16-30 November 2013 Cyber Attacks Timeline

It is time for the report of the cyber landscape of the second half of November.

This month will be probably remembered for the discovery of the giant breach targeting Cupid Media and involving potentially 42 million users. However, this was not the only remarkable breach of November: chronicles report of 77,000 customers of Vodafone Island having their details leaked.

Other interesting events involve a brute-force attack to GitHub, forcing several users to change password, and yet another attack against a Bitcoin Wallet (the equivalent of $1 million stole).

Not only Cyber Criminals. Even Hacktivists were particularly active in this period: the attacks of Indonesian hackers against Australian targets continued in the second part of November, as also the mutual defacements between Pakistani and Indian crews. Last but not least, the Anonymous leaked some documents and emails allegedly belonging to the Italian Governor of Lombardy and the details of 40,000 individuals from an Israeli Job search portal.

As usual, if you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012 and now 2013 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).16-30-november-2013-cyber-attacks-timeline

(more…)

Continue Reading16-30 November 2013 Cyber Attacks Timeline

1-15 September 2013 Cyber Attacks Timeline

So unfortunately the Summer is nearly gone, but, despite the sadness for the beautiful season fading away, here we are with the usual analysis of what’s happened in September from a Security Information perspective.

The main event for the first half of September is the massive attack against Vodafone Germany, potentially compromising more than 2 million customer records. Actually it was very hard to declare a main event, since even Belgacom performed was on the infosec news, unleashing some information related to a targeted attack, it was victim of. Always on the Cyber Crime front, it’s also worth to mention the failed (luckily) attack against Santander.

Nothing new under the Hacktivism front, that offered a minor revamp of the Syrian Electronic Army, despite the claims of them being dox’ed, some events in Turkey, where the cyber temperature remains hot despite the Summer fading away, and again some small attacks related to Syria and the NSA affair.

As usual, if you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012 and now 2013 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

16-31-july-2013-cyber-attacks-timeline1-15-september-2013-cyber-attacks-timeline (more…)

Continue Reading1-15 September 2013 Cyber Attacks Timeline

December 2011 Cyber Attacks Timeline (Part II)

This infamous 2011 is nearly gone and here it is the last post for this year concerning the 2011 Cyber Attacks Timeline. As you will soon see from an infosec perspective this month has been characterized by two main events: the LulzXmas with its terrible Stratfor hack (whose effects are still ongoing with the recent release of 860,000 accounts), and an unprecented wave of breaches in China which led to the dump of nearly 88 million of users for a theoretical cost of nearly $19 million (yes the Sony brech is close). For the rest an endless cyberwar between India and Pakistan, some hactivism and (unfortunately) the usual amounts of “minor” breaches and defacement. After the page break you find all the references.

Last but not least… This post is my very personal way to wish you a happy new infosec year.

(more…)

Continue ReadingDecember 2011 Cyber Attacks Timeline (Part II)

January 2012 Cyber Attacks Timeline (Part 2)

Click here for part 1.

The second half of January is gone, and it is undoubtely clear that this month has been characterized by hacktivism and will be remembered for the Mega Upload shutdown. Its direct and indirect aftermaths led to an unprecedented wave of cyber attacks in terms of LOIC-Based DDoS (with a brand new self service approach we will need to get used to), defacements and more hacking initiatives against several Governments and the EU Parliament, all perpetrated under the common umbrella of the opposition to SOPA, PIPA and ACTA. These attacks overshadowed another important Cyber Event: the Middle East Cyberwar (which for the sake of clarity deserved a dedicated series of posts, here Part I and Part II) and several other major breaches (above all Dreamhost and New York State Electric & Gas and Rochester Gas & Electric).

Chronicles also reports a cyber attack to railways, several cyber attacks to universities, a preferred target, and also of a bank robbery in South Africa which allowed the attackers to steal $6.7 million.

Do you think that cyber attacks in this month crossed the line and the Cyber Chessboard will not be the same anymore? It may be, meanwhile do not forget to follow @paulsparrows to get the latest timelines and feel free to support and improve my work with suggeastions and other meaningful events I eventually forgot to mention.

(more…)

Continue ReadingJanuary 2012 Cyber Attacks Timeline (Part 2)

February 2012 Cyber Attacks Timeline (Part I)

February 2012 brings a new domain for my blog (it’s just a hackmaggedon) and confirms the trend of January with a constant and unprecedented increase in number and complexity of the events. Driven by the echo of the ACTA movement, the Anonymous have performed a massive wave of attacks, resuming the old habits of targeting Law Enforcement agencies. From this point of view, this month has registered several remarkable events among which the hacking of a conf call between the FBI and Scotland Yard and the takedown of the Homeland Security and the CIA Web sites.

The Hacktivism front has been very hot as well, with attacks in Europe and Syria (with the presidential e-mail hacked) and even against United Nations (once again) and NASDAQ Stock Exchange.

Scroll down the list and enjoy to discover the (too) many illustrious victims including Intel, Microsoft, Foxconn and Philips. After the jump you find all the references and do not forget to follow @paulsparrows for the latest updates. Also have a look to the Middle East Cyberwar Timeline, and the master indexes for 2011 and 2012 Cyber Attacks.

Addendum: of course it is impossible to keep count of the huge amount of sites attacked or defaced as an aftermath of the Anti ACTA movements. In any case I suggest you a couple of links that mat be really helpful:

(more…)

Continue ReadingFebruary 2012 Cyber Attacks Timeline (Part I)

March 2012 Cyber Attacks Timeline (Part II)

First Part: March 2012 Cyber Attacks Timeline (Part I)

It is time for the second part of the March 2012 Cyber Attacks Timeline, a month that will probably be remembered for the breach occurred to Global Payments, a credit card processor, whose aftermath may potentially affect up to 10 million credit card holders belonging, among the others, to Visa and MasterCard.

On the hacktivism front, not even three weeks after the arrest of several LulzSec members, a new hacking crew has appeared whose name, LulzSecReborn, clearly reminds the infamous collective and its Days of Lulz. They entered the scene with a noticeable, albeit discussed, leak: more than 170.000 records from a military dating site.

Other remarkable hacktivism-led cyber attacks include the so called #OpFariseo, a wave of Cyber Attacks targeting websites related to the visit of the Pope in Mexico, and a new cyber attack to PBS. It is also important to notice the debut of the Anonymous in China, a debut characterized by a massive wave of defacements.

Last but not least, among the events of this month there is one which in particular deserves a mention, and is the leak which targeted Vector Inc., a Japanese computer selling firm, potentially affecting more than 260,000 users.

As usual after the jump you will find all the references.

If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 (regularly updated), and follow @pausparrows on Twitter for the latest updates.

(more…)

Continue ReadingMarch 2012 Cyber Attacks Timeline (Part II)

October 2012 Cyber Attacks Timeline

Click here for the first part covering the Cyber Attacks from 1 to 15 October 2012.

Here is the timeline for the main Cyber Attacks in October 2012. A month that has been characterized by hacktivism and also by several remarkable cyber crime operations.

For sure the next days will be hard for taxpayers of South Carolina, whose Department of Revenue has been targeted by foreign hackers able to access records of 3.6 million of individuals. But hard days are going to come also for banks: not only the trail of DDoS attack against U.S. Banks has continued even in the second half of the month (although different groups took credit for them), but also, on the cyber crime front, Citigroup has lost 1 million of bucks because of a loophole exploited by a ring of 13 individuals. Different motivations, same lesson: bank security needs a dramatic improvement.

Moving to hactkivism, nothing new under the sun. The pale sun of October has enlightened several operations targeting governments (Greece and Italy above all, to reflect the delicate situation of these two countries) and organization all over the world…

As usual after the jump you will find all the references.

If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 and the related statistics (regularly updated), and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

(more…)

Continue ReadingOctober 2012 Cyber Attacks Timeline