16-31 March 2017 Cyber Attacks Timeline

Here’s the second part of the March timeline (first part here), covering the main cyber attacks occurred between 16 and 31 March 2017.

Let’s start from the mega breaches: unfortunately, but we should be used to it, the damage report of this fortnight has confirmed the trend we have been experiencing in the last months. The list includes: some cryptocurrency forums (approximately 12 million accounts compromised), the Illinois Department of Employment Security (1.4 million records compromised), and online forum called Dueling Network (6.5 million email addresses and hashed passwords).

Despite the impact is considerably smaller, the list of the victims also includes McDonald’s Canada, whose career website has been hacked, compromising the personal data of around 95,000 restaurant job applicants.

The list of Cyber Espionage includes: El Machete, a massive cyber espionage campaign targeting high-profile international government organizations across the globe, a campaign targeting GitHub users, and a new attack against the German Parliament.

If you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014, 2015 and 2016 (regularly updated). You may also want to have a look at the Cyber Attack Statistics that are regularly published, and follow @paulsparrows on Twitter for the latest updates.

Additionally, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts), and if useful, you can access the timeline in Google Sheet format.

IDDateAuthorTargetDescriptionAttackTarget
Class
Attack
Class
Country
116/03/2017?Defense Point Security, LLCThe CEO of Defense Point Security, LLC tells all employees that their W-2 tax data was handed directly to fraudsters after someone inside the company got caught in a phisher’s net.Account HijackingIndustry: Security ServicesCCUS
216/03/2017?Datapoint POSDatapoint POS appears to have been hacked.PoS MalwareIndustry: Financial ServicesCCUS
316/03/2017?The Independent Electoral and Boundaries Commission (IEBC)The Independent Electoral and Boundaries Commission (IEBC) admits hackers attempted to breach its systems to steal crucial information ahead of the 2017 election.UnknownGovernmentCCKE
417/03/2017?Lane Community CollegeA virus-infected computer at the Lane Community College health clinic may have relayed patient information such as names, addresses, Social Security numbers and more, to an unknown third party for more than a yearMalwareEducationCCUS
517/03/2017?Arkansas Department WorkforceInvestigators try to determine whether personal information -- including Social Security numbers -- for an estimated 19,000 Arkansas job seekers was stolen after a virus was detected in a statewide database, a government spokesman said.MalwareGovernmentCCUS
619/03/2017?Several Celebrities including Emma Watson, Rose McGowan, Amanda Seyfried and Jillian MurrayFappening 2.0 is here: nude pictures of several celebrities are leaked online, including Emma Watson, Rose McGowan, Amanda Seyfried and Jillian Murray.UnknownSingle IndividualsCC>1
720/03/2017?Alfa BankAlfa Bank announces to have been targeted by a large-scale DNS Botnet attack.DDoSFinanceCCRU
821/03/2017?Multipe targetsA study by security firm Dragos reveals that malware posing as legitimate software for Siemens ICS devices has apparently infected 10 industrial equipment worldwide over the past four years.Malware>1CE>1
921/03/2017?Chinese Mobile UsersResearchers from Check Point reveal a new mechanism to spread the "Swearing Trojan", using fake base transceiver stations (BTSs) that send phishing SMS messages masquerading as ones coming from Chinese telecom service providers China Mobile and China Unicom.MalwareSingle IndividualsCCCN
1021/03/2017?Joblink AllianceJoblink Alliance, a provider of the nationwide web-based database Joblink, which is used by the State of Vermont, notifies the State that the job seeker functionality of its website has been compromised by a malicious software.MalwareIndustry: Job SeekingCCUS
1122/03/2017El MacheteMultiple International Government OrganizationsResearchers from Cylance reveal the details of "El Machete" a massive cyber espionage campaign targeting high-profile international government organisations across the globe. Primary targets are in Latin America, but the campaign has also targeted organisations in Canada, England, Germany, Korea, Russia, the Ukraine and the United States.Targeted AttackGovernmentCE>1
1222/03/2017?UK viewers or popular porn sitesMalwarebytes warns about an increase in malware attacks currently targeting UK viewers of popular pornography websites. The campaign abuses a legitimate ad network called ExoClick distributing the Ramnit malware.MalvertisingSingle IndividualsCCUK
1323/03/2017@The6Clerk and @PlzNoHackOfficial Twitter Accounts of ABC News (@ABC) and Good Morning America (@GMA)The official Twitter accounts of mainstream US news outlet ABC News and its daily show Good Morning America, are taken over by hackers. The profiles, each with millions of followers, displayed a series of explicit messages left by the culprits.Account HijackingNewsCCUS
1423/03/2017?Saudi Arabia Governmental OrganizationsMalwarebytes reveal the details of a new spear phishing campaign targeting Saudi Arabia governmental organizations.Targeted AttackGovernmentCESA
1523/03/2017?Payment Processors on websitesA new bot targeting card payment processes on websites is spotted in the wild. Called GiftGhostBot, the bot tries to defraud consumers of the money loaded on gift cards from a wide range of retailers around the globe, with attacks being noticed on almost 1,000 customer websites.MalwareSingle IndividualsCC>1
1623/03/2017?Idaho Department of LaborA hacking incident that occurred on March 12 and March 13 compromised more than 170,000 job-seeker accounts of the Idaho Department of Labor.UnknownGovernmentCCUS
1723/03/2017?FIRST Forum (forums.usfirst.org) and FIRST Tech Challenge Forum (ftcforum.usfirst.org)FIRST Forum (forums.usfirst.org) and FIRST Tech Challenge Forum (ftcforum.usfirst.org) notify a data breach.UnknownOnline ForumCCUS
1824/03/2017?Illinois Department of Employment Security (Ides)The Illinois Department of Employment Security (Ides) revealed on Friday (24 March) that one of its vendors was hacked, potentially compromising personal information of approximately 1.4 million job seekers in the state.UnknownGovernmentCCUS
1924/03/2017?Android ForumsAndroid Forums announces that its servers were accessed by a third-party resulting in a data breach affecting the 2.5% of the active users.UnknownOnline ForumCCUS
2024/03/2017?Washington University School of MedicineWashington University School of Medicine notifies to have been targeted by a Phishing Attack.Account HijackingEducationCCUS
2125/03/2017Cfnt25 Vulnerable ForumsA hacker going by the handle of “Cfnt” compromises 25 web forums using an outdated version of vBulletin and put the data on sell on a popular Dark Web marketplace.UnknownOnline ForumCC>1
2226/03/2017?12 million accounts from at least 11 separate cryptocurrency forumRoughly 12 million accounts pilfered from at least 11 separate cryptocurrency forums over the past six years are being sold on the Dark Web, with a vendor under the pseudonym 'doubleflag' marketing the trove of stolen credentials as a "package" deal.UnknownOnline ForumCC>1
2327/03/2017?World of Warcraft usersMalwarebytes reveals the details of a phishing campaign attempting to bait World of Warcraft users with the promise of free in-game petsAccount HijackingSingle IndividualsCC>1
2428/03/2017?GitHub UsersResearchers from Palo Alto Networks reveal the details of a new campaign targeting developers sharing code on GitHub with a malicious with a stealth malware called Dimnie.Targeted AttackSingle IndividualsCE>1
2528/03/2017?Tweede Kamer (Lower House of Dutch Parliament)Ransomware is found on the computer systems of the Tweede Kamer, the lower house of Dutch parliament,MalwareGovernmentCCNL
2628/03/2017?Forsyth Public SchoolsForsyth Public Schools are hit with computer malware causing problems for teachers, students, parents and district administrators.MalwareEducationCCUS
2729/03/2017?German ParliamentBerlin's cyber security watchdog reveals that the German parliament was the target of fresh cyber attacks in January that attempted to piggy-back on an Israeli newspaper site to target politicians in Germany.Targeted AttackGovernmentCEDE
2829/03/2017?Dueling NetworkA hacker makes off with at least 6.5 million email addresses and poorly hashed passwords from a Yu-Gi-Oh fan project called “Dueling Network.”SQLiOnline ForumCCUS
2929/03/2017?Undisclosed US CollegeResearch from Incapsula discover a new Mirai variant used to launch a 54-hour DDoS attack against a US college.DDoSEducationCCUS
3030/03/2017?Skype usersSeveral users complain that ads served through Microsoft's Skype app are serving malicious downloads, which if opened, can trigger ransomware.MalvertisingSingle IndividualsCC>1
3130/03/2017?Amaq MediaAmaq media, the news outlet associated with ISIS, claims its website was hacked by perpetrators who were spreading malware on the site.MalwareNewsCEN/A
3230/03/2017?ShowTix4UShowTix4U notifies that an unauthorized actor was able to gain access to a third-party vendor’s server and install malicious software on their website.MalwareIndustry: Online Ticket SalesCCUS
3331/03/2017?McDonald's CanadaMcDonald's Canada says that its career website has been hacked, compromising the personal data of around 95,000 restaurant job applicants. The accessed information includes names, addresses, email addresses, phone numbers, employment background and other standard job application information of people who applied online for a job at McDonald's Canada restaurants between March 2014 and March 2017.UnknownIndustry: RestaurantCCCA
3431/03/2017?Major US UniversitiesResearchers find nearly 14M email addresses and passwords belonging to faculty, staff, students and alumni of major universities across the country on the dark web.UnknownEducationCCUS

 

Leave a Reply

%d bloggers like this: