Archive
July 2012 Cyber Attacks Timeline (Part II)
Click here for Part I.
The Dog Days are nearly here. Weather forecast are announcing for Italy one of the hottest summers since 2003, and the same can be said for the Infosec temperature, although, July 2012 has been very different from the same month of 2011, which was deeply characterized by hacktvism.
Instead looks like that hacktivists have partially left the scene in favor of cyber criminals who executed several high profile breaches also in the second part of the month: Maplesoft, Gamigo, KT Corporation and Dropbox are the most remarkable victims of cyber-attacks, but also other important firms, even if with different scales, have been hit by (improvised) Cyber Criminals. One example for all? Nike who suffered a loss of $80,000 by a 25-year improvised hacker, who decided that exploiting a web vulnerability was the best way to acquire professional merchandise.
But probably the prize for the most “peculiar” cyber-criminal is completely deserved by Catherine Venusto, who successfully changed her sons’ grade for 110 times between 2011 and 2012.
As far as the Hacktivism is concerned, although we were not in the same condition of one year ago (a leak every day kept security away), this month has offered the massive leak of the Australian Provider AAPT, with 40 gb of data allegedly stolen by the Anonymous.
Last but not least, a special mention for the cyber espionage campaigns, that had an unprecedented growth in this month: Israel, Iran, Japan, the European Union and Canada, are only few of the victims. Iran gained also an unwelcome record, the first nation to be hit by a malware capable of blasting PC speakers with an AC/DC song…
If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 and the related statistics (regularly updated), and follow @paulsparrows on Twitter for the latest updates.
Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).
July 2012 Cyber Attacks Timeline (Part I)
Update 08/02/2012: July 2012 Cyber Attacks Timeline (Part II)
Although the number of attacks has considerably diminuished, the first half of July has left several high-profile attacks which deserverd huge attention, exposing in theory more than 2,000,000 individuals. Yahoo! Voice, Android Forums, Nvidia, Formspring, Billabong and ASUS are several of the well-known names that were victims of the high-profile breaches in the first two weeks of July.
World Health Organization and PBS (once again) were also illustrious victims of Cyber Attacks.
Besides these remarkable events, it looks like the actions carried on by the Law Enforcement agencies in the last period led to some results since the number of incidents looks undoubtably smaller than the previous months.
For what concerns the cyber attacks driven by hacktivism, it is particularly important to notice #OpPedoChat, still ongoing, which caused many pedophiles to be exposed, in several cases with unpredictable consequences, as in Belgium where a far-right official resigned after Anonymous’ Paedophilia Claims.
If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 (regularly updated), and follow @paulsparrows on Twitter for the latest updates.
Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).
June 2012 Cyber Attacks Timeline (Part II)
Part I (1-15 June) at this link
From an information security perspective, the second half of June has been characterized by the hacking collective UGNAZI (and its members) and also by an individual hacker: .c0mrade AKA @OfficialComrade.
Both entities have left behind them a long trail of Cyber Attacks against different targets (in several cases the real extent of the attack is uncertain) and with different techniques, although it is likely that the UGNAZI collective will be forced to change the plans after the arrest of the group’s leader, JoshTheGod, nearly at the end of the month (27thof June), effectively they have considerably reduced the rate of their cyber attacks in the second part of the analyzed period.
On the other hand, hospitals, banks, several major airlines are only few examples of the preys fallen under the attacks carried on by .c0mrade. Plese notce that from Cyber Crime perspective, is also interesting to notice the High Roller Operation, a giant fraud against the banking industry, unmasked by McAfee.
Needless to say, the Cyber War front is always hot, most of all in Middle East, were several DDoS attacks targeted some Israeli institutions and, most of all, an alleged unspecified massive Cyber Attack targeted tje Islamic Republic of Iran.
The hacktitic landscape is completely different: maybe hacktivists have chosen to go on vacation since June 2012 has apparently shown a decreasing trend, in sharp contrast with an year ago, when the information security community lived one of its most troubled periods.
If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 (regularly updated), and follow @paulsparrows on Twitter for the latest updates.
Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timeline.
June 2012 Cyber Attacks Timeline (Part I)
Update 07/05/2012: June 2012 Cyber Attacks Timeline (Part II)
A (first half of the) month living dangerously…
June has come and strongly confirms that Summer is the preferred month for Cybercrookers: just look back at June 2011 and you will probably remember the days of Lulz of the infamous LulzSec Collective (which curiously seems to be reborn!).
June 2012 has shown a remarkable number of incidents and is proving to be a mensis horribilis (horrible month) for Social Networks and Online Services in general, due to the high profile breaches of LinkedIn, Last.Fm, eHarmony and the online game League of Legends.
On a geographic scale, looks like China is becoming another important source of Cyber incidents, having been targeted from #TeamGhostShell, who claim, inside their #ProjectDragonFly, to have obtained up to 800,000 accounts from different sources.
Hacktivism-led actions seem (apparently) to decline, whilst, on the Cyber Crime front, a new collective, UGNazi, is taking the scene, having confirmed, in the first part of June, the wake of cyber attacks, we have become familiar with for some time.
Another Infosec Summer promising to be very hot!
If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 (regularly updated), and follow @paulsparrows on Twitter for the latest updates.
Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timeline.
May 2012 Cyber Attacks Statistics
As I did last month for the Cyber Attacks occurred in April, I have aggregated the data collected on the timelines of May (on the right) in order to provide a consolidated view of the month according to the three parameters of Motivations Behind Attacks, Distribution of Targets and Distribution of Attack Techniques. Again, no need to repeat that data must be taken very carefully since they do refers only to discovered attacks (the so-called tip of the iceberg), and hence do not pretend to be exhaustive but only aim to provide an high level overview of the “cyber landscape” of the month.
As far as Motivations Behind Attacks are concerned, month after month, the charts are becoming monotonous. Cyber Crime ranked undoubtedly at number one with the 61% of occurrences. Twice the occurrences of Hacktivism which ranked at number two. In this chart, Cyber Warfare and Cyber Espionage motivated-attacks are well behind although they were few but good (One Flame was enough for this month, wasn’t it?).
The Distribution of Targets chart is highly fragmented even if with a familar pattern: Government targets ranked firmly on top of the preferences for the attackers, with Education and Law Enforcement targets completing the top three (although, compared to April, they swapped their positions in this unenviable chart). It worths to mention that targets belonging to organizations that offers on-line services are fragmented as well, but if the single entries are summed up, they would rank at number two with approximately the 15% of occurrences.
The Distribution of Attack Techniques chart whows that SQL Injection has been the preferred weapon used by Cyber Criminals in May, overtaking Distributed Denial of Service, the Cyber Paintball Pistol. Clearly the occurrences of DDoS attacks are influenced by the winds of hacktivism which did not blow so high in May. Interesting to notice a further important number of events (17% of the sample) related to unknown attacks targeting DBs, which clearly shows that data repositories are proving to be the weakes element of the chain. May the patch enFORCEment be with you!
If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 (regularly updated), and follow @paulsparrows on Twitter for the latest updates.
May 2012 Cyber Attacks Timeline (Part II)
As usual, here it is the second part of the Cyber Attacks Timeline for the month of May 2012: a month particularly rich of Cyber Events. As you will probably know, the Flame malware has monopolized the attention, deserving the most attention from the Information Security Professional.
Nevertheless the scene has offered many interesting events, among which it worths to mention the breach of 123,000 federal employees records, the breach affecting University of Nebraska, and, last but not least, the breach against WHCMS (which, as we will soon see, has proved to be fatal for its author).
The hacktivist front is still hot and preannounces another hot summer. On the other hand the authors of several remarkable cyber-criminal actions are probably going to leave the scene: the long trail of arrests made by Law Enforcement Agencies against hackers has continued in this month and has hence led to the arrest of Cosmo, the leader of the infamous group UGNazi, which claimed to be the author of the Cyber Attack against WHCMS.
In your opinion are the arrests against hackers really going to stop the growing number of Cyber Attacks (acting as a deterrent)?
If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 (regularly updated), and follow @paulsparrows on Twitter for the latest updates.
After the jump you find all the references, and at this link the first part covering 1-15 May.
May 2012 Cyber Attacks Timeline (Part I)
Update June 4 2012: May 2012 Cyber Attacks Timeline (Part II)
As usual here it is the timeline of the Main Cyber Attacks occurred in May (at least according to my evaluation criteria).
This first half of the month has seen the arrival of a new hacking collective, “The Unknowns”, who has performed an impressive trail of attacks during the first days of May, targeting Space Agencies, Universities, and several other organizations. Although these events appear to be closer to cyber crime actions rather than hactivistim-driven attacks, they have not been the most remarkable ones of these days: as a matter of fact chronicles report of a massive breach at the Hangzhou Dianzi University, targeting approximately 150.000 acccounts.
As far as hacktivism is concerned, this first half of May has confirmed the constant trend of DDoS attacks targeting high profile websites such as SOCA and CIA (once again) and the Supreme Court in retaliation for the U.K. extradition laws.
Interesting to mention is also an alleged Cyber Espionage campaign targeting networks belonging to US natural gas pipeline companies.
If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 (regularly updated), and follow @paulsparrows on Twitter for the latest updates.
April 2012 Cyber Attacks Statistics
I have aggregated the data collected related to cyber attacks occurred in April 2012 (that you may find in the links on the right) in order to provide a consolidated view for the month. The statistics have been taken according to three parameters: Motivations Behind Attacks, Distribution of Targets and Distribution of Attack Techniques. Of course the information does not pretend to be exhaustive, in any case it is useful to provide a snapshot on the cyber landscape of the last month.
As far as the Motivations Behind Attacks are concerned, Cyber Crime ranks undoubtedly at number one with the 51% of the occurrences. Hacktivism is at number two with “only” the 39% of the occurrences. Other motivations such as Cyber Warfare or Cyber Espionage are far behind with respectively the 7 and 2 percent. This is not a surprise since attacks motivated by Cyber Espionage should be supposed to be subtle and hidden and this explains their rank (unlike the attacks motivated by hacktivism that use to attract the greatest attention by media).
As far as the Distribution Of Targets is concerned, Governements keep on to be preferred targets, with nearly one third of the occurrences. Law Enforcement Agencies rank at number two with 9% immediately followed by Educational Institutions with 7%. Online Platforms such as Online Games or other kind of platforms (such as email services) are behind with the 6% of occurrences for both of them. Of course the high position for governments and LEAs is quite simple to explain: both categories are the preferred targets for hactkivists.
A month characterized by Distributed Denial of Service, at least according to the Distribution of Attack Techniques chart. SQL Injection ranks at number two, immediately followed by Defacement. If we sum up also the indirect occurrences of SQLi (that is those cases whose symptoms seem the ones proper of SQLi but no direct evidences were found) the distribution of the two techniques is nearly the same (respectively 29% for DDoS and 27% for SQLi). Of course DDoS is the preferedd cyber weapon for hacktivists and this explain its dominion on this unwelcomed chart.
If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 (regularly updated), and follow @paulsparrows on Twitter for the latest updates.
Related articles
- April Cyber Attacks Timeline (Part II) (hackmageddon.com)
- April Cyber Attacks Timenile (Part I) (hackmageddon.com)
April 2012 Cyber Attacks Timeline (Part II)
Here the first part covering the cyber attacks from 1 to 15 April.
April is over and here it is the second half of the Cyber Attacks Timeline covering the time period spanning from 16 to 30 april 2012.
The last two weeks of this month have been characterized by several remarkable events (at least for the newspapers), such as the #OpBahrain which unleashed a trail of attacks from the Anonymous against websites related to the Formula 1 GP in Bahrain. Other noticeable events triggered by hacktivism include several DDoS attacks against CIA, MI6, Department of Justice, and a couple of Law Enforcement Agencies which continue to be a preferred target for hackers.
On the Cyber Crime front (still the major apparent motivation for the attacks) this month reports, among the events, a breach to Nissan and other DDoS attacks against the District of Columbia, the State of Washington and Nasdaq (I would not define them just motivated by hacktivism). Other events include a couple of 0-day vulnerabilities targeting popular e-mail services and affecting potentially million of users.
Last but not least, April has brought a new cyber attack to Iran crude oil industry, despite, so far, there are no clear evidences of a new Stuxnet-like Cyber Attack. This is not the only episode targeting Iran which also suffered 3 million of banks accounts compromised.
For the chronicle I decided to insert in the timeline also the breach to the game publisher Cryptic Studios. Although it happened in 2010 (sic) it was discovered only few days ago…
If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 (regularly updated), and follow @paulsparrows on Twitter for the latest updates.
April 2012 Cyber Attacks Timeline (Part I)
As usual, here is the list of the main cyber attacks for April 2012. A first half of the month which has been characterized by hacktivism, although the time of the resounding attacks seems so far away. Also because, after the arrest of Sabu, the law enforcement agencies (which also were targeted during this month, most of all in UK), made two further arrests of alleged hackers affiliated to the Anonymous Collective: W0rmer, member of CabinCr3w, and two possible members of the infamous collective @TeaMp0isoN.
In any case, the most important breach of the first half of the month has nothing to deal with hacktivism, targeted the health sector and occurred to Utah Department of Health with potentially 750,000 users affected. According to the Last Ponemon Study related to the cost of a breach ($194 per record) applied to the minimum number of users affected (250,000), the monetary impact could be at least $ 55 million.
Another interesting event to mention in the observed period is also the alleged attack against a Chinese Military Contractor, and the takedown of the five most important al-Qaeda forums. On the hacktivist front, it worths to mention a new hijacked call from MI6 to FBI, but also the alleged phone bombing to the same Law Enforcement Agency. Both events were performed by TeamPoison, whose two alleged members were arrested the day after.
For the sample of attacks I tried to identify: the category of the targets, the category of the attacks, and the motivations behind them. Of course this attempt must be taken with caution since in many cases the attacks did not target a single objective. Taking into account the single objectives would have been nearly impossible and prone to errors (I am doing the timeline in my free time!), so the data reported on the charts refer to the single event (and not to all the target affected in the single event).
As usual the references are placed after the jump.
By the way, SQL Injection continues to rule (the question mark indicates attacks possibly performed by SQL Injection, where the term “possibly” indicates the lack of direct evidences…).
If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 (regularly updated), and follow @pausparrows on Twitter for the latest updates.
About The Author
Support My Work!
Share:
News
08/13/2011 - My Post on Android Malware Mentioned on Engadget.
04/14/2011 - The Article Smart Grid: L'ultima Frontiera del Cybercrime published on ICT Security Magazine May 2011.
03/14/2011 - Security Summit 2011: Paolo Passeri guest at Round Table "Mobile Security: Rischi, Tecnologie, Mercato"
02/14/2011 - The Article Gears of Cyberwar published on ICT Security Magazine January 2011.
Visitors from…
