16-30 November 2013 Cyber Attacks Timeline

It is time for the report of the cyber landscape of the second half of November.

This month will be probably remembered for the discovery of the giant breach targeting Cupid Media and involving potentially 42 million users. However, this was not the only remarkable breach of November: chronicles report of 77,000 customers of Vodafone Island having their details leaked.

Other interesting events involve a brute-force attack to GitHub, forcing several users to change password, and yet another attack against a Bitcoin Wallet (the equivalent of $1 million stole).

Not only Cyber Criminals. Even Hacktivists were particularly active in this period: the attacks of Indonesian hackers against Australian targets continued in the second part of November, as also the mutual defacements between Pakistani and Indian crews. Last but not least, the Anonymous leaked some documents and emails allegedly belonging to the Italian Governor of Lombardy and the details of 40,000 individuals from an Israeli Job search portal.

As usual, if you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012 and now 2013 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).16-30-november-2013-cyber-attacks-timeline

(more…)

Continue Reading16-30 November 2013 Cyber Attacks Timeline

1-15 September 2013 Cyber Attacks Timeline

So unfortunately the Summer is nearly gone, but, despite the sadness for the beautiful season fading away, here we are with the usual analysis of what’s happened in September from a Security Information perspective.

The main event for the first half of September is the massive attack against Vodafone Germany, potentially compromising more than 2 million customer records. Actually it was very hard to declare a main event, since even Belgacom performed was on the infosec news, unleashing some information related to a targeted attack, it was victim of. Always on the Cyber Crime front, it’s also worth to mention the failed (luckily) attack against Santander.

Nothing new under the Hacktivism front, that offered a minor revamp of the Syrian Electronic Army, despite the claims of them being dox’ed, some events in Turkey, where the cyber temperature remains hot despite the Summer fading away, and again some small attacks related to Syria and the NSA affair.

As usual, if you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012 and now 2013 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

16-31-july-2013-cyber-attacks-timeline1-15-september-2013-cyber-attacks-timeline (more…)

Continue Reading1-15 September 2013 Cyber Attacks Timeline

Fortune 500 Cyber Attacks Timeline

For the Infosec professionals, this troubled 2014 will be remembered for the trail of gigantic breaches unleashed nearly exactly one year ago, when the real outcome of the infamous Target breach became to emerge. The real extent of the breach was yet to be known, like also the fact that it would not have been an isolated case, but just the beginning of a nightmare.

However this is not the only example of a Fortune 500 company deeply hit, and thanks to a very smart hint by @bufferzone, I took the opportunity to collect in this timeline all the main cyber incidents involving Fortune 500 and Fortune 500 Global companies since 2011 to nowadays.

The adopted selection criteria take into considerations only incidents involving a direct impact on end users, so defacements have not been taken into consideration.

Fortune 500 Global companies are characterized by a blank value in the Rank column, whereas Fortune 500 companies are characterized by a red value. Also, when possible I inserted both values if the targeted company belongs to both charts and, in those cases in which a subsidiary company has been targeted, I have obviously inserted the rank of the parent company.

Fortune 500 Cyber Attacks TImeline (more…)

Continue ReadingFortune 500 Cyber Attacks Timeline

1-15 February 2014 Cyber Attacks Timeline

And here we are with the timelines of the main Cyber Attacks happened during the first half of February.

It is very hard to summarize these days from an Infosec perspective, considering the noticeable number of massive breaches: Kickstarter (potentially 5.6 million of records affected), Forbes (1 million records leaked), Orange (800,000 users impacted) and St. Joseph Health System (400,000 users affected) are the main examples, but they must not overshadow other ‘minor’ events such as the the attack against Bell.ca (‘only’ 40,000 users affected).

15 days in which Cybercrime and Hacktivism dangerously overlapped, ‘thanks’ mainly to the infamous Syrian Electronic Army, author of the hack against Forbes but also of several account hijacking attacks that have become their unique fingerprint, but also ‘thanks’ to the RedHack collective who, once again, targeted (directly or indirectly) the Turkish Government with three noticeable attacks.

Last but not least, the Cyber Espionage: the first half of February has brought us the discovery of “The Mask” (AKA Careto), a massive Operation targeting 31 countries around the world, but also the revelation of an alleged attack carried on by Huawei against the Indian provider BSNL and a further purported Chinese attack against some bio-medic industries in the U.S.

Finally, the Cyber War between India and Pakistan deserves a special mention, despite only defacements have been reported, the end of the fight is far from being reached.

As usual, if you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012 and now 2013 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

1-15 Feb 2014 Cyber Attacks Timelines (more…)

Continue Reading1-15 February 2014 Cyber Attacks Timeline