This morning, during my usual virtual promenade through my feeds, I came across a really interesting post from Stratsec, a subsidiary of Bae Systems.
The post unveils the details of an unprecedented experiment aimed to verify how easy and cheap is to setup a botCloud and how hard is for the Cloud providers to detect them (and consequently advise the victims).
Imperva has just published the results of its annual analysis on one of the largest-known hacker forums counting approximately 250,000 members.
The research (also made on other smaller forums) used the forum’s search engine capabilities to analyze conversations by topic using specific keywords. Unfortunately no details have been provided about the methodology used to collect the data, however the results show that SQL Injection and DDoS are the most discussed topic, both of them with the 19% of discussion volume (I am glad to see that the results are coherent with the findings of my Cyber Attack Statistics).
October 2012 has deserved a bad surprise for the members of the famous rock band Garbage, who had their official Twitter account hacked from an unknown cybercrook who enjoyed posting bogus messages to their nearly 60k followers.
Unfortunately, among the music stars, they are not the only ones who have suffered this sad fate, and actually, since 2009 to present, the list is quite long.
On the wake of similar operations carried on by Hacktivists against Law Enforcement Agencies all over the World, the Italian Cell of the infamous collective Anonymous has decided to cross the line targeting the Italian Police with a clamorous Cyber Attack under the label of #Antisec movement.
Here’s the partial snapshot for the Cyber Landscape in October. I have deliberately decided not to include in the statistics the massive Cyber Attack against the Universities executed by Team Ghost Shell, since, in my opinion, it would not have been formally correct include into the sample, this wave of cyber attacks which have been distributed in several months, and disclosed all at once.
(But in some cases may remain unknown for up to 2.5 years). A couple of days ago, two Symantec Researchers have published an interesting article (“Before We Knew It: An Empirical Study of Zero-Day Attacks In The Real World”) reporting the study of 0-Day Attacks between 2008 and 2001. They have analyzed 300 million files collected by 11 million hosts (a representative subset of the hosts running Symantec products) between March 2008 and February 2011.
Apparently October has shown a decrease in the number of Cyber Attacks. At least from a mere numerical perspective. It is not a coincidence that I used the term “Apparently” since if we consider the most important event of the month: the massive leak from Worldwide universities executed by Team GhostShell inside their ProjectWestWind operation, things are well different.
Another day, another revelation inside the (in)visible Cyber War going on Middle East. Today Kaspersky Lab has announced the discovery of another strain of malware derived from the infamous Tilded-Platform family: the little brother of Flame, the so-called miniFlame (or “John”, as named by the corresponding Gauss configuration).
Last week, for the second time since June, Google warned his Gmail users of possible state-sponsored attacks. According to Mike Wiacek, a manager on Google’s information security team, Google started to alert users to state-sponsored attacks three months ago. Meanwhile the security team has gathered new intelligence about attack methods and the groups deploying them, and that information was used to warn “tens of thousands of new users”, possible targets of the attack.