As I did in the last month, I have summarized the data collected in my Cyber Attacks Sample for the first half of May, (whose thumbnail is on the right), in order to provide some aggregated statistics. Collected Data have been summarized in three charts representing: Motivations Behind Attacks, Distribution of Targets and Distribution of Attack Techniques. Although the 60 attacks sample does not intend to be comprehensive (and hence the results must be taken with caution), the charts provide a quick overview, which in turn might be useful to identify trends and hopefully to address countermeasures. Apparently the trend is quite (un)stable with Cyber Crime, ranking at number one as the primary motivation for the attacks, and Governments that continue to be the preferred targets for cybercrookers.
As far as Motivations Behind Attacks are concerned, once again Cyber Crime ranks at number one with nearly the 70% of occurrences. Hacktivism is well behind with “only” the 23% followed by Cyber Warfare and Cyber Espionage that triggered singularly the 10% of attacks. If compared with April, the trend shows a growth of Cyber Crime and a corresponding reduction of hacktivism. As far as Cyber Espionage is concerned, particularly interesting om this month have been the Attack to U.K. Ministry Of Defence and to some undisclosed U.S. Natural Gas Companies.
The Distribution of Targets chart confirms that Governments continue to be the preferred targets for Cyber Criminals and Hacktivists with nearly one third (30%) of occurrences. With respect to April, targets belonging to educational sector have gained one position ranking at number two with the 15% of occurrences and before the LEAs which shifted at the third place with the 7% of occurrences. If we sum up military targets to LEAs we have the 12%. In any case the trend is in line with the previous month.
SQL Injection is the number one among Attack Techniques, with the 36% of occurrences taking over, at least in the first two weeks of may, Distributed Denial Of Service, that ranks at number two with the 18%. Summing up the “conclamated” SQLi Attacks with the “uncertain” SQLi Attacks, leads to the surprising result that nearly one attack on two (46%) has been performed exploiting this kind of vulnerability. So definitively run and patch your applications!
If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 (regularly updated), and follow @paulsparrows on Twitter for the latest updates. Also feel free to submit at [email protected] details about Cyber attacks in order to make the timelines even more detailed and meaningful.