December 2011 Cyber Attacks Timeline (Part I)

As usual, here it is my compilation of December Cyber Attacks.

It looks like that Christmas approaching is not stopping hackers who targeted a growing number of  organizations including several security firms (Kaspersky, Nod 32 and Bitdefender) even if in secondary domains and with “simple” defacements.

Cyber chronicles report of Gemnet, another Certification Authority Breached in Holland (is the 12th security incident targeting CAs in 2011) and several massive data breaches targeting Finland (the fifth this year, affecting 16,000 users), online gambling (UB.com affecting 3.5 million of users),  Telco (Telstra, affecting 70,000 users), and gaming, after the well known attacks to Sony, Sega and Nintendo, with Square Enix, which suffered a huge attacks compromising 1,800,000 users (even if it looks like no personal data were affected).

Online Payment services were also targeted by Cybercrookers: a Visa East European processor has been hit by a security breach, but also four Romanian home made hackers have been arrested for a massive credit card fraud affecting 200 restaurants for a total of 80,000 customers who had their data stolen.

As usual, hacktivism was one of the main trends for this first half of the month, which started with a resounding hacking to a Web Server belonging to ACNUR (United Nations Refugees Agency) leaking more than 200 credentials including the one belonging to President Mr. Barack Obama.

But from a mere hactvism perspective, Elections in Russia have been the main trigger as they indirectly generated several cyber events: not only during the election day, in which three web sites (a watchdog and two independent news agencies) were taken down by DDoS attacks, but also in the immediately following days, when a botnet flooded Twitter with Pro Kremlin hashtags, and an independent forum was also taken down by a further DDoS attacks. A trail of events which set a very dangerous precent.

Besides the ACNUR Hack, the Anonymous were also in the spotlight (a quite common occurrence this year) with some sparse attacks targeting several governments including in particular Brazil, inside what is called #OpAmazonia.

Even if not confirmed, it looks like that Anonymous Finland might somehow be related to the above mentioned breach occurred in Finland.

Other interesting events occurred in the first two weeks of December: the 0-day vulnerability affecting Adobe products, immediately exploited by hackers to carry on tailored phishing campaigns and most of hall, a targeted attack to a contractor, Lockheed Martin, but also another occurrence of DNS Cache Poisoning targeting the Republic of Congo domains of Google, Microsoft, Samsung and others.

Last but not least, the controversial GPS Spoofing, which allegedly allowed Iran to capture a U.S. Drone, even the GPS Spoofing on its own does not completely solve the mistery of the capture.

Other victims of the month include Norwich Airport, Coca Cola, and another Law Enforcement Agency (clearusa.org), which is currently unaivalable.

As usual after the page break you find all the references.

(more…)

Continue ReadingDecember 2011 Cyber Attacks Timeline (Part I)

January 2012 Cyber Attacks Timeline (Part 1)

Click here for part 2.

New year, new Cyber Attacks Timeline. Let us start our Information Security Travel in 2012 with the chart of the attacks occurred in the first fifteen days of January. This month has been characterized so far by the leak of Symantec Source Code and the strange story of alleged Cyber Espionage revolving around it. But this was not the only remarkable event: chronicles tell the endless Cyber-war between Israel and a Saudi Hacker (and more in general the Arab World), but also a revamped activity of the Anonymous against SOPA (with peak in Finland). The end of the month has also reserved several remarkable events (such as the breaches to T-Mobile and Zappos, the latter affecting potentially 24,000,000 of users). In general this has been a very active period. For 2012 this is only the beginning, and if a good beginning makes a good ending, there is little to be quiet…

Browse the chart and follows @paulsparrows to be updated on a biweekly basis. As usual after the jump you will find all the references. Feel free to report wrong/missing links or attacks.

(more…)

Continue ReadingJanuary 2012 Cyber Attacks Timeline (Part 1)

Middle East Cyberwar Update (Part VI)

Looks like Israel has approached a “wait and see” strategy, as these last days of cyber war have seen almost exclusively actions against that country without any appreciable response. In a certain sense, most of all at the Israeli site, the cyber conflict seems to have fallen into a rest, even if new actors have entered the scene, as is the case of the Mauritania Hacker Team, who opened with the leak of 2500 Israeli emails and claimed to have hacked the Central Bank of Israel. Despite these events the number and intensity of the attacks is no longer that of the early days.

The frequency of the attacks has drastically fallen, even because the early cyber fighters seem to have disappeared, apart from the AlienZ who, every now and then reappear with some dumps against arab sites (and not only).

In the meantime, Iran is suffering several sparse attacks from the Anonymous, targeting that country in the name of #OpIran, and in contemporary attacks its Azerbaijani neighbors considered close to Israel.

Interesting to notice I also found evidence of internal attacks in Iran against reformist websites considered close to former President Mohammad Khatami. The storyboard follows the same line both in real and virtual world.

Apparently Israel seems not to respond to attacks. A temporary truce or a real turnaround?

(At this link you can find the complete Middle East Cyber War Update and follows @paulsparrows for the latest updates.)

(more…)

Continue ReadingMiddle East Cyberwar Update (Part VI)