Views: 11,001

Last Updated on May 24, 2015

Here we go with the first timeline of the main Cyber Attacks happened in October (according to my personal evaluation metric).

Two weeks very active from an information security perspective. The list of attacks is quite long and heterogeneous, with massive breaches (The Snappening and a list of nearly 7.000.000 compromised accounts used to brute-force Dropbox), a rich list of cyber crime and cyber espionage campaigns, a renewed burst of the cyber war between India and Pakistan, and a couple of operations orchestrated by hacktivists.

Digging into Cyber Crime, besides the two above quoted events, we find the Mac.BackDoor.iWorm, a widespread botnet targeting OS X, and trapping 17,000 devices. The list continues with a purported attack against Yahoo, initially believed to be orchestrated exploiting the infamous Shellshock vulnerability, the ATM malware Tyupkin, supposed to have been used for stealing millions of bucks from 50 ATMs in Eastern Europe and Russia, a breach against Kmart, and, last but not least, other two (and a half) waves of leaked photos from the Snappening.

Scrolling down the Cyber Espionage events, we cannot help but notice a similar abundance of operations with a widespread usage of 0-day vulnerabilities. Just to mention several names: Sandworm, Hurricane Panda, and even an old acquaintance like Nitro.

India and Pakistan were very busy in the Cyber Space, with  defacements and leaks against a wide range of mutual targets like also the Anonymous, who kicked off #OPHK, against China and in support of Hong Kong protesters.

If you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013 and now 2014 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

1-15 October 2014 Cyber Attacks Timeline

  1. http://news.drweb.com/show/?i=5976&lng=en&c=14
  2. http://www.techworm.net/2014/10/unicef-twitter-account-hacked.html
  3. http://www.scmagazine.com/flinn-scientific-notifies-customers-of-payment-card-breach/article/375119/
  4. https://twitter.com/ManiAc_Naiem/status/517833605163130880
  5. http://datalossdb.org/incidents/13640-1-602-user-accounts-and-1-197-administrator-accounts-with-user-names-email-addresses-contact-numbers-home-addresses-and-mixed-clear-text-and-encrypted-passwords-dumped-on-the-internet
  6. http://www.scmagazine.com/palo-alto-network-researchers-discover-further-nitro-attacks/article/375679/
  7. http://news.softpedia.com/news/Info-Of-1-000-Provo-City-School-District-Employees-Exposed-460933.shtml
  8. http://www.dailymail.co.uk/news/article-2781196/Will-end-iCloud-hacker-releases-fourth-wave-celebrity-nudes-including-male-victim.html
  9. http://www.zdnet.com/yahoo-confirms-servers-infected-but-not-by-shellshock-7000034411/
  10. http://hackread.com/google-indonesia-hacked-by-pakistani-hackers/
  11. http://www.techworm.net/2014/10/abc-faces-ransomware-attack.html
  12. http://arstechnica.com/security/2014/10/dozens-of-european-atms-rooted-allowing-criminals-to-easily-cash-out/
  13. http://www.techworm.net/2014/10/operation-hong-kong-anonymous-hacks-chinese-government-website.html
  14. http://hackread.com/massachusetts-maritime-academy-website-hacked/
  15. http://hackread.com/indian-hacks-pakistan-peoples-party-website/
  16. http://www.bloomberg.com/news/2014-10-09/jpmorgan-hackers-said-to-probe-13-financial-firms.html
  17. http://arstechnica.com/security/2014/10/developer-of-hacked-snapchat-web-app-says-snappening-claims-are-hoax/
  18. http://www.bbc.co.uk/newsbeat/29556349
  19. http://www.scmagazine.com/malware-on-ndscs-computers/article/376446/
  20. http://news.softpedia.com/news/Pro-Democracy-Websites-in-Hong-Kong-Have-Been-Compromised-461892.shtml
  21. http://news.softpedia.com/news/Cyber-Espionage-Group-Uses-Bank-Website-to-Redirect-To-Exploit-Kit-461568.shtml
  22. http://pastebin.com/TKg0M03P
  23. http://www.techworm.net/2014/10/indo-pak-cyber-war-in-offing.html
  24. http://www.ibtimes.co.in/mohanlal-fans-hack-pakistan-website-post-actors-picture-dialogue-610930
  25. http://www.ibtimes.co.in/mohanlal-fans-hack-pakistan-website-post-actors-picture-dialogue-610930
  26. http://webcache.googleusercontent.com/search?q=cache:-HTVLnukeGwJ:pastebin.com/4Qya0LaE
  27. http://www.standard.co.uk/news/london/ucl-investigates-email-hack-after-mystery-bello-message-from-president-sparks-ridicule-from-students-9784114.html
  28. http://arstechnica.com/security/2014/10/hp-accidentally-signed-malware-will-revoke-certificate/
  29. http://www.forbes.com/sites/katevinton/2014/10/10/credit-cards-were-compromised-in-kmart-data-breach/
  30. http://pastebin.com/ncFvBPLx
  31. http://pastebin.com/FKUxcPVe
  32. http://gadgets.ndtv.com/internet/news/anonymous-leaks-chinese-government-website-data-over-hong-kong-protests-605910
  33. http://www.ibtimes.com/keke-palmer-alleged-nude-photos-leaked-fappening-continues-cinderella-star-victim-apparent-1703591
  34. http://hackread.com/pakistani-news-channel-samaa-tv-website-hacked/
  35. http://www.theguardian.com/technology/2014/oct/13/uk-police-investigate-alleged-bahraini-hacking-exiles-computers
  36. http://www.isightpartners.com/2014/10/cve-2014-4114/
  37. http://arstechnica.com/security/2014/10/7-million-dropbox-usernamepassword-pairs-apparently-leaked/
  38. http://www.oregon.gov/EMPLOY/COMM/Pages/OED-Addresses-Security-Vulnerability.aspx
  39. http://blog.crowdstrike.com/crowdstrike-discovers-use-64-bit-zero-day-privilege-escalation-exploit-cve-2014-4113-hurricane-panda/
  40. http://metronews.ca/news/vancouver/1183297/data-breach-puts-15000-b-c-wildfire-fighters-personal-info-at-risk/
  41. http://www.scmagazine.com/cyberswim-notifies-customers-that-payment-card-data-may-be-at-risk/article/377958/
  42. http://news.softpedia.com/news/Cyber-Espionage-Group-Leverages-At-Least-Ten-Custom-Tools-In-Attacks-462197.shtml
  43. http://www.scmagazine.com/physicians-email-account-accessed-by-unknown-source-contained-patient-data/article/377499/
  44. http://mashable.com/2014/10/15/redditors-complain-snappening-down/
  45. http://nakedsecurity.sophos.com/2014/10/15/attacker-takes-over-facebook-page-set-up-for-bucket-list-baby-shane-posts-porn/
  46. http://pastebin.com/1Hycjv58
Related articles
Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

This Post Has 3 Comments

  1. Ed Moore October 29, 2014 Reply

    Hi, I’m working on a project for college and wondered if you I’m able to get hold of the raw data for your Cyber Attack Statistics?

    Thanks,

    Ed

    1. Paolo Passeri October 29, 2014 Reply

      No problem, I will send you an email with the info.

  2. raincoaster October 20, 2014 Reply

    Reblogged this on The Cryptosphere and commented:
    Here’s the official roundup. Can your sysadmin play CyberAttack Bingo with your website? If so, fire him.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.