1-15 December 2017 Cyber Attacks Timeline

The year is nearly gone, so It’s time to publish the second to last timeline for this troubled 2017 covering the main cyber attacks occurred between December 1st and 15th.

Unsurprisingly, this fortnight the list is quite long and includes some remarkable events like the one that hit TIO Networks, a payment processor owned by PayPal, which had potentially 1.6 million records compromised.

But also the new gold rush for cryptocurrencies left its mark: NiceHash has been forced to suspend the operations after cyber criminals made off with $68 million worth of Bitcoins (at least this is the value of the bounty when the hack occurred, given the volatility of crypto currencies), and obviously this was not the only event targeting, directly or indirectly, cryptocurrency assets in this timeline.

Nothing in comparison with the database containing the data of 19 million California voters left exposed and eventually deleted (and held for ransom) by cyber criminals.

The list also includes multiple massive campaigns (like MoneyTaker targeting multiple U.S. and Russian banks), and also a couple of operations carried on by the Anonymous collective against Brazil and Israel).

So, feel free to scroll down the whole list for all the events happened in this fortnight. And if you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014, 2015 and 2016 (regularly updated). You may also want to have a look at the Cyber Attack Statistics that are regularly published, and follow @paulsparrows on Twitter for the latest updates.

Additionally, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts). If useful, you can access the timeline in Google Sheet format.

Additionally, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts). If useful, you can access the timeline in Google Sheet format.

IDDateAuthorTargetDescriptionAttackTarget
Class
Attack
Class
Country
101/12/2017?TIO NetworksPayPal Holdings suspends the operations of TIO Networks, a publicly traded payment processor PayPal acquired in July 2017, after a review of TIO’s network has identified a potential compromise of personally identifiable information for approximately 1.6 million customers.UnknownIndustry: Payment ProcessorCCUS
201/12/2017?Tenafly High SchoolTenafly High School informs parents that a student has gained access to its internal IT systems, changed grades to improve his GPA, and sent out college applications immediately after.UnknownEducationCCUS
302/12/2017Charming KittensAcademic researchers, human rights activists, media outlets and political advisors focusing on IranResearchers from ClearSky publish a report that reveals a new campaign carried on by the alleged Iran-linked APT Charming Kittens targeting academic researchers, human rights activists, media outlets and political advisors focusing on Iran via fake social network profiles or also a fake news site.Targeted AttackSingle IndividualsCEIL
402/12/2017AnonymousBrazilThe Anonymous leak some topology data belonging to Brazilian public sector.UnknownGovernmentHBR
504/12/2017?Mecklenburg CountyMecklenburg County, which includes the city of Charlotte and surrounding areas, is hit with ransomware and struggles to get its systems back online ever since. In the meantime, county officials are forced to revert to paper systems.MalwareGovernmentCCUS
604/12/2017?Home and Small-office RoutersResearchers unveil the details of a new variant of the Mirai botnet called Satori. The botnet exploits a recently discovered 0-day vulnerability to infect two widely used lines of home and small-office routers even when they're secured.0-day vulnerabilitySingle IndividualsCC>1
704/12/2017?WWE wrestler Maria KanellisA new batch of explicit photos of WWE wrestler Maria Kanellis is leaked.Account HijackingSingle IndividualCCUS
804/12/2017?Mad River Township Fire and EMS stationMad River Township Fire and EMS station has all its data encrypted by ransomware.MalwareFire StationCCUS
905/12/2017DfrankNetshoesData of 500,000 customers of Brazilian retailer Netshoes is dumped on pastebin.UnknownIndustry: RetailCCBR
1005/12/2017?Baptist Health LouisvilleBaptist Health Louisville notifies 880 patients of a phishing incident occurred early October.Account HijackingHealthcareCCUS
1105/12/2017?Warwick RowersThe website of a naked charity calendar featuring male rowers at Warwick University is taken down by a DDoS attack after having allegedly offended Russia’s “gay propaganda” laws.DDoSOrg: CharityHUK
1205/12/2017?Colorado Center for Reproductive Medicine MinneapolisColorado Center for Reproductive Medicine Minneapolis warns customers that, in the wake of a ransomware attack occurred in October 2017, unauthorized third-party may have breached the clinic’s computer security and viewed or accessed patient information that was on the server.MalwareHealthcareCCUS
1306/12/2017?NiceHashBitcoin mining platform and exchange NiceHash is hacked and forced to suspend the operations for 24 hours after cyber criminals make off with $68 million worth in BTC.UnknownCryptocurrency ExchangeCCUS
1406/12/2017?Royal National Institute for the Blind (RNIB)Police launch an investigation after 817 people report fraud attempts following a breach of the Royal National Institute for the Blind (RNIB) web store occurred on November 16th.UnknownOrg: CharityCCUK
1506/12/2017?5,500 WordPress sitesSucuri unveils the details of a new attack affecting 5,500 WordPress sites, infected with a malicious script that logs keystrokes and sometimes loads an in-browser cryptocurrency miner.Malicious ScriptSingle IndividualsCC>1
1606/12/2017?Henry Ford Health SystemRoughly 18,500 patients at Henry Ford Health System have possibly had their personal information stolen in a data breach occurred in early October after the email credentials of a group of employees were stolen.Account HijackingHealthcareCCUS
1707/12/2017?Sinai Health SystemAt least two employees at Sinai Health System had their email accounts compromised in a phishing incident, potentially affecting the information of 11,350 people.Account HijackingHealthcareCCUS
1807/12/2017?Bitcoin InvestorsResearchers at Fortinet spot a new phishing campaign targeting bitcoin investors serving an Orcus RAT malware in disguise of a trading app.Targeted AttackSingle IndividualsCC>1
1907/12/2017?Village of NashotahThe Village of Nashotah pays an unidentified hacker a $2,000 ransom to decrypt its computer system after a hack in late November.MalwareGovernmentCCUS
2007/12/2017?Clarion UniversityClarion University employees are notified after two employees fall victim of a phishing attack.Account HijackingEducationCCUS
2107/12/2017APT34Government organization in the Middle EastFireEye reveals the details of a new campaign carried on by the suspected Iranian threat group APT34 exploiting the recently patched CVE-2017-11882 exploit.Targeted AttackGovernmentCEN/A
2208/12/2017?Single IndividualsWhile scanning the deep and dark web for stolen, leaked or lost data, security company 4iQ discovers a single file with a database of 1.4 billion clear text credentials, the largest aggregate database found in the dark web to date.UnknownSingle IndividualCC>1
2308/12/2017AnonymousIsraelIn name of #OpIsrael and #OpUSA, hacktivists from the Anonymous Collective leak online names, emails, and passwords of Israeli public employees and share a list of US government sites to target, calling on action against them.UnknownGovernmentHIL US
2408/12/2017?Single IndividualsResearchers from ESET reveal that the cybergang behind the now defunct FinFisher man–in-the-middle attacks has switched over to using a new spyware dubbed StrongPity2 distributed via watering hole attacks.MalwareSingle IndividualsCE>1
2508/12/2017?Road Sign near North Central Expressway in DallasA traffic sign near North Central Expressway in Dallas is hacked and defaced with an obscene message against the President of United States Donald Trump and his voters.UnknownRoad SignCCUS
2610/12/2017Le Duc Hoang HaiPerth AirportA Vietnamese man, Le Duc Hoang Hai, is arrested for stealing sensitive security details and building plans from Perth Airport after breaking into its computer systems. The hack happened in March last year, and was carried on using the credentials of a third-party contractor,Account HijackingAirportCCAU
2710/12/2017?Jeffree StarJeffree Star is the victim of a data hack, after a member of staff at cosmetics store Sephora allegedly hacks into her account and leaks sensitive information about his spending habits.Account HijackingSingle IndividualCCUS
2811/12/2017MoneyTakerU.S and Russian BanksSecurity firm Group-IB reveals the details of a previously unknown ring of Russian-speaking hackers, allegedly able to have stolen as much as $10 million from U.S. and Russian banks in the last 18 months. The gang of criminals is dubbed MoneyTaker.MalwareFinanceCCRU US
2911/12/2017?Polish BanksResearchers from ESET discover a malicious banking app hidden in the Google Play store in disguise of a Crypto Monitor.MalwareFinanceCCPL
3011/12/2017?Jerome School DistrictJerome School District falls victim to ransomware.MalwareEducationCCUS
3111/12/2017?National Capital Poison CenterNational Capital Poison Center reports a ransomware incident.MalwareOrg: Non-ProfitCCUS
3211/12/2017?Rose McGowanAnother round of "The Fappening". Hackers leak alleged nude pics and sex tape of “Charmed” star Rose McGowan.UnknownSingle IndividualCCUS
3312/12/2017?BitfinexBitfinex is forced to shut down its ongoing operations after suffering a series of non-stop DDoS attacks.DDoSCryptocurrency ExchangeCCVG
3412/12/2017?Midland Memorial HospitalMidland Memorial Hospital announces a data security incident involving a limited number of patients’ personal information after an unauthorized third party may have obtained access to an employee’s e-mail account on or about Oct. 10.Account HijackingHealthcareCCUS
3513/12/2017?Google, Facebook, Apple, and Microsoft usersAccording to internet monitoring service BGPMon, traffic sent to and from Google, Facebook, Apple, and Microsoft is briefly routed through a previously unknown Russian Internet provider. The hijack lasts a total of six minutes and affects 80 separate address blocks.BGP HijackingSingle IndividualsCC>1
3613/12/2017?Osaka UniversityOsaka University says that personal data of around 80,000 students, graduates, staff, former workers and others may have been stolen by hackers.Account HijackingEducationCCJP
3713/12/2017?Anderson Cooper's Twitter account (@andersoncooper)CNN says Anderson Cooper's Twitter account was hacked after a since-removed tweet from his handle called the president a "tool" and a "pathetic loser" following Democrat Doug Jones win in Alabama's Senate election.Account HijackingSingle IndividualCCUS
3813/12/2017?Android UsersGoogle removes more than 80 malicious Android apps from Google's official Play Store, which were designed to hijack credentials for VK, Russia's Facebook-like social network.MalwareSingle IndividualsCCRU
3914/12/2017?Undisclosed Oil Plant in Saudi ArabiaSecurity firm FireEye and Schneider Electric SE reveal the details of a new operation. targeting Triconex industrial safety technology widely used inside nuclear, oil and gas plants. The first victim is allegedly located in Saudi Arabia. The malware is dubbed Triton.Targeted AttackIndustry: Oil and GasCWSA
4014/12/2017?John KahlbetzerJohn Kahlbetzer, one of Australia’s richest men suffers a $1m loss after his assistant is taken in by a classic Business Email Compromise (BEC) scam.Account HijackingSingle IndividualCCAU
4114/12/2017?Fox-ITDutch security firm Fox-IT reveals to have fallen victim of a DNS Hijacking attack on September 19th 2017. The attacker modifies a DNS record for one particular server to point to a server in their possession and to intercept and forward the traffic to the original server that belongs to Fox-IT.DNS HijackingIndustry: Information SecurityCENL
4214/12/2017?Unnamed Brazilian BankResearchers from Trend Micro unveil the details of Prilex, a new ATM malware used for targeted attacks against a Brazilian bank.Targeted AttackFinanceCCBR
4314/12/2017?Proctor School DistrictThe Proctor school district is hit by ransomware.MalwareEducationCCUS
4415/12/2017The Lazarus GroupBitcoin Insiders in LondonSecureworks reveals a new spearphishing campaign circulating across bitcoin industry insiders in London, carried on via a fake job opening, and aimed to steal their online credentials. The fingers are pointed to the North Korean hackers of the Lazarus GroupTargeted AttackFinanceCEUK
4515/12/2017?TransneftTransneft reveals that its computers have been used for the unauthorized manufacture, or “mining”, of the cryptocurrency Monero.MalwareIndustry: Oil and GasCCRU
4615/12/2017?California votersResearchers at Kromtech discover an unprotected instance of MongoDB database that appear to have contained 19 million California voters data. The database has been deleted by Cyber Criminals and held for ransom with the attackers demanding 0.2 BTC ($ 3,000 at the time of writing).Unsecure MongoDB databaseGovernmentCCUS
4715/12/2017?Stanislaus County's Mental Health Department500 computers from Stanislaus County's Mental Health Department are quarantined after ransomware is detected in the network.MalwareGovernmentCCUS
4815/12/2017?39 East Texas School DistrictsStudents from 39 East Texas School Districts have their information compromised by an October hack.UnknownEducationCCUS
4915/12/2017?OSX UsersSecurity firm Cybereason discovers an invasive adware variant dubbed OSX.Pirrit. The malware targets macOS users adding spyware capabilities.MalwareSingle IndividualsCC>1

Leave a Reply

%d bloggers like this: