1-15 October 2014 Cyber Attacks Timeline

Here we go with the first timeline of the main Cyber Attacks happened in October (according to my personal evaluation metric).

Two weeks very active from an information security perspective. The list of attacks is quite long and heterogeneous, with massive breaches (The Snappening and a list of nearly 7.000.000 compromised accounts used to brute-force Dropbox), a rich list of cyber crime and cyber espionage campaigns, a renewed burst of the cyber war between India and Pakistan, and a couple of operations orchestrated by hacktivists.

Digging into Cyber Crime, besides the two above quoted events, we find the Mac.BackDoor.iWorm, a widespread botnet targeting OS X, and trapping 17,000 devices. The list continues with a purported attack against Yahoo, initially believed to be orchestrated exploiting the infamous Shellshock vulnerability, the ATM malware Tyupkin, supposed to have been used for stealing millions of bucks from 50 ATMs in Eastern Europe and Russia, a breach against Kmart, and, last but not least, other two (and a half) waves of leaked photos from the Snappening.

Scrolling down the Cyber Espionage events, we cannot help but notice a similar abundance of operations with a widespread usage of 0-day vulnerabilities. Just to mention several names: Sandworm, Hurricane Panda, and even an old acquaintance like Nitro.

India and Pakistan were very busy in the Cyber Space, with  defacements and leaks against a wide range of mutual targets like also the Anonymous, who kicked off #OPHK, against China and in support of Hong Kong protesters.

If you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013 and now 2014 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

1-15 October 2014 Cyber Attacks Timeline (more…)

Continue Reading1-15 October 2014 Cyber Attacks Timeline

1-15 January 2014 Cyber Attacks Timeline

It’s time for the Cyber Attacks Timeline for the first half of January 2014. I wish we had a better start for this Infosec year. Not even a month has passed (actually this timeline covers the first two weeks) and we have already seen several massive breaches (Snapchat) and other resounding events, maybe less relevant from a mere numeric perspective, but equally meaningful for the high profile of the victims involved (Microsoft).

Besides Snapchat, other important organizations have been targeted by Cyber crooks with very bad consequences: World Poker Tour (175,333), Staysure (93,000 individuals involved) and OpenSUSE (79,500 victims) are the most noticeable examples. On the cyber crime front other meaningful events include a wave of attacks against Video Games industries, and the hacking of Yahoo advertise network, infecting, potentially 27,000 users per hour.

Hacktivists of the Syrian Electronic Army are back with the result that even Microsoft is now part of the list of their victims (however their web site was also hacked in the same period). Other hacktivists very active in the same period include the infamous RedHack collective.

Last but not least, the control room of the Nuclear Plant of Monju in Japan was found infected with a malware capable of allegedly exfiltrate 42,000 emails.

As usual, if you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012 and now 2013 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

1-15 Jan 2014 Cyber Attacks Timeline

(more…)

Continue Reading1-15 January 2014 Cyber Attacks Timeline