Even if this month I am a little late with the statistics, the time to dig into the data has come. For the few readers who are not aware of this, the statistics are derived from the timelines (Part I and Part II) that I publish with a bi-weekly basis.... Read More
The timeline of September is finally completed, so I can publish the second part covering the main attacks occurred between September 16th and 30th.... Read More
It’s time to publish the first Cyber Attack Timeline of September.... Read More
And finally we can complete the September 2014 Cyber Attacks Timeline (Part I here), with the second part covering the most important events between the 16th and the 30th.
A very fruitful month for Cyber Criminals, since there are several events that will be remembered. For sure the Shellshock vulnerability will spoil the troubled sleeps of many System Administrators. In any case this is not the only remarkable event, the chronicles report of an (un)expected tail of the Celebrity Leak scandal (the so-called Fappening), with other two rounds of leaked pictures occurred on the 20th and the 26th, and a couple of massive breaches against TripAdvisor subsidiary Viator (1.4 million users affected) and Japan Airlines (750,000 users affected). Last but not least, it is also worthwhile to mention the group of teen hackers charged for hacking into Microsoft, the US Army and several game companies, stealing $100 million in Intellectual Property, and the so-called Operation Harkonnen, the longest cyber crime campaign ever.
This month will be probably remembered for the Home Depot breach. Yet another one caused by the same POS malware family that hit Target, with a similar dramatic extension: unfortunately the retailer believes that 56 million of credit cards could have been compromised in this case. After such a similar gigantic breach there is not so much to add as far as Cyber Crime is concerned, as it overshadowed all the rest.
It’s time for analyzing the main cyber Attacks happened in September.
From an information security perspective, the second half of September has been characterized by the discovery of three operations related to targeted attacks against different countries and sectors. Two in particular, DeputyDog and IceFrog, targeting have a common denominator: Japan.
So unfortunately the Summer is nearly gone, but, despite the sadness for the beautiful season fading away, here we are with the usual analysis of what’s happened in September from a Security Information perspective.
The main event for the first half of September is the massive attack against Vodafone Germany, potentially compromising more than 2 million customer records. Actually it was very hard to declare a main event, since even Belgacom performed was on the infosec news, unleashing some information related to a targeted attack, it was victim of. Always on the Cyber Crime front, it’s also worth to mention the failed (luckily) attack against Santander.