Read more at: http://ccdcoe.org/321.html

Reuters, UPDATE 1-Japan contractor hacking likely got military data -paper, October, 24, 2011, Reuters.com

Malwares, banking-malwares & more
First of all, malwares: with a daily average of 73.000 new samples of malwares, this year hackers “have created 26 percent more new threats than the corresponding period of the previous year”. Most of these malwares were Trojans, used by organized criminals to steal bank details “with which to perpetrate fraud or steal directly from victims’ accounts”.

Victims of the attacks were of course not only private individuals, but also government and institutions. in January 2011, the Pentagon Federal Credit Union reported that cyber-criminals had used an infected PC to access one of their databases containing confidential customer information, including individual’s name, address, social security number and either bank account information or credit/debit card.
In the mean time, the UK Government has suffered a targeted attack with a ZeuS variant designed “to steal not only bank account credentials but also all kinds of personal information”.
Last but not least, the European Commission, which after a theft in the Czech Republic, was forced to suspend trading in CO2 emission credits.

Stuxnet
The Israeli Army chief, General Gabi Ashkenazi, has taken credit for the Stuxnet attack in his farewell party. The effects of the malwares are now well known and feared worldwide. Due to the Stuxnet effects, Russian scientists have successfully tried to convince the Iranian Government to delay its nuclear program at least until 2012.

Cyber-activism: Northern Africa, Wikileaks, Anonymous
In the waves of the political revolts in Northern Africa, cyber activism has greatly raised this year. As we already reported, the document by PandaLabs confirms the fact that the Internet has played a crucial role in the Egyptian protests, bringing the Egyptian Government to the unprecedent decision to swith off the Internet and mobile comunications.

Several activists were arrested by the police in many European countries, accused of having partecipated in the cyber attacks in defense of Wikileaks (Operation: “Payback”).
The group Anonymous has conducted a strenous activity and it has been involved in several attack, including those against the U.S. security firm HBGary Federal and the Italian Government.

(International) cyber-espionage
The Canadian Ministry of Economy has suffered a sophisticated attack in January 2011. Altough no evidence has emerged, suspects are, once more, on Chinese hackers, probably not acting alone.
In February, security firm McAfee reported the “Operation Night Dragon“, in which at least five major global oil, energy, and petrochemical companies were attacked with the apparent intent of stealing sensitive information such as operation details, exploration research, and financial data. The attacks were mostly coming from China.
In the same time, France’s Ministry of Economy had been subject to a cyber-attack linked to China yet again. The aim of this action was to steal information about the G-20 meeting held in Paris, in February.

Sources:
Quarterly Report PandaLabs (January-March 2011), available for download at: press.pandasecurity.com/press-room/reports/

See for details & more here

Two rounds of DDOS attacks against 29 major website were reported in South Korea on Friday 4 and Saturday 5 March 2011. According to a statement released by AhnLab Inc. the attacks started at 10 a.m., targeting the presidential office Cheong Wa Dae, the Ministry of Foreign Affairs and Trade, and top lender Kookmin Bank websites between the others.

Mr. Lee Sang-kug, Commission official at the Korea Communications Commission, said to reporters that no damage was detected yet. The attacks originated from computers located in 18 countries, including the United States, Israel, Russia, Hong Kong, Taiwan, Thailand, Japan, India, Brazil and Iran, the National Police Agency (NPA) reported.

The attackers spread malicious code after having hacked two p2p sharing websites Thursday. According to AhnLab Inc., something like between 4,300 and 11,000 PCs were infected by malware that causes DDoS. The Washington Post reported an extract from an interview released by Junk Suk-hwa, head of the Cyber Terror Response Center:

“We may find more servers behind this attack as it is only the beginning of the investigation [...] Generally, there is someone else who controls all of these servers and we are working to figure out who it is.”

The DDOS attacks resemble the 2009 cyberattacks which hit the U.S. and South Korea in July. In that circumstance, North Korea was suspected by South Korean officials of being behind the attacks.

The Washington Post also reports that China is now being considered as a possible source in the latest DDOS attacks, as “a large amount of malware, or malicious software, originates from there”.
The National Police Agency has launched an investigation to trace the origin of the attacks.

Sources:
Haeran Hyun, South Korean websites come under further attack, March 5, 2011, The Washington Post
Associated Press, South Korea government websites targeted in cyber attack, March 4, 2011, The Guardian
(3rd LD) S. Korean Web sites suffer DDoS attack, March 4, 2011, Yonhap News
Nicholas Deleon, South Korea Braces Itself For More Suspicious DDoS Attacks, March 7, 2011, CrunchGear
Asavin Wattanajantra, North Korea is under cyber watch over South Korean DDoS attacks, March 7, 2011, The Inquirer
Yoo Eun Lee, South Korean websites suffer DDoS attack – who and why?, March 5, 2011, AsianCorrespondent.com

The cyberwar saga has a new chapter: Night Dragon.
After Operation Aurora (the google hacks in January 2010), Stuxnet and the Wikileaks case, the latests cyberattacks against critical infrastructures over the world add a scary episode to the history of cybersecurity. In a report released on February 10, 2011, security firm McAfee has given evidence that, in the last two years, a series of coordinated and targeted cyberattacks, primarily originating from China, have hit at least five global oil, energy, and petrochemical companies. The attacks were dubbed by McAfee as “Night Dragon”.

According to McAfee, hackers compromised hosting services in the United States and servers in Netherland, as individuals and executives in Kazakhstan, Taiwan, Greece, and the United States. Night Dragon malware infections were reported in the Americas, Europe, and Asia as well as countries in the Middle East and North Africa.

Several actors are supposed to be behind the attacks. The authors of the report state that McAfee has identified one individual located in Heze City, in Shandong Province, China. Altough it is unlikely that this person was the mastermind behind the intrusions, McAfee thinks that he/she could have information that could help identify the individuals or groups who were behind the attacks. Investigations suggest that involving individuals were probably “company men” working in regular jobs, rather than freelance hackers.

According to the report, the situation is alarming. From government and military computers, nowadays the attacks are targeting also global corporate and commercial organizations. In the last years, several industries and organizations have been victim of continuous and persistent cyberespionage.
Being vital for organizations the ability to ensure the integrity of their intellectual property, the report call for an immediate take of action by enterprises in the field of information security.

Sources:
Global Energy Cyberattacks: “Night Dragon”, February 10, 2011, McAfee Foundstone Professional Services and McAfee Labs (White Paper)
Hackers hit ‘at least five oil and gas firms’, February 10, 2011, BBC News
John Markoff, Hackers Breach Tech Systems of Oil Companies, February 10, 2011, The New York Times
Tania Branigan, Chinese hackers targeted energy multinationals, claims McAfee, February 11, 2011, The Guardian

One third of internet users in the EU27  suffered at least a computer infection in 2010. Highest shares were found by Eurostat in countries like Bulgaria (58%), Malta (50%), Slovakia (47%), Hungary (46%) and Italy (45%), lowest shares were found in Austra (14%).

4% of internet users were also victims of privacy violations and abuse of personal informations; 3% suffered financial loss due to phishing or pharming attacks or fraudulent payment card use.
This statistic are part of the report released by Eurostat in connection with the Safer Internet Day (February 8, 2011) organised by INSAFE, a European internet safety network co-funded by the European Commission.

Source:
Nearly one third of internet users in the EU27 caught a computer virus, February 7, 2011, Eurostat News Release

PRLog (Press Release) – Feb 08, 2011 – Stamford, CT. Colonel Daniel J. Ragsdale, PhD, Vice-Dean of Education, US Military Academy at West Point, and former Director of the Information Technology and Operations Center (ITOC) at USMA, will speak on CYBER WAR: THREATS TO NATIONAL SECURITY at the Great Decisions free program at the Greenwich Library on February 28 at 7 P.M.

Colonel Ragsdale has over 27 years of military service. From the mid-1990s through 2005 many of his duties focused on the topic of information security and information assurance (IA) research and education. He has been a frequent speaker and panelist at national and international IA conferences and he has authored dozens of scholarly papers and articles on IA and related topics. A graduate of West Point, he holds a Ph.D. from Texas A&M University (Computer Science).
Refreshments are courtesy of the Greenwich Library, a co-sponsor of the program.

Great Decisions, a program of the Foreign Policy Association, is presented by the World Affairs Forum, whose mission is to expand understanding of global affairs and America’s role in the world. The Forum is an affiliate of the World Affairs Councils of America. Programs, schedules and membership information are available at www.WorldAffairsForum.org.

# # #

The World Affairs Forum is a non-profit, non-partisan community organization dedicated to educating its members and the public about international developments and America’s role in the world. www.worldaffairsforum.org
Affiliate of WACA.

“Operation Italy”, this is the codename of the Distributed Denial of Service attack which hit the Italian Government’s Website today, at 3pm (local time).

In a manifest appeared some days ago, the group Anonymous denounced the Italian Government of having led the country into an untenable political and economic situation. In an interview released to the Italian radio Radio 24, a member of the group said that no data were stolen, as the aim of the attack was just to create an equivalent of a normal strike, but in the Internet: “it is like if you can’t see a shop’s showcase because there are too many people protesting in front of it”.

Although of the attacks, the website www.governo.it didn’t shutdown completely, but italian users found many difficultes in accessing the home page of the website, country’s newspaper Corriere della Sera reports.

Mr. Sergio Mariotti, manager at the country’s postal police, stated today that the Police has been watching attentively the state of the Internet in Italy since the Wikileaks case. An unsuccessful attack against the Government’s Website, Mariotti added, was reported in the last week by the Police.

Source:
Federico Cella,  Anonymous contro Governo.it, February 6, 2010, Corriere della Sera.it
Attacco hacker al sito del governo La Polizia: “Nessun furto di dati”, February 6, 2010, La Repubblica.it
Hacker Anonymous attacca il sito del governo italiano. Problemi di caricamento, February 6, 2010, Il Sole 24 Ore