16-30 September 2012 Cyber Attacks Timeline

Part One with 1-15 September 201 Timeline Here.

September is over and it’s time to analyze this month from an Information Security perspective with the second part of the Cyber Attack Timeline.

Probably this month will be remembered for the massive outage of six  U.S. Banks (Bank of America, JPMorgan Chase, Citigroup, U.S. Bank, Wells Fargo and PNC ) caused by a wave of DDoS attack carried on by alleged Muslim hackers in retaliation for the infamous movie (maybe this term is exaggerated) “The Innocence of Muslims”.

China has confirmed its intense activity inside the Cyber space. Alleged (state-sponsored?) Chinese hackers were allegedly behind the attack to Telvent, whose project files of its core product OASyS SCADA were stolen after a breach, and also behind a thwarted spear-phishing cyber attack against the White House.

Adobe suffered a high-profile breach which caused a build server to be compromised with the consequent theft of a certificate key used to sign two malware strains found on the wild (with the consequent necessary revoke of the compromised key affecting approximately 1,100 files).

Last but not least, the Hacktivism fever has apparently dropped. September has offered some attacks on the wake of the #OpFreeAssange campaign, and a new wave of attacks at the end of the month after the global protests set for September, the 29th, under the hashtag of #29s.

If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 and the related statistics (regularly updated), and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

(more…)

Continue Reading16-30 September 2012 Cyber Attacks Timeline

1-15 June 2014 Cyber Attacks Timeline

It just looks like attackers are enjoying the beginning of the Summer, since the first half of June confirms the decreasing trends.

The controversial 2014 World Cup has revived the hacktivists, and in particular the Anonymous collective who kicked off the Operation OpWorldCup, targeting Brazilian Governmental institutions and Sponsors of the World Cup.

Looking at the Cyber Crime, the most remarkable event of the month is the extortion attempt against  Belgian and French customers of Domino’s Pizza (650,000 users affected). It is also worth to mention the wave of DDoS attacks against Feedly and Evernote, in the first case motivated by extortion, and also the compromising of a US Army database in South Korea.

Last but not least, chronicle report the details of two Cyber Espionage Operations: Operation Molerat, originating allegedly from Middle East, and yet another one from China, discovered by Crowdstrike and attributed to a group dubbed Putter Panda.

As usual, if you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012 and now 2013 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

1-15 June 2014 Cyber Attacks Timeline

(more…)

Continue Reading1-15 June 2014 Cyber Attacks Timeline

1-15 January 2014 Cyber Attacks Timeline

It’s time for the Cyber Attacks Timeline for the first half of January 2014. I wish we had a better start for this Infosec year. Not even a month has passed (actually this timeline covers the first two weeks) and we have already seen several massive breaches (Snapchat) and other resounding events, maybe less relevant from a mere numeric perspective, but equally meaningful for the high profile of the victims involved (Microsoft).

Besides Snapchat, other important organizations have been targeted by Cyber crooks with very bad consequences: World Poker Tour (175,333), Staysure (93,000 individuals involved) and OpenSUSE (79,500 victims) are the most noticeable examples. On the cyber crime front other meaningful events include a wave of attacks against Video Games industries, and the hacking of Yahoo advertise network, infecting, potentially 27,000 users per hour.

Hacktivists of the Syrian Electronic Army are back with the result that even Microsoft is now part of the list of their victims (however their web site was also hacked in the same period). Other hacktivists very active in the same period include the infamous RedHack collective.

Last but not least, the control room of the Nuclear Plant of Monju in Japan was found infected with a malware capable of allegedly exfiltrate 42,000 emails.

As usual, if you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012 and now 2013 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

1-15 Jan 2014 Cyber Attacks Timeline

(more…)

Continue Reading1-15 January 2014 Cyber Attacks Timeline