1-15 November 2016 Cyber Attacks Timeline

It’s time to publish the first Cyber Attack Timeline of November, covering the main events occurred between 1 and 15 November 2016.

The crown of “breach of the fortnight” goes to Adultfriendfinder.com, hacked again with the consequent leak of a stunning 412 million records. Other massive breaches include the leak of 780,000 job applicants’ records suffered by Michael Page and the one affecting the confidential personal records of over 34 million residents in the Indian state of Kerala

The City of El Paso has also been hit hard and robbed of about $3 million after a phishing scam, like Tesco Bank, whose 9,000 customers had money stolen from their account for a total cost of the attack of GBP 2.5 M (USD 3M).

On the Cyber Espionage front this fortnight has seen the return of APT28 and APT29, whilst the Anonymous came out of the blue, DDoSing Scotland Yard in retaliation for the arrests during the annual Million Mask March in London.

As usual, if you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014, 2015 and, in a bit, 2016 (regularly updated). You may also want to have a look at the Cyber Attack Statistics that are regularly published, and follow @paulsparrows on Twitter for the latest updates.

Additionally, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts), and if useful, you can access the timeline in Google Sheet format: spreadsheets-32

IDDateAuthorTargetDescriptionAttackTarget ClassAttack ClassCountry
101/11/2016?PageGroupUK-based global recruitment firm PageGroup confirms that an alleged lone hacker broke into its network and illegally accessed job applicants' personal information. The data breach occurred when the hacker infiltrated a development server run by Capgemini, PageGroup's IT outsourcer.UnknownIndustry: RecruitmentCCUK
201/11/2016?MacOS UsersCylance discovers a massive malvertising campaign on Google AdWords targeting MacOS users.MalvertisingSingle IndividualsCC>1
301/11/2016UCC (United Cyber Caliphate)Raqqa Telegram ChannelHackers claiming to be associated with the Islamic State (ISIS) claim to have shut down the Telegram channel belonging to a Syrian activist group reporting out of Raqqa.UnknownOrg: ActivismCWSY
401/11/2016?City of DuluthMore than 55,000 Duluth residents receive letters informing them that voter registration lists and other personal information may have been exposed as a result of an email phishing attack at city hall.Account HijackingGovernmentCCUS
502/11/2016APT28 (Fancy Bear)Unnamed set of Microsoft CustomersMicrosoft reveals that the hacker group APT28 is actively leveraging two zero-day vulnerabilities, recently exposed by Google, in Adobe Flash and down-level Windows kernel to "target a specific set of customers".Targeted Attack>1CE>1
602/11/2016?New Zealand Nurses OrganizationNew Zealand Nurses Organization notifies 47,000 members of a breach after a spear phishing campaign.Account HijackingOrg: Trade Union and ProfessionalCCNZ
702/11/2016?WikileaksWikiLeaks, the whistleblowing platform managed by Julian Assange, suffers a "targeted" DDoS attack, less than 24 hours after releasing over 8,000 fresh emails from the Democratic National Committee (DNC).DDoSOrg: Non-ProfitCCINT
802/11/2016?City of El PasoThe City of El Paso is "robbed" of about $3 million intended for the streetcar project, when a person or group pretending to be a vendor scammed the city by using a phishing attack.Account HijackingGovernmentCCUS
902/11/2016OurMineBusiness InsiderThe collective called OurMine post and edited some stories on the US version of the website.Account HijackingOnline NewspaperCCUS
1002/11/2016Jonathan PowellSeveral higher education institutionsAn Arizona man is arrested on charges that he hacked into over 1,000 email accounts for students and others at two universities, including Pace University in New York, and tried to do the same at 75 other higher-education institutions.Brute ForceEducationCCUS
1102/11/2016?National Health Service’s Lincolnshire and GooleCiting a computer virus outbreak, a hospital system in the United Kingdom cancels all planned operations and diverts major trauma cases to neighboring facilities.MalwareHealthcareCCUK
1204/11/2016?Sentinel HotelSentinel Hotel announces to have taken action to investigate and address an incident affecting payment card data at the hotel’s front desk.PoS MalwareIndustry: Hotel and HospitalityCCUS
1305/11/2016?Sam's ClubWholesale retail giant Sam's Club has reset passwords for thousands of customers (14,600 email addresses and plain-text passwords) after their account details were posted online.UnknownIndustry: RetailCCUS
1406/11/2016Kapustkiy & Kasimierz LIndian Embassies in South Africa, Libya, Italy, Switzerland, Malawi, Mali, RomaniaSeven domains of Indian Embassy in Europe and Africa has been hacked and published by Kapustkiy & Kasimierz L on Pastebin (South Africa, Libya, Italy, Switzerland, Malawi, Mali, Romania).SQLiGovernmentCCIN
1506/11/2016?East Baton Rouge Parish School SystemThe top business manager for the East Baton Rouge Parish school system falls victim of a phishing email fraud, wiring $46,500 to someone who claimed via email to be Superintendent Warren Drake, even though the man himself was working in an office next door.Account HijackingEducationCCUS
1607/11/2016?Tesco BankTesco Bank is the victim of "a systematic, sophisticated attack" targeting 9,000 customers who have money stolen from their account. The total cost of the attack is GBP 2.5 M (USD 3M)MalwareIndustry: RetailCCUK
1707/11/2016?Two properties in the city of LappeenrantaA Distributed Denial of Service (DDoS) attack halted heating distribution at least in two properties in the city of Lappeenranta, located in eastern Finland. In both of the events the attacks disabled the computers that were controlling heating in the buildings.DDoSIndustry: Property ManagementCCFI
1807/11/2016?Campaign websites of US presidential candidates Hillary Clinton and Donald TrumpAccording to security firm Flashpoint, hackers tried to cripple the campaign websites of US presidential candidates Hillary Clinton and Donald Trump, employing the Mirai botnet.DDoSOrg: PoliticsCCUS
1907/11/2016AnonymousScotland Yard's website (content.met.police.uk)The Anonymous claim to have shut down part of Scotland Yard’s website (content.met.police.uk) for eight hours in revenge for dozens of arrests during the annual Million Mask March on parliament in London.DDoSLaw EnforcementHUK
2008/11/2016vimproductsSeveral major Russian banks including: the Moscow Exchange, the Bank of Moscow, Rosbank, and Alfa-Bank.A hacker called vimproducts claims to have taken down several Russian banks including the Moscow Exchange, the Bank of Moscow, Rosbank, and Alfa-Bank.DDoSFinanceCCRU
2108/11/2016?YouTube account of Theo OgdenIn a cyber-attack coordinated by an alleged jealous teenager, the YouTube account of Theo Ogden (a popular video channel with 200 videos, 20,000 subscribers and 1.6 million views), is deleted permanently.Account HijackingSingle IndividualCCUK
2209/11/2016?National Crime AgencyThe UK's National Crime Agency public web site is briefly taken down by a DDoS attack.DDoSLaw EnforcementCCUK
2309/11/2016CyberZeistAlaskan Elections Results website (elections.alaska.gov)CyberZeist claims to have breached the Alaskan Elections Results website (elections.alaska.gov) and dumps a screenshot, the server IPs and the username/password combination.UnknownGovernmentCCUS
2410/11/2016APT28 (Fancy Bear)Various governments and embassies around the worldTrend Micro reveals that the hacker group APT28 is currently maximizing the usage of the 0-days vulnerabilities discovered in Adobe and Windows to target various governments and embassies around the world.Targeted AttackGovernmentCE>1
2510/11/2016?Casino Rama ResortCasino Rama Resort issues a warning to its customers and employees after a hacker claimed to have stolen over a decades' (from 2004 to 2016) worth of sensitive information from its computer networks – including payroll data and social insurance numbers.UnknownIndustry: Hotel and HospitalityCCCA
2611/11/2016Cozy Bear (APT29)U.S.-based think tanks and non-governmental organizations (NGOs)Few hours after Donald Trump is declared victorious in the wake of the US elections, Kremlin-linked hacker group Cozy Bear (APT29), reportedly launches a wave of attacks on US-based targets. The attacks focus on U.S.-based think tanks and non-governmental organizations (NGOs)Targeted AttackOrg: NGOCEUS
2711/11/2016?A&M LLCA&M LLC announces that a recent data security incident may have compromised the security of payment information of some customers who used debit or credit cards at Annie Sez, Afaze, Mandee, Sirens and Urban Planet locations between November 24, 2015 and August 23, 2016.PoS MalwareIndustry: RetailCCUS
2812/11/2016CyberZeistWindham County Sheriff’s OfficeCyberZeist announces that the Windham County Sheriff’s Office has been hacked, and dumps the entire database with 300 records of personnel.SQLiLaw EnforcementCCUS
2912/11/2016ElSurveillance24luv.com freedateusa.comThe hacktivist known as ElSurveillance is back with its operation #EscortsOffline and two more data dumps from two dating sites: 24luv.com (92,937 users’ email addresses and plain-text passwords) and freedateusa.com (127,395 email addresses and plain-text passwords).Account HijackingDatingHCA
3012/11/2016CyberZeistWashington State Government Website (wa.gov)CyberZeist announces a breach on the Washington state government website. The dump contains 59 administrator accounts with user email addresses, encrypted passwords and salts.SQLiGovernmentCCUS
3113/11/2016?AdultFriendFinder NetworksHere we are again: adult dating and entertainment company FriendFinder Networks has reportedly been hacked in a massive data breach exposing more than 412 million accounts and user credentials collected over two decades. The breach is believed to have occurred in October with email addresses and passwords from six adult-oriented FriendFinder Networks websites (including cams.com and penthouse.com) dumped online.Local File Inclusion VulnerabilityIndustry: EntertainmentCCUS
3214/11/2016Anthony ClarkFIFA Ultimate TeamAnthony Clark is charged by the Northern Texas District Court with a count of Conspiracy to Commit Wire Fraud for his role in a scheme to automatically generate and then resell the digital coins used to purchase perks in FIFA Ultimate Team on the PlayStation and Xbox console lines.Digital Coin MiningIndustry: Video GamesCCUS
3314/11/2016CarabanakThree Unnamed Firms in the Hospitality SectorTrustwave researchers spot the Carbanak cybergang using a new socially engineered trick to spread point-of-sale (POS) malware to businesses in the hospitality industry.Targeted AttackIndustry: Hotel and HospitalityCCN/A
3415/11/2016N.T.R.civilsupplieskerala.gov (Kerala government’s civil supplies department)Confidential personal records of over 34 million residents in the Indian state of Kerala are compromised, after an Indian man living in Tokyo posts them on Facebook after the Indian government failed to address security flaws in websiteUnknownGovernmentCCIN

Leave a Reply

%d bloggers like this: