They are among us! ISACA has just released its Advanced Persistent Threat Awareness Report. The study presents the results of a survey undertaken by ISACA in the fourth quarter of 2012 with a sample of information security professionals including information security managers in different industries and organizations throughout the world (1,551 individuals globally, representing more than 20 industries).... Read More
Click here for Part I.
The Dog Days are nearly here. Weather forecast are announcing for Italy one of the hottest summers since 2003, and the same can be said for the Infosec temperature, although, July 2012 has been very different from the same month of 2011, which was deeply characterized by hacktvism.
The day after its discovery, there are few doubts that the infamous malware dubbed Flame (or sKyWIper) has been developed by a government with significant budget and effort. The complexity of the malware suggests that it has been used for a huge cyber-espionage campaign and, easily predictable, Israel is listed as the main culprit, even if in good company if it is true, as argued by some bloggers, that the malware was created by a strict
cooperation coproduction between CIA and Mossad.... Read More
Or better “The Unbearable Lightness of (Human) Beings and APTs”. Immediately after my post on Cyber Weapons, I was pointed out that APTs are not Cyber Weapons. On a more general perspective, APTs are not things but (groups of) human beings who have the capability and the intent to target specific entries with multi-factor attacks. Said in few words an APT is not a “what” but is a “who”. On the other hand, how many could afford to hire (and pay) a double agent capable of implanting a malware inside a nuclear complex through an infected USB thumb?... Read More
If you need to know what Cyber Crime is but you are bored and fed up with the too many information security terms, loosing yourself among the acronyms, you have stumbled upon the correct place. I have just compiled a very special alphabet which collects the terms related to Cybercrime. Forgive me for some “poetic license” and enjoy this half-serious list.
I did not resist, so after publishing the summary of Security Predictions for 2012, I checked out what security vendors predicted one year ago for 2011. Exactly as I did in my previous post, at the beginning of 2011 I collected the security predictions in a similar post (in Italian). I also published in May an update (in English) since, during the Check Point Experience in Barcelona held in May 2011, the Israeli security firm published its predictions. Even if the latters have been published nearly at the half of 2011, for the sake of completeness, I decided to insert them as well in this year-to-year comparison.... Read More
This infamous 2011 is nearly gone and here it is the last post for this year concerning the 2011 Cyber Attacks Timeline. As you will soon see from an infosec perspective this month has been characterized by two main events: the LulzXmas with its terrible Stratfor hack (whose effects are still ongoing with the recent release of 860,000 accounts), and an unprecented wave of breaches in China which led to the dump of nearly 88 million of users for a theoretical cost of nearly $19 million (yes the Sony brech is close). For the rest an endless cyberwar between India and Pakistan, some hactivism and (unfortunately) the usual amounts of “minor” breaches and defacement. After the page break you find all the references.
Christmas has just gone and here it is my personal way to wish you a Happy New Year: the second part of my personal chart (first part here) of Main 2011 Cyber Attacks covering the time window from August to November 2011 (December is not yet finished, and featuring remarkable events, so expect an update very soon). This memorable year is nearly over and is time, if you feel nostalgic, to scroll down the second part of the list to review the main Cyber Events that contributed, in my opinion, to change the landscape and the rules of the (information security) game. Many events in this period among whom, IMHO, the most noticeable is the one carried on against Diginotar. Since then our trust in conventional authentication models is not (and will not be) the same anymore.