Here we go! The second timeline of August 2021 is out (first one here) covering the main cyber attacks occurred in the second fortnight of the same month. And it looks like that the end of Summer led to a decrease in the number of attacks with 78 events, corresponding to the minimum value of the last 12 months. Ransomware continues to dominate the threat landscape, but its percentage dropped to 24.4% (19 out of 78 events) in contrast with 39.6% of the previous fortnight. More ransomware operations have shut down in this period (such as Ragnarok), schools were closed (and the public activity slowed down) in many regions, and maybe the crooks have decided to take a break for the Summer.
A sector that is particularly under attack in this period, is the one of the crypto assets: new multi-million attacks have been recorded targeting Fetch.ai ($2.6 million worth gone with the wind), Liquid ($90 million worth), and Cream Finance ($29 million worth).
Vulnerabilities continue to plague organizations throughout the world, and cyber criminals continue to exploit them: ProxyShell (CVE-2021-34473, CVE-2021-34523, CVE-2021-3120) continues to be among the top targets, but new ones have joined the party such as ProxyToken (CVE-2021-33766), and a new vulnerability targeting Confluence servers (CVE-2021-26084) are just few examples.
Even the cyber espionage front is unusually calm with a number of recorded events considerably lower than what we have been used to during the previous months. APT37 appears to be quite active. This timeline also contains campaigns carried out by Confucius, Siamesekitten, and SparklingGoblin.
Last but not least Iran and Belarus saw the only two attacks motivated by hacktivism, quite resounding in reality: in Iran a hacktivist group dubbed Adalat Ali (Ali’s Justice) breached the internal CCTV system of the Evin prison complex, where in Belarus the Cyber Partisans started to leak documents exposing the government.
Expand for details
The “Breachometer” compares the current number of events/day with the max and min values recorded in the previous 12 months.
- 2020 Cyber Attacks Statistics
As promised, I have pulled together some statistics from the data collected in 2020. The master table is available at the end of the post after the charts.
- November 2023 Cyber Attacks Statistics
November 2023 saw a rise to 39 events, with Cyber Crime remaining dominant at 78.7%. Cyber Espionage increased to 9.7%, while Hacktivism fell to 5.4%. Malware was the leading attack technique at 42.1%, and Multiple Organizations were the most targeted at 17.7%.
- 2021 Cyber Attacks Statistics
And finally I have aggregated all the data collected in 2021 from the cyber attacks timelines. In the past year I have collected 2539 events, meaning...
- Leaky Buckets: a List of Cloud Misconfigurations
Cloud services are playing a crucial role to guarantee business continuity during this complicated period...
- Leaky Buckets in 2023
Similarly to what I have done in 2022 and 2021, I am collecting the incidents due to cloud misconfigurations and leading to...