16-30 November 2017 Cyber Attacks Timeline

Of course we cannot introduce the second timeline of November (first timeline here) without mentioning the cyber attack that hit Uber Technologies in 2016, leading to the compromising of 57 million records. This is without any doubt the main event of this fortnight, and the scar left by the consequences (of both the attack and the way the company tried to handle it) will be remembered for long.

Unfortunately Uber is in good company since the list of the primary victims in November also includes Imgur, even if in this case the number of accounts possibly compromised is “only” 1.7 million.

Another interesting trend, quite common lately, is the spree of attacks targeting virtual currencies, and the second half of November made no exception. The list of this fortnight includes: Tether ($30 million worth of tokens gone), Bitcoin Gold ($3.3 million), CoinPouch ($655,000) and also an Austrian individual who saw his wallet depleted of the equivalent of $117,000). And why do not taking into consideration the massive cryptojacking campaign carried on injecting Coinhive into one of the JavaScript files used by LiveHelpNow, a live chat and support widget.

As usual, there are many more remarkable events (like the campaign carried on by the Lazarus Group using a malicious app in disguise of a Bible reader), so feel free to scroll down the whole list for all the events happened in this fortnight. And if you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014, 2015 and 2016 (regularly updated). You may also want to have a look at the Cyber Attack Statistics that are regularly published, and follow @paulsparrows on Twitter for the latest updates.

Additionally, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts). If useful, you can access the timeline in Google Sheet format.

Additionally, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts). If useful, you can access the timeline in Google Sheet format.

IDDateAuthorTargetDescriptionAttackTarget
Class
Attack
Class
Country
113/11/2017?Vulnerable Wordpress websitesResearchers from Sucuri observe a new wave of wp-vcd malware attacks targeting WordPress sites leveraging flaws in outdated plugins and themes.Malicious code InjectionSingle IndividualsCC>1
215/11/2017?UPMC SusquehannaUPMC Susquehanna notifies 1,200 patients treated at various locations that their personal information, including names, dates of birth, contact information and Social Security numbers, may have been inappropriately accessed.Account HijackingHealthcareCCUS
316/11/2017?Cash ConvertersCash Converters warns customers about a data breach on its website. The company says customer usernames, passwords and addresses have potentially been accessed by a third party. The breach happened on the company's old UK website, which was replaced in September 2017.UnknownIndustry: Retail PawnbrokerCCUK
416/11/2017?Bank CustomersResearchers from Bitdefender unveil the details of Terdot, a Banker Trojan that derives inspiration from the 2011 Zeus source code leak.MalwareFinanceCC>1
517/11/2017?Algérie TelecomThe Algerian state telecom operator Algérie Telecom is hit by a prolonged DDoS attack.DDoSIndustry: TelcoCCDZ
617/11/2017?Medical College of WisconsinThe Medical College of Wisconsin reveals that the confidential medical information or other personal data of 9,500 patients was compromised by a targeted attack on the school’s email system in July.Targeted AttackEducationCCUS
717/11/2017?Montgomery CountyThe Montgomery County Emergency Management Agency reported that much of the county's computer system went down last week due to what it is calling a malware incident.MalwareGovernmentCCUS
818/11/2017?Melbourne International Shooting ClubPolice investigate the hacking of Melbourne International Shooting Club, a gun club database that may have exposed where more than 1500 semi-automatic handguns are stored. The breach happened in September.UnknownIndustry: EntertainmentCCAU
918/11/2017?Xinmin Secondary SchoolXinmin Secondary School discovers to have been breached when names and identity card numbers of its students have been leaked on pastebin.UnknownEducationCCSG
1018/11/2017DaeshgramISISA group of Iraqi hackers called Daeshgram places pornographic images into the terror group's communication networks in order to mine ISIS credibility.UnknownOrg: TerrorismHN/A
1119/11/2017?Sacramento Regional Transit systemThe Sacramento Regional Transit system is hit by destructive ransomware, and the attackers threaten to do more damages if the SacRT doesn’t pay them the equivalent of $8,000 in bitcoins.MalwareTransportationCCUS
1219/11/2017?Single IndividualsCrooks finds an ingenious way to spread a new variant of the OSX.Proton malware via a fake Symantec blog.MalwareSingle IndividualsCCN/A
1320/11/2017MuddyWaterSaudi Arabian GovernmentSaudi Arabian security officials confirm that the country has been targeted by the MuddyWater campaign uncovered by Palo Alto Networks few days before.Targeted AttackGovernmentCESA
1420/11/2017The Lazarus GroupSouth KoreaResearchers from McAfee discover a new campaign by the infamous Lazarus Group, carried on via a malicious Android App in disguise of a Bible reader in Korean.Targeted AttackGovernmentCEKR
1520/11/2017?TetherTether, a start-up known for offering dollar-backed cryptocurrency, announces that hackers have breached their security and stole a whopping $30 million worth of tokens. The breach took place on 19th November 2017.UnknownCryptocurrency ExchangeCCHK
1621/11/2017?Uber TechnologiesBloomberg reveals that hackers stole the personal data of 57 million customers and drivers from Uber, a massive breach that the company concealed for more than a year, after paying $100,000 to the attackers. Compromised data from the October 2016 attack includes names, email addresses and phone numbers of 50 million Uber riders around the world. The personal information of about 7 million drivers was accessed as well, including some 600,000 U.S. driver’s license numbers.Account HijackingIndustry: TransportationCCUS
1721/11/2017Russian CriminalsUK CitizensThe Times reveals the details of ongoing campaign carried on by Russian cybercriminals. The criminals steal reward points from UK Citizens and enjoy five-star holidays at knockdown pricesAccount HijackingSingle IndividualsCCUK
1822/11/2017?Bitcoin GoldMore than $3.3 million worth of Cryptocurrency is stolen as part of an elaborate scam that took advantage of bitcoin users seeking to claim their share of the newly created cryptocurrency Bitcoin Gold.Account HijackingCryptocurrency ExchangeCCPA
1922/11/2017?Loake ShoesLoake Shoes warns its customers to have been the victim of a cyber attack. Apparently the email server has been compromised even if no other details are disclosed.UnknownIndustry: RetailCCUK
2022/11/2017?CoinPouchHackers allegedly steal over $655,000 worth of Verge cryptocurrency from the CoinPouch wallet.UnknownCryptocurrency ExchangeCCUS
2122/11/2017?SIngle Individual's Bitcoin walletAustrian police say cyber-thieves transferred bitcoin worth more than €100,000 ($117,000) from a man's account while he was logged in on a restaurant's public WiFi network.Fake Wi-Fi NetworkSingle IndividualsCCAT
2222/11/2017?YMCA of Central FloridaThe YMCA of Central Florida (YMCA) announces it is notifying individuals related to an isolated security incident involving certain personal information.Account HijackingOrg: ReligionCCUS
2323/11/2017?ImgurImgur is notified of a potential security breach that occurred in 2014 and affected the email addresses and passwords of 1.7 million user accounts.UnknownIndustry: Internet ServicesCCUS
2423/11/2017?Single IndividualsThe Necurs botnet starts a massive spam campaign sending 12.5 million emails in 6 hours distributing the Scarab ransomware.MalwareSingle IndividualsCC>1
2523/11/2017?Single IndividualsSecurity researcher Troy Mursch discovers a massive cryptojacking campaign carried on injecting Coinhive into one of the JavaScript files used by LiveHelpNow, a live chat and support widget.Malicious JS injectionSingle IndividualsCCUS
2627/11/2017?Android usersResearchers from Google unveil the detail of Tizi, and Android spyware with extensive data-stealing capabilities. Although immediately removed from Play Store, the malware is believed to have infected 1,300 devices.MalwareSingle IndividualsCC>1
2727/11/2017?Russian speakersResearchers from Fortinet reveal the details of a campaign against Russian speakers, exploiting CVE-2017-11882, a 17-year old vulnerability in Microsoft Office recently patched.MalwareSingle IndividualsCCRU
2827/11/2017?Bulletproof CoffeeBulletproof Coffee, the company behind the trendy energy-boosting, butter-infused java, says it has suffered a data breach, compromising the personal and financial details of its customers. The company discovered "unauthorised computer code" added to the software that operates the checkout page on its website.MalwareIndustry: Dietary SupplementsCCUS
2928/11/2017?Australian Bank customersResearchers from IBM X-Force reveal the details of a new version of the Ursnif banking Trojan with code modifications and new attack techniques that attempt to make it even more effective.MalwareFinanceCCAU
3028/11/2017?FTSE 100 CompaniesAnomali finds thousands logins belonging to FTSE 100 companies in the dark web.Unknown>1CC>1
3128/11/2017?Individuals or organizations linked to South Korea or the video game industry.Researchers from Palo Alto Networks Unit 42 reveal the details of a new remote access Trojan dubbed UBoatRAT, distributed via Google Drive, and targeting individuals or organizations linked to South Korea or the video game industry.Targeted AttackIndustry: Video GamesCEKR
3229/11/2917?Clarkson PlcBritish shipping services provider Clarkson Plc reveals to have been the victim of a cyber security hack and warns that the person or persons behind the attack may release some data shortly.Account HijackingIndustry: ShippingCCUK
3330/11/2917?Several East Texas school districtsSeveral East Texas school districts are affected by Ransomware, according to a notice from the Texas Department of Agriculture. Affected school districts include New Diana, Ore City, Gilmer, Gladewater, Harleton, Harrison County Juvenile Services, Karnack, Union Grove and Union Hill.MalwareEducationCCUS

Leave a Reply

%d bloggers like this: