but only aim to provide an high level overview of the “cyber landscape” of the considered period. Moreover, remember that the most dangerous threats are the invisible ones.

If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 (regularly updated), and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

June 2012 Cyber Attacks Statistics

July 13, 2012 1 comment

As usual I aggregated the data from the Cyber Attack Timelines of June to provide some aggregated statistics. Data must be taken very carefully since they do refers only to discovered attacks (the so-called tip of the iceberg), and hence do not pretend to be exhaustive but only aim to provide an high level overview of the “cyber landscape” of the month. Moreover, remember that the most dangerous threats are the invisible ones, how I can easily verify thanks to the advanced malware detection campaigns I am performing in these hard days.

Let us start with the Motivations Behind Attacks chart. Cybercrime is undoubtedly on the rise and has reached the unprecedented percentage of 72%. On the other hand Summer seems to be a period of vacation for hacktivists, whose influence on the landscape fell down to 18%. As usual Cyber Warfare and Cyber Espionage are well behind respectively to 6% and 4%. But of course, this is only the tip of the iceberg. On the other hand, I would not expect a complex cyber espionage action to be easily uncovered, or worst, advertised on social media as it happens for (too) many actions allegedly motivated by cyber crime or hacktivism.

Moving to Distribution of Targets, shows a preference of cybercrookers for  Industry targets (21%), immediately followed by Government targets (18%). Targets belonging to education sadly confirm their top position, and rank, even in June, at number three with the 8% of occurrences. Of course industry targets are hugely fragmented hence, if we consider each category singularly, it turns out that Governments are still the most vulnerable victims of cyber attacks.

Last but not least, the next chart: Distribution Of Attacks Techniques. Apparently is getting harder and harder to recognize the attack techniques leveraged to execute the reported cyber attacks. Anyway, in those cases where it has been possible to do it, SQL Injection steadily keeps on being the King of Hill. The smaller occurrence of DDoS attacks reflects the minor influence of hacktivism during this month, with account hijacking confirming to be one of the most dangerous vectors. When looking at defacements, consider that typically I do not take them into consideration in my timelines (they are really too many) unless they are executed against very remarkable targets, hence consider that 3% belonging to what I defined high profile defacements.

If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 (regularly updated), and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

June 2012 Cyber Attacks Timeline (Part II)

July 5, 2012 1 comment

Part I (1-15 June) at this link

From an information security perspective, the second half of June has been characterized by the hacking collective UGNAZI (and its members) and also by an individual hacker: .c0mrade AKA @OfficialComrade.

Both entities have left behind them a long trail of Cyber Attacks against different targets (in several cases the real extent of the attack is uncertain) and with different techniques, although it is likely that the UGNAZI collective will be forced to change the plans after the arrest of the group’s leader, JoshTheGod, nearly at the end of the month (27thof June), effectively they have considerably reduced the rate of their cyber attacks in the second part of the analyzed period.

On the other hand, hospitals, banks, several major airlines are only few examples of the preys fallen under the attacks carried on by .c0mrade. Plese notce that from  Cyber Crime perspective,  is also interesting to notice the High Roller Operation, a giant fraud against the banking industry, unmasked by McAfee.

Needless to say, the Cyber War front is always hot, most of all in Middle East, were several DDoS attacks targeted some Israeli institutions and, most of all, an alleged unspecified massive Cyber Attack targeted tje Islamic Republic of Iran.

The hacktitic landscape is completely different: maybe hacktivists have chosen to go on vacation since June 2012 has apparently shown a decreasing trend, in sharp contrast with an year ago, when the information security community lived one of its most troubled periods.

If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 (regularly updated), and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timeline.

Read more…

Categories: Cyber Attacks Timeline, Security Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

June 2012 Cyber Attacks Statistics (Part I)

As usual, here we are with some fresh charts obtained from the first part of the June 2012 Cyber Attacks Timeline.

Let us start with the Motivations Behind Attacks chart. Once again Cyber Crime Ranks at number 1, showing a growing trend respect May, from the 61% to 82% (at least in this first half). On the other hand, hacktivism-led cyber events have dropped from 30% to 14%. Apparently no explicit Cyber Warfare event has been detected, at least according to the data I collected.

Starting, from this month, to make the Distribution Of Targets chart less fragmented and more readable, I decided to aggregate all the attacks against Industries (and Organizations). With this new classification, Government targets go down at rank number 2 with the 15% of occurrences (against the 22% of the previous month), followed by targets belonging to education with the 10% (the same value collected on May). Interesting to notice is the apparent lack of attention by cybercrookers against Law Enforcement targets. In any case, if we consider the fact that Industry data have been aggregated, the chart is not so much different from the one of May: Governements keep on showing a worrying lack of Security.

Last but not least, during the first half of June, it has apparently been difficult to identify the 40% of the attack techniques, although, SQLi (and more in general DB vulnerabilities) keeps on to hold the crown among the identified events. Interesting to notice the drop of DDoS attacks (from 20% of the sample to 10%). Probably it is not a coincidence that it has followed the same trend than the hacktivism-driven Cyber Attacks, having halved its rate with respect to the previous month.

Again, no need to repeat that data must be taken very carefully since they do refers only to discovered attacks (the so-called tip of the iceberg), and hence do not pretend to be exhaustive but only aim to provide an high level overview of the “cyber landscape” of the month.

Furthermore, if you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 (regularly updated), and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

Follow

Get every new post delivered to your Inbox.

Join 2,714 other followers