1-15 October 2015 Cyber Attacks Timeline

October is proving to be very complicated from an Infosec perspective, so I am publishing this timeline in the middle of the turmoil in the wake of the  breach that has affected TalkTalk.

Unfortunately this month has started in the worst possible way with the massive breaches targeting T-Mobile US (result of a cyber attack to Experian affecting potentially 15 million US users) and Scottrade (affecting 4.6 million users). In particular the attack to Scottrade has not been isolated, delineating a possible trend: other two companies operating in the same space, FXCM and E-Trade, have revealed to have suffered similar attacks. But the bad news does not end here, and the case of Dow Jones & Co. is paradoxical: the company has disclosed the details of two breaches in the space of a single week.

Moving to Cyber Espionage, this fortnight reports the discovery of an APT using fake profiles on Linkedin (Threat Group 2889) and the revelations of a 2014 cyber attack against the South Korea subway system, purportedly orchestrated by North Korea.

Other remarkable events include the DDoS attacks against two major Japanese airports (Narita and Chubu) executed by the Anonymous Collective in name of #OpKilling Bay (the campaign against the dolphin slaughter) and against several Belgian Government websites executed by the local branch of the same collective.

If you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014 and now 2015 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

Access the timeline in Google Sheet format: spreadsheets-32

IDDateAuthorTargetDescriptionAttackTarget
Class
Attack
Class
CountryLink
101/10/2015?T-Mobile US
(via Experian)
Hackers break into a server and make off with names, driver license numbers, and other personal information belonging to more than 15 million US consumers who applied for cellular service from T-Mobile. The breach is the result of an attack on a database maintained by credit-reporting service Experian, which was contracted to process credit applications for T-Mobile customers and affects people who applied for T-Mobile service from September 1, 2013 through September 16 of this year.SQLi?Industry: Mobile TelcoCCUShttp://arstechnica.com/security/2015/10/highly-personal-data-for-15-million-t-mobile-applicants-stolen-by-hackers/
201/10/2015?American Bankers
Association
The American Bankers Association (ABA), based in Washington, D.C., notifies more than 6,000 ABA shopping cart users of a breach that exposed their personal information.UnknownOrganization: Professional AssociationCCUShttp://www.aba.com/About/Pages/Alert.aspx
301/10/2015?FXCMForeign-exchange broker FXCM privately informs clients to have suffered a data breach and that the attackers have been able to stole funds from some accounts.UnknownIndustry: Financial ServicesCCUShttp://news.softpedia.com/news/hackers-breach-fxcm-currency-broker-initiate-illegal-transactions-493663.shtml
401/10/2015?Multiple Sclerosis
Society
http://www.mssociety.org.uk
Multiple Sclerosis Society warns website users their personal details might have been compromised via a malicious software discovered on its systems.MalwareOrg: CharityCCUKhttp://www.thirdsector.co.uk/ms-society-warns-website-users-personal-details-compromised/communications/article/1366742
502/10/2015?ScottradeOnline stock brokerage Scottrade has suffered a breach that exposed the personal information of 4.6 million customers. Scottrade officials said in an online advisory that the breach happened in late 2013 or early 2014 and exposed social security numbers, e-mail addresses and "other sensitive information".UnknownIndustry: Financial ServicesCCUShttp://arstechnica.com/security/2015/10/scottrade-breach-exposes-sensitive-data-for-4-6-million-customers/
602/10/2015?David Jones
Limited
http://www.davidjones.com.au
Premium retailer David Jones says its website has been hacked and private customer data stolen.
website.
UnknownIndustry: RetailCCAUhttp://www.theaustralian.com.au/business/latest/david-jones-website-hacked/story-e6frg90f-1227553931692
703/10/2015Hell Shield Hackershttp://www.mspkp.gov.pkA group of Indian hackers calling themselves Hell Shield Hackers defaces a Pakistani government website called Municipal Services Program Khyber Pakhtunkhwa (Khyber Paktunkhwa is a province in Pakistan) (www.mspkp.gov.pk) apparently in retaliation against Pakistani hackers.DefacementGovernmentCWPKhttp://www.dnaindia.com/india/report-indo-pak-cyber-war-indian-hackers-deface-pakistani-website-2131410
804/10/2015?Kennebec County
Phone System
The Kennebec County phone system is hacked topping 2,100 calls in a weekend.UnknownGovernmentCCUShttps://www.centralmaine.com/2015/10/06/kennebec-countys-phone-system-hacked-over-weekend/
904/10/2015sup3rm4n, j0shua3w, https://intranet.on.br
http://euler.on.br
Two Brazilian hackers deface two government-owned domains. The target is the Brazilian Institute of research and development in Astronomy, Geophysics and Meterology of Time and Frequency, which has two of its domains defaced (intranet.on.br and euler.on.br).DefacementGovernmentCCBRhttps://www.hackread.com/brazilian-hackers-question-corruption-nsa-snooping/
1005/10/2015North KoreaSouth KoreaHa Tae-Kyung, a Seoul lawmaker, cites intelligence reports stating that North Korea is suspected of having launched a cyber attack last year on the South Korean capital's subway system that carries millions of commuters every day.Targeted AttackGovernmentCWKRhttp://www.securityweek.com/north-korea-suspected-hacking-seoul-subway-operator-mp
1105/10/2015?Peppermill Resort Spa CasinoAn undisclosed number of individuals are being notified that an attack may have compromised credit and debit cards used between October 2014 and February 2015 at the front desk of the Reno, Nev.-based Peppermill Resort Spa Casino.
UnknownIndustry: HospitalityCCUShttp://www.scmagazine.com/payment-card-breach-at-peppermill-resort-spa-casino-in-reno/article/447433/
1205/10/2015AnoncodersRadio Tel Aviv
http://102fm.co.il/
Palestinian hackers identifying themselves as "Anoncoders," deface Radio Tel Aviv's website (102fm.co.il), uploading a message that states: "We are always here to punish you." DefacementRadio BroadcastingHILhttp://www.ynetnews.com/articles/0,7340,L-4707155,00.html
1305/10/2015?divxtotal.comz
elitetorrent.net
mejortorrent.com
estrenosdtl.com
bajui.com
tomadivx.org
Malwarebytes detects a new malvertising campaign on six of Spain's biggest torrent sites, exposing around 84.2 million users to the CryptoWall ransomware.MalvertisingTorrentCCEShttp://news.softpedia.com/news/malvertising-campaign-hits-top-spanish-torrent-sites-493914.shtml
1405/10/2015NetPirates AKA @TheNetShiphttp://www.bharatlaws.com/NetPirates hack bharatlaws.com and dump >10,000 usernames and clear text passwords.SQLiIndustry: E-CommerceCCINhttp://siph0n.net/exploits.php?id=4096
1506/10/2015?Unnamed OrganizationResearchers from Cybereason discover a novel technique used to gain persistence in an (unnamed) organization's environment to harvest employees' authentication credentials. The attack involves a malicious module loaded onto Microsoft Outlook Web Application (OWA).Targeted AttackN/ACEN/Ahttp://www.net-security.org/secworld_main.php?p=2
1606/10/2015Th3 Ap3xWindsor University School of Medicine
http://www.windsormed.org/
Th3 Ap3x from Anonsec hacks windsormed.org and dumps >6000 records with student infoSQLiEducationCCUKhttp://siph0n.net/exploits.php?id=4097
1707/10/2015Threat Group 2889>1Researchers at Dell's SecureWorks release an analysis of a hacking crew dubbed Threat Group 2889, which is using at least 25 bogus but thoroughly developed LinkedIn profiles to draw in potential targets in telecoms, government agencies, and defence contractors.Targeted Attack>1CE>1http://www.zdnet.com/article/the-fake-linkedin-recruiter-network-hackers-are-using-to-reel-in-business-users/
1807/10/2015?LoopPayThe New York Times reveals that months before its technology became the centerpiece of Samsung’s new mobile payment system, LoopPay, a small Massachusetts subsidiary of the South Korean electronics giant, was the target of a sophisticated attack by a group of government-affiliated Chinese hackers.Targeted AttackIndustry: Mobile PaymentCEUShttp://www.nytimes.com/2015/10/08/technology/chinese-hackers-breached-looppay-a-contributor-to-samsung-pay.html?_r=0
1907/10/2015Alister MaclinBitcoinA Russian man that calls himself "Alister Maclin" has been disrupting the Bitcoin network for over a week, creating duplicate transactions, and annoying users.Bitcoin Malleability AttackBitcoin ExchangeCCN/Ahttp://motherboard.vice.com/read/i-broke-bitcoin
2008/10/2015?Six of the most successful Fifa video gamers:
AnesonGib, W2S, Nepenthez, Nick28T, Bateson87, matthdgamer
Six of the most successful Fifa video gamers to feature on YouTube are targeted by cyber-thieves, who are able to steal millions of Fifa coins, the in-game currency, and deleted valuable players. The attackers are thought to have convinced manufacturer EA Sports to transfer their victims' Origin accounts to email addresses they controlled.
Account HijackingSingle IndividualsCCUKhttp://www.bbc.co.uk/news/technology-34442322
2109/10/2015?Dow Jones & Co.Dow Jones & Co. reveals that hackers had gained unauthorized entry to its systems, accessing contact information for current and former subscribers in order to send fraudulent solicitations. The data breach potentially accessed payment card information for fewer than 3,500 individuals.UnknownIndustry: News And PublishingCCUShttp://www.wsj.com/articles/dow-jones-discloses-customer-data-breach-1444406517
2209/10/2015?E-TradeE-Trade notifies about 31,000 customers this week that some of their personal information may have been accessed during a cyberattack in late 2013.Targeted AttackIndustry: Financial ServicesCCUShttps://www.washingtonpost.com/news/the-switch/wp/2015/10/09/e-trade-notifies-31000-customers-that-their-contact-info-may-have-been-breached-in-2013-hack/
2309/10/2015Sally-Anne Jones
(Umm Hussain Britaniya)
Army Sgt. Dillard Johnson
Navy SEAL Rob O’Neill
Sally-Anne Jones, a well known ISIS supporter, through her Twitter account Umm Hussain Britaniya, leaks the addresses of Army Sgt. Dillard Johnson, and Navy SEAL Rob O’Neill, urging lone-wolf terrorists in the U.S. to take them down.UnknownSingle IndividualsHUShttp://www.nydailynews.com/news/national/isis-fanatic-leaks-addresses-decorated-u-s-soldiers-article-1.2391942
2409/10/2015?Israeli Public SectorResearchers from Check Point disclose the details of a campaign targeting the Israeli public sector, using the MWI (Microsoft Word Intruder) exploit kit to deliver a modified version of the Zeus malware.Targeted AttackGovernmentCEILhttp://blog.checkpoint.com/2015/10/09/israeli-public-sector-targeted-by-zeus-trojan-hidden-in-a-word-document/
2509/10/2015Comcastkidshttp://shopatsullivan.comA crew of hackers called Comcastkids hacks shopatsullivan.com and dumps more than 10,000 accounts.SQLiIndustry: E-CommerceCCUShttp://siph0n.net/exploits.php?id=4110
2610/10/2015AnonymousNarita International Airport
http://www.narita-airport.jp

Chubu Centrair International Airport
http://www.centrair.jp
In name of #OpKillingBay the online protest against the dolphin slaughter, the Anonymous take down the two main Japanese Airports: Narita International Airport (www.narita-airport.jp) and Chubu Centrair International Airport (www.centrair.jp).DDoSAirportHJPhttps://www.hackread.com/op-killingbay-anonymous-attacks-japanese-airports/
2711/10/2015Anonymous BelgiumFederal Public Services Home Affairs
http://www.ibz.fgov.be

Official website of Belgian Prime Minister Charles Michel
http://www.premier.be

Brussels parliament
http://www.parlbruparl.irisnet.be/
The Belgian branch of the Anonymous collective takes down the official websites of Belgian Prime Minister Charles Michel, the Brussels parliament and the website of Federal Public Services Home Affairs.
DDoSGovernmentHBEhttps://www.hackread.com/anonymous-targetes-belgian-govt-websites/
2812/10/2015?America’s Thrift StoresAnother charity store hacked: America’s Thrift Stores, an organization that operates donations-based thrift stores throughout the southeast United States, says to have been the victim of a malware-driven security breach that targeted software used by a third-party service provider.MalwareIndustry: Charity ShopCCUShttp://krebsonsecurity.com/2015/10/credit-card-breach-at-americas-thrift-stores/
2913/10/2015?Daily MailMalwarebytes discloses in a blog post that the "sophisticated" attack, previously documented as targeting eBay and Yahoo, has now turned its attention to the Daily Mail, a popular UK-based news publication which accounts for millions of monthly visitors.
MalvertisingNewsCCUKhttp://www.zdnet.com/article/angler-targets-156-million-uk-daily-mail-readers-in-malvertising-spree/
3013/10/2015Kuroi SHUniformed Services University
https://www.usuhs.mil
A hacker going with the online handle of Kuroi SH defaces several domains of the United States based Uniformed Services University and leaks 2014 login credentials online.
UnknownMilitaryCCUShttps://www.hackread.com/uniformed-services-university-domain-hacked/
3114/10/2015Fin5Unnamed CasinoAccording to two FireEye researchers, an un-named Casino has lost 150,000 credit cards after being raided by the Fin5 hacking group.Targeted AttackIndustry: HospitalityCCN/Ahttp://www.theregister.co.uk/2015/10/14/jackpot_new_hacking_group_steals_150000_credit_cards_from_casino/
3214/10/2015@An0nBlank AKA HTGz Terminal
Royal Institution of Chartered Surveyors
http://www.ricsasia.org
@An0nBlank AKA HTGz Terminal hacks ricsasia.org (Royal Institution of Chartered Surveyors) and dumps 3,410 records.SQLiOrg: Professional BodyCCUKhttps://twitter.com/An0nBlank/status/654266850046554112
3315/10/2015?Electronic ArtsAccount details of some 600 Electronic Arts (EA) customers are apparently leaked on Pastebin. The company has yet to confirm that the leak is genuine, but they are "taking steps to secure any account that has an EA or Origin user ID that matches the usernames on this list".UnknownIndustry: Video GamesCCUShttp://www.csoonline.com/article/2993909/data-breach/data-dump-suggests-possible-breach-at-electronic-arts.html
3415/10/2015Abdellah ElmaghribiAdult Magazine
http://adult-mag.com/
An Islamist hacker called Abdellah Elmaghribi defaces Adult Magazine, an online blog about graduate students having sex.DefacementAdult SiteHUShttp://gawker.com/islamist-terrorists-hack-pretentious-brooklyn-sex-zine-1736775518
3515/10/2015Implosionhttp://pharmafellows.rutgers.edu/A hacker dubbed Implosion hacks the Rutgers University Pharmaceutical Industry Program and dumps 1057 usernames and hashed passwords.SQLiEducationCCUShttp://pastebin.com/14ZudLcB
3616/10/2015?Dow Jones & Co.A new breach targeting Dow Jones & Co. Bloomberg reveals that a group of Russian hackers infiltrated the servers and stole information to trade on before it became public. The probe began at least a year ago.UnknownIndustry: News And PublishingCCUShttp://www.bloomberg.com/news/articles/2015-10-16/russian-hackers-of-dow-jones-said-to-have-sought-trading-tips

3 thoughts on “1-15 October 2015 Cyber Attacks Timeline

Leave a Reply

%d bloggers like this: