Tag Archives: APT

The Unbearable Lightness of Being an APT

Or better “The Unbearable Lightness of (Human) Beings and APTs”. Immediately after my post on Cyber Weapons, I was pointed out that APTs are not Cyber Weapons. On a more general perspective, APTs are not things but (groups of) human beings who have the capability and the intent to target specific entries with multi-factor attacks. Said in few words an APT is not a “what” but is a “who”. On the other hand, how many could afford to hire (and pay) a double agent capable of implanting a malware inside a nuclear complex through an infected USB thumb?... Read More

What is a Cyber Weapon?

What is a Cyber Weapon? At first glance this seems an immediate question to answer, but should anyone try to analyze the meaning of this term more deeply, probably he would be quite surprised and disappointed in discovering that the answer is not so immediate since an exact definition has not been given (at least so far).... Read More

January 2012 Cyber Attacks Timeline (Part 1)

Click here for part 2.

New year, new Cyber Attacks Timeline. Let us start our Information Security Travel in 2012 with the chart of the attacks occurred in the first fifteen days of January. This month has been characterized so far by the leak of Symantec Source Code and the strange story of alleged Cyber Espionage revolving around it. But this was not the only remarkable event: chronicles tell the endless Cyber-war between Israel and a Saudi Hacker (and more in general the Arab World), but also a revamped activity of the Anonymous against SOPA (with peak in Finland). The end of the month has also reserved several remarkable events (such as the breaches to T-Mobile and Zappos, the latter affecting potentially 24,000,000 of users). In general this has been a very active period. For 2012 this is only the beginning, and if a good beginning makes a good ending, there is little to be quiet…

read more

What Security Vendors Said One Year Ago…

I did not resist, so after publishing the summary of Security Predictions for 2012, I checked out what security vendors predicted one year ago for 2011. Exactly as I did in my previous post, at the beginning of 2011 I collected the security predictions in a similar post (in Italian). I also published in May an update (in English) since, during the Check Point Experience in Barcelona held in May 2011, the Israeli security firm published its predictions. Even if the latters have been published nearly at the half of 2011, for the sake of completeness, I decided to insert them as well in this year-to-year comparison.... Read More

Browsing Security Predictions for 2012

Update 01/11/2012: Year-to-Tear comparison with 2011 Security Predictions... Read More

December 2011 Cyber Attacks Timeline (Part II)

This infamous 2011 is nearly gone and here it is the last post for this year concerning the 2011 Cyber Attacks Timeline. As you will soon see from an infosec perspective this month has been characterized by two main events: the LulzXmas with its terrible Stratfor hack (whose effects are still ongoing with the recent release of 860,000 accounts), and an unprecented wave of breaches in China which led to the dump of nearly 88 million of users for a theoretical cost of nearly $19 million (yes the Sony brech is close). For the rest an endless cyberwar between India and Pakistan, some hactivism and (unfortunately) the usual amounts of “minor” breaches and defacement. After the page break you find all the references.

read more

One Year Of Lulz (Part II)

Christmas has just gone and here it is my personal way to wish you a Happy New Year: the second part of my personal chart (first part here) of Main 2011 Cyber Attacks covering the time window from August to November 2011 (December is not yet finished, and featuring remarkable events, so expect an update very soon). This memorable year is nearly over and is time, if you feel nostalgic, to scroll down the second part of the list to review the main Cyber Events that contributed, in my opinion, to change the landscape and the rules of the (information security) game. Many events in this period among whom, IMHO, the most noticeable is the one carried on against Diginotar. Since then our trust in conventional authentication models is not (and will not be) the same anymore.

read more

One Year Of Lulz (Part I)

Update December 26: 2011 is nearly gone and hence, here it is One Year Of Lulz (Part II)

This month I am a little late for the December Cyber Attacks Timeline. In the meantime, I decided to collect on a single table the main Cyber Attacks for this unforgettable year.

read more