If you believed (or maybe hoped) that the Christmas atmosphere could curb the crooks’ intentions, you will be disappointed: the first timeline of December reports 48 events, with several remarkable cases in all the sectors.
DDoS has played an important role in this fortnight with at least two important occurrences: a massive attack has mined the Internet root DNS infrastructure, and another one has crippled for a couple of days JANET, the UK network for research and education.
Hacktivists have been equally quite active, members of the Anonymous collective have carried on several operations against the streaming provider of the United Nation Framework Convention on Climate Change, Donald Trump, the website of the Japanese Prime Minister and the European Space Agency.
Last but not least China is still (allegedly) on the spot for Cybercrime., with a purported attack against the Australian Bureau of Meteorology, and a campaign against Hong Kong Journalists characterized by the utilization of a C&C infrastructure hosted on Dropbox. Another important event in this sector concerns the discovery of Packrat, a long lasting campaign (seven years) focused on targeting several countries in South America (and during the analysis one of the hackers threatened a researcher to put a bullet in his brain).
If you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014 and now 2015 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.
Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).
ID Date Author Target Event Description Attack Target
1 01/12/2015 ? DNS Root Servers On November 30, 2015 and December 1, 2015, over two separate intervals, several of the Internet Domain Name System's root name servers are the target of a massive DDoS attack. DDoS Org: Internet Services CC >1 http://arstechnica.com/security/2015/12/attack-flooded-internet-root-servers-with-5-million-queries-a-second/
2 01/12/2015 ? Mobile users in Singapore The Association of Banks in Singapore (ABS) warns mobile users of a new malware targeting banking services and hijacking sensitive data such as credit card details and one-time passwords (OTPs). The malware affects both Android and iOS devices. Mobile Malware Single Individuals CC SG http://www.zdnet.com/article/singapore-consumers-warned-of-malware-targeting-mobile-banking-services/
3 01/12/2015 ? Kalahari Resorts Kalahari Resorts announces that its Ohio and Wisconsin resorts have been hit by a point-of-sale (POS) breach between March 9 and June 8. PoS Malware Industry: Hotel and Resort CC US http://www.scmagazine.com/second-wisconsin-dells-based-resort-hit-by-breach/article/458238/
4 01/12/2015 ? SMSGlobal
The Guardian reveals that an unknown hacker, on April 2015, tried to send 4M text messages saying “death to the Jews", using the data stolen from a 2013 breach of SMSGlobal, to abuse the network of DU, a UAE mobile operator. Unknown Industry: Telco CC UAE http://www.theguardian.com/technology/2015/dec/01/hacker-sent-death-to-the-jews-text-messages-after-breach-in-phone-network
5 01/12/2015 Muslim Electronic Army The Barbados Advocate The Barbados Advocate, the second most dominant daily newspaper in the country of Barbados is defaced by the Muslim Electronic Army. Defacement News H BB http://www.nationnews.com/nationnews/news/75091/advocates-site-hacked
6 02/12/2015 China Australian Bureau of Meteorology
China is blamed for a major cyber attack on the computers at the Australian Bureau of Meteorology (bom.gov.au), which has compromised sensitive systems across the Federal Government. Targeted Attack Government CE AU http://www.abc.net.au/news/2015-12-02/china-blamed-for-cyber-attack-on-bureau-of-meteorology/6993278
7 02/12/2015 [email protected] Hong Kong based journalists Researchers from FireEye Labs identify a new campaign targeting Hong Kong based journalists. The campaign is characterized by the usage of Dropbox to host the C&C infrastructure. The group, dubbed [email protected] is suspected to originate from China. Targeted Attack Several Individuals CE HK http://www.theregister.co.uk/2015/12/02/hong_kong_hacks_hacked_in_democracy_protest_yap_flap/
8 02/12/2015 Anonymous Meta-Fusion GmbH
The second round of the campaign of the Anonymous against the Cop21 (the United Nations Conference of Climate Change) kicks off. The hacktivists hack the website of Meta-Fusion GmbH, a Germany-based official Webcast Streaming Service Provider for the UNFCCC, and leak the login credentials of the company’s employees. SQLi Industry: Web Streaming H DE https://www.hackread.com/anonymous-hacks-un-climate-changes-webcast-service-provider/
9 02/12/2015 @Smitt3nz AKA Rubber http://www.igcd.net/ @Smitt3nz AKA Rubber hacks igcd.net and dumps 1,452 usernames and hashed passwords. SQLi Online Games CC FR http://siph0n.in/exploits.php?id=4266
10 03/12/2015 Ropertus JD Wetherspoon JD Wetherspoon reveals that its website has been hacked between 15 and 17 June this year, resulting in the potential loss of customer data including names, dates of birth, email addresses and phone numbers, as well as a small amount of credit card records. The breach could potentially impact 656,723 users. SQLi Industry: Hospitality CC UK http://www.zdnet.com/article/jd-wetherspoon-loses-data-of-over-650000-customers-in-cyberattack/
11 03/12/2015 NetherlandsMoDz http://apgschool.com/ NetherlandsMoDz hacks apgschool.com and dumps 1.087 records with usernames and hashed passwords. Unknown Education CC BH http://pastebin.com/UAQakZ2N
12 03/12/2015 NetherlandsMoDz http://www.springfieldnutra.com NetherlandsMoDz hacks springfieldnutra.com and dumps 1.087 records with usernames and hashed passwords. Unknown Organization: nutraceutical CC NL http://pastebin.com/6YXaFr97
13 04/12/2015 ? TuneCore Tunecore Database is breached. The company reveals that the data that may have been accessed includes names, email, addresses, mailing addresses, account numbers, and passwords. Unknown Industry: Music CC US http://help.tunecore.com/app/answers/detail/a_id/669
14 04/12/2015 ap3x h4x0r http://saifa.ir/ ap3x h4x0r from the Anonsec collective hacks saifa.ir and dumps 11,792 records. SQLi Industry: E-Commerce CC IR http://pastebin.com/ftXELSC5
15 05/12/2015 darkshadow-tn >200 Indian Websites Another episode of the Cyberwar between India and Pakistan. Using the hashtag #FreeKashmir, a hacker called darkshadow-tn from the AnonCoders collective defaces over 200 Indian Websites. Defacement >1 CW IN http://thehackednews.com/2015/12/200-indian-websites-hacked-by-anoncoders/
16 06/12/2015 ? Nexus Mods
Nexus Mods announces a potential database breach. The breach includes information for about 6 million users, but the database that was breached was last updated on July 22nd, 2013. Unknown Online Games CC US http://www.slashgear.com/nexus-mods-reports-database-breach-08417627/
17 06/12/2015 ? Jim Ross Twitter Account
Unknown hackers hijack the Twitter account of Jim Ross and post the fake news of his death to his 1.3 million followers. Account Hijacking Single Individual CC US http://www.welivesecurity.com/2015/12/07/hackers-announce-wwes-jim-ross-dead-wrestling-control-twitter-account/
18 07/12/2015 ? DailyMotion
Malwarebytes reveals the details of a malvertising campaign targeting DailyMotion, the popular French video sharing site, surreptitiously distributing the Angler Exploit Kit to its victims. Malvertising Video Sharing CC FR https://blog.malwarebytes.org/malvertising-2/2015/12/malvertising-hits-dailymotion-serves-up-angler-ek/
19 07/12/2015 ? Janet UK publicly-funded academic computer network Janet comes under a persistent DDoS attack today. DDoS Organization: NREN CC UK http://www.theregister.co.uk/2015/12/07/janet_under_persistent_ddos_attack/
20 07/12/2015 @Smitt3nz AKA Rubber http://artrookie.co.uk @Smitt3nz AKA Rubber hacks artrookie.co.uk and dumps 1,710 usernames and hashed passwords. SQLi Industry: E-Commerce CC UK http://siph0n.in/exploits.php?id=4275
21 07/12/2015 Freedom Cry 400 Websites A Muslim hacker dubbed Freedom Cry from the Anonymous R4BIA collective defaces 400 websites in a single shot to spread a message pro-Islam. Defacement >1 H N/A http://www.databreaches.net/uk-social-networking-site-xat-hacked-user-database-acquired-by-hackers/
22 07/12/2015 GrenXPaRTa http://www.befriending.co.uk GrenXPaRTa hacks befriending.co.uk and dumps 7325 usernames and hashed passwords. Unknown Online Services CC UK http://grenxparta.blogspot.co.id/2015/12/hacked-leak-and-dump-site.html
23 08/12/2015 Packrat Several countries in South America Researchers at Cyphort and Citizen Lab reveals the details of a hacker group who has spent the past seven years targeting countries in South America with malware campaigns, phishing attacks, and fake news organizations. The hacker group is given the name "Packrat" based upon its preference for embedded remote access trojans (RATs). Targeted Attack >1 CE >1 https://grahamcluley.com/2015/12/packrat-gang-targeted-south-america-malware-seven-years/
24 08/12/2015 Cadelle
Individuals and entities inside Iran and abroad Symantec reveals the details of two groups, most likely based out of Iran, which have been conducting a sophisticated cyber surveillance campaign targeting individuals and entities inside Iran and abroad since July 2014, and possibly as early as 2011. The groups are named Cadelle and Chafer. Targeted Attack >1 CE >1 http://www.darkreading.com/attacks-breaches/-iranian-groups-conducting-sophisticated-surveillance-on-middle-eastern-targets/d/d-id/1323468?
25 08/12/2015 ? Middlesex Hospital The Middlesex Hospital in Connecticut reveals that the personal information of almost 1,000 patients could have been compromised through a phishing scam.
Account Hijacking Health CC US http://www.scmagazine.com/phishing-scam-hits-middlesex-hospital-in-conn/article/458813/
26 08/12/2015 ? Elephant Bar CM Ebar, LLC, the owner of Elephant Bar restaurants, announces that a PoS malware breach may have affected the information of customers at 29 locations in California, Colorado, Arizona, Missouri, Nevada, New Mexico, and Florida. PoS Malware Industry: Restaurant CC US http://www.scmagazine.com/elephant-bar-announced-a-point-of-sale-breach-that-affected-29-locations-in-seven-states/article/458707/
27 08/12/2015 ? Cricket South Africa Facebook Page The Cricket South Africa page is hacked, and the hackers post racist and sexual content on the page. Account Hijacking Sport CC ZA https://www.hackread.com/cricket-south-africa-facebook-page-hacked/
28 08/12/2015 ? Official Twitter Account of Pakistani Journalist Hamid Mir
The official Twitter account of Pakistani journalist Hamid Mir is hacked by an unknown hacker, apparently pro-ISIS, who leaks screenshots of his personal emails to the 1.7M followers. Account Hijacking Single Individual H PK https://www.hackread.com/pakistani-journalist-hamid-mir-twitter-account-hacked/
29 09/12/2015 ? WP Engine Popular WordPress-specific hosting provider WP Engine is apparently the victim of a data breach, and forces their customers to change their passwords. Unknown Industry: Web Hosting CC US http://www.net-security.org/secworld.php?id=19221
30 09/12/2015 Anonymous http://www.trumptowerny.com/ The Anonymous set their sight to Donald Trump and take down the website for Donald Trump's trademark New York City skyscraper (trumptowerny.com). DDoS Industry: Real Estate H US http://edition.cnn.com/2015/12/11/politics/donald-trump-tower-anonymous-hackers/
31 09/12/2015 Anonymous The website of Japan's Prime Minister Shinzo Abe
The website of Japan's Prime Minister Shinzo Abe (s-abe.or.jp) is taken down by a DDoS attack. The hacktivist collective Anonymous is suspected to be the author of the attack the site in protest of the nation's whale hunting policy. DDoS Single Individual H JP http://www.japantimes.co.jp/news/2015/12/10/national/anonymous-hacker-takes-credit-for-shutting-down-prime-ministers-website/#.VnV2KvG1_id
32 09/12/2015 ? The Guardian FireEye labs reveal that an archived article on The Guardian website that investigates cybercrime distributes malware via the Angler Exploit Kit.
Malicious Script Injection News CC UK http://www.zdnet.com/article/guardian-article-on-cybercrime-serves-up-malvertising/#!
33 09/12/2015 ? The Independent Blog
The Independent’s blog-hosting site is the victim of a malvertising campaign that targets visitors with a ransomware. Malvertising News CC UK http://www.theguardian.com/media/2015/dec/09/independent-blog-site-ransomware-hackers-viruses
34 09/12/2015 ? Swedish House Mafia Facebook Page The Facebook page of the Electronic Dance Music Group Swedish House Mafia is hacked and the attacker posts some offending images of Miley Cyrus. Account Hijacking Industry: Music CC SE https://thump.vice.com/en_us/article/swedish-house-mafias-facebook-got-hacked
35 10/12/2015 ? Easily In a letter to customers, UK web hosting firm Easily.co.uk reveals to have suffered a targeted attack which exposed an unspecified number of customer domain names. Targeted Attack Industry: Web Hosting CC UK http://www.infosecurity-magazine.com/news/uk-web-hoster-easily-hit-by/
36 10/12/2015 Armada Collective Moonfruit After suffering a DDoS attack by the infamous Armada Collective, Moonfruit takes down all the websites to enhance the defences and avoid to pay the ransom. DDoS Industry: Web Hosting CC UK http://www.bbc.co.uk/news/technology-35091534
37 11/12/2015 ? Danish Parliament website
The Danish Parliament website folketinget.dk is taken offline in a DDoS attack. DDoS Government CC DK http://www.scmagazine.com/ddos-attack-knocks-danish-parliament-website-offline/article/459253/
38 11/12/2015 ? Single Individuals using Alibaba.com Researchers from Comodo identify a new phishing attack targeted specifically at businesses and consumers who may use Alibaba.com. Account Hijacking Industry: E-Commerce CC CN https://blog.comodo.com/comodo-news/alibaba-phishing-attack/
39 13/12/2015 g0tchack City of Providence
A hacker called g0tchack hacks the website of the CIty of Providence and asks for a ransom of 1BTC (358USD worth) to give the data back. Unknown Government CC US http://wpri.com/2015/12/13/providence-city-website-was-hacked/
40 14/12/2015 ? Turkey National Domain Registrar
Turkey National Domain Registrar NIC.tr is the victim of a sustained DDoS attack that affect the entire national Internet infrastructure. DDoS Internet Services CW? TR http://www.dailydot.com/politics/turkey-ddos-attack-tk-universities/
41 14/12/2015 ? Websites running Joomla Sucuri identifies a wave of cyber attacks against websites running the Joomla Content Management System exploiting an unpatched a critical remote command-execution vulnerability. Unpatched Vulnerability >1 CC >1 http://arstechnica.com/security/2015/12/hackers-actively-exploit-critical-vulnerability-in-sites-running-joomla/
42 14/12/2015 ? Several Twitter users Twitter warns dozens of users that their account data may have been targeted by state-sponsored hackers. The list includes security researchers, journalists, and activists. Account Hijacking Several Individuals CE >1 http://arstechnica.com/tech-policy/2015/12/beware-of-state-sponsored-hackers-twitter-warns-dozens-of-users/
43 14/12/2015 ? Comcast Researchers at Malwarebytes identify a malvertising campaign targeting Comcast Users via the Xfinity search page. Malvertising Industry: Telco Industry: Telco US https://blog.malwarebytes.org/malvertising-2/2015/12/comcast-customers-targeted-in-elaborate-malvertising-attack/
44 14/12/2015 Anonymous Several ESA domains:
Members of the online hacktivist Anonymous hacks several subdomains of the European Space Agency website and leak personal and login credentials of more than 8000 subscribers and officials SQLi Organization: Space Agency H N/A https://www.hackread.com/anonymous-hacks-european-space-agency-domains/
45 14/12/2015 Islamic Cyber Army Military Officials in France and US In reaction to the campaign of the Anonymous against ISIS, the group leaks personal data, and claims that it belongs to military officials in France and US. Unknown Military CW US
46 14/12/2015 ProjectDump http://www.bluebooktrader.com/ ProjectDump hacks bluebooktrader.com and dumps 6,187 usernames and hashed passwords. Unknown Online Services CC CA http://pastebin.com/Dmjb4SeJ
47 15/12/2015 ? Several Internet Services in Boston Several Internet services in Boston are disrupted by a DDoS attack, defines as a “minor act of cybervandalism”. The outage, affects city agencies and the police and fire departments. DDoS Government CC US http://www.bostonherald.com/news/local_coverage/2015/12/officials_call_city_hall_cyberattack_minor
48 15/12/2015 ? Swiss Cleaners The dry cleaning firm Swiss Cleaners suffered a point of sale data breach that could have potentially stolen the data from every payment card type used in the eight-store chain for almost one year. PoS Malware Industry: Dry Cleaners CC US http://www.scmagazine.com/pos-attack-hits-swiss-cleaners-for-10-months/article/459952/