Last Updated on January 23, 2016
October is proving to be very complicated from an Infosec perspective, so I am publishing this timeline in the middle of the turmoil in the wake of the breach that has affected TalkTalk.
Unfortunately this month has started in the worst possible way with the massive breaches targeting T-Mobile US (result of a cyber attack to Experian affecting potentially 15 million US users) and Scottrade (affecting 4.6 million users). In particular the attack to Scottrade has not been isolated, delineating a possible trend: other two companies operating in the same space, FXCM and E-Trade, have revealed to have suffered similar attacks. But the bad news does not end here, and the case of Dow Jones & Co. is paradoxical: the company has disclosed the details of two breaches in the space of a single week.
Moving to Cyber Espionage, this fortnight reports the discovery of an APT using fake profiles on Linkedin (Threat Group 2889) and the revelations of a 2014 cyber attack against the South Korea subway system, purportedly orchestrated by North Korea.
Other remarkable events include the DDoS attacks against two major Japanese airports (Narita and Chubu) executed by the Anonymous Collective in name of #OpKilling Bay (the campaign against the dolphin slaughter) and against several Belgian Government websites executed by the local branch of the same collective.
If you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014 and now 2015 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.
Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).
ID Date Author Target Description Attack Target
Country Link 1 01/10/2015 ? T-Mobile US
Hackers break into a server and make off with names, driver license numbers, and other personal information belonging to more than 15 million US consumers who applied for cellular service from T-Mobile. The breach is the result of an attack on a database maintained by credit-reporting service Experian, which was contracted to process credit applications for T-Mobile customers and affects people who applied for T-Mobile service from September 1, 2013 through September 16 of this year. SQLi? Industry: Mobile Telco CC US http://arstechnica.com/security/2015/10/highly-personal-data-for-15-million-t-mobile-applicants-stolen-by-hackers/ 2 01/10/2015 ? American Bankers
The American Bankers Association (ABA), based in Washington, D.C., notifies more than 6,000 ABA shopping cart users of a breach that exposed their personal information. Unknown Organization: Professional Association CC US http://www.aba.com/About/Pages/Alert.aspx 3 01/10/2015 ? FXCM Foreign-exchange broker FXCM privately informs clients to have suffered a data breach and that the attackers have been able to stole funds from some accounts. Unknown Industry: Financial Services CC US http://news.softpedia.com/news/hackers-breach-fxcm-currency-broker-initiate-illegal-transactions-493663.shtml 4 01/10/2015 ? Multiple Sclerosis
Multiple Sclerosis Society warns website users their personal details might have been compromised via a malicious software discovered on its systems. Malware Org: Charity CC UK http://www.thirdsector.co.uk/ms-society-warns-website-users-personal-details-compromised/communications/article/1366742 5 02/10/2015 ? Scottrade Online stock brokerage Scottrade has suffered a breach that exposed the personal information of 4.6 million customers. Scottrade officials said in an online advisory that the breach happened in late 2013 or early 2014 and exposed social security numbers, e-mail addresses and "other sensitive information". Unknown Industry: Financial Services CC US http://arstechnica.com/security/2015/10/scottrade-breach-exposes-sensitive-data-for-4-6-million-customers/ 6 02/10/2015 ? David Jones
Premium retailer David Jones says its website has been hacked and private customer data stolen.
Unknown Industry: Retail CC AU http://www.theaustralian.com.au/business/latest/david-jones-website-hacked/story-e6frg90f-1227553931692 7 03/10/2015 Hell Shield Hackers http://www.mspkp.gov.pk A group of Indian hackers calling themselves Hell Shield Hackers defaces a Pakistani government website called Municipal Services Program Khyber Pakhtunkhwa (Khyber Paktunkhwa is a province in Pakistan) (www.mspkp.gov.pk) apparently in retaliation against Pakistani hackers. Defacement Government CW PK http://www.dnaindia.com/india/report-indo-pak-cyber-war-indian-hackers-deface-pakistani-website-2131410 8 04/10/2015 ? Kennebec County
The Kennebec County phone system is hacked topping 2,100 calls in a weekend. Unknown Government CC US https://www.centralmaine.com/2015/10/06/kennebec-countys-phone-system-hacked-over-weekend/ 9 04/10/2015 sup3rm4n, j0shua3w, https://intranet.on.br
Two Brazilian hackers deface two government-owned domains. The target is the Brazilian Institute of research and development in Astronomy, Geophysics and Meterology of Time and Frequency, which has two of its domains defaced (intranet.on.br and euler.on.br). Defacement Government CC BR https://www.hackread.com/brazilian-hackers-question-corruption-nsa-snooping/ 10 05/10/2015 North Korea South Korea Ha Tae-Kyung, a Seoul lawmaker, cites intelligence reports stating that North Korea is suspected of having launched a cyber attack last year on the South Korean capital's subway system that carries millions of commuters every day. Targeted Attack Government CW KR http://www.securityweek.com/north-korea-suspected-hacking-seoul-subway-operator-mp 11 05/10/2015 ? Peppermill Resort Spa Casino An undisclosed number of individuals are being notified that an attack may have compromised credit and debit cards used between October 2014 and February 2015 at the front desk of the Reno, Nev.-based Peppermill Resort Spa Casino. Unknown Industry: Hospitality CC US http://www.scmagazine.com/payment-card-breach-at-peppermill-resort-spa-casino-in-reno/article/447433/ 12 05/10/2015 Anoncoders Radio Tel Aviv
Palestinian hackers identifying themselves as "Anoncoders," deface Radio Tel Aviv's website (102fm.co.il), uploading a message that states: "We are always here to punish you." Defacement Radio Broadcasting H IL http://www.ynetnews.com/articles/0,7340,L-4707155,00.html 13 05/10/2015 ? divxtotal.comz
Malwarebytes detects a new malvertising campaign on six of Spain's biggest torrent sites, exposing around 84.2 million users to the CryptoWall ransomware. Malvertising Torrent CC ES http://news.softpedia.com/news/malvertising-campaign-hits-top-spanish-torrent-sites-493914.shtml 14 05/10/2015 NetPirates AKA @TheNetShip http://www.bharatlaws.com/ NetPirates hack bharatlaws.com and dump >10,000 usernames and clear text passwords. SQLi Industry: E-Commerce CC IN http://siph0n.net/exploits.php?id=4096 15 06/10/2015 ? Unnamed Organization Researchers from Cybereason discover a novel technique used to gain persistence in an (unnamed) organization's environment to harvest employees' authentication credentials. The attack involves a malicious module loaded onto Microsoft Outlook Web Application (OWA). Targeted Attack N/A CE N/A http://www.net-security.org/secworld_main.php?p=2 16 06/10/2015 Th3 Ap3x Windsor University School of Medicine
Th3 Ap3x from Anonsec hacks windsormed.org and dumps >6000 records with student info SQLi Education CC UK http://siph0n.net/exploits.php?id=4097 17 07/10/2015 Threat Group 2889 >1 Researchers at Dell's SecureWorks release an analysis of a hacking crew dubbed Threat Group 2889, which is using at least 25 bogus but thoroughly developed LinkedIn profiles to draw in potential targets in telecoms, government agencies, and defence contractors. Targeted Attack >1 CE >1 http://www.zdnet.com/article/the-fake-linkedin-recruiter-network-hackers-are-using-to-reel-in-business-users/ 18 07/10/2015 ? LoopPay The New York Times reveals that months before its technology became the centerpiece of Samsung’s new mobile payment system, LoopPay, a small Massachusetts subsidiary of the South Korean electronics giant, was the target of a sophisticated attack by a group of government-affiliated Chinese hackers. Targeted Attack Industry: Mobile Payment CE US http://www.nytimes.com/2015/10/08/technology/chinese-hackers-breached-looppay-a-contributor-to-samsung-pay.html?_r=0 19 07/10/2015 Alister Maclin Bitcoin A Russian man that calls himself "Alister Maclin" has been disrupting the Bitcoin network for over a week, creating duplicate transactions, and annoying users. Bitcoin Malleability Attack Bitcoin Exchange CC N/A http://motherboard.vice.com/read/i-broke-bitcoin 20 08/10/2015 ? Six of the most successful Fifa video gamers:
AnesonGib, W2S, Nepenthez, Nick28T, Bateson87, matthdgamer
Six of the most successful Fifa video gamers to feature on YouTube are targeted by cyber-thieves, who are able to steal millions of Fifa coins, the in-game currency, and deleted valuable players. The attackers are thought to have convinced manufacturer EA Sports to transfer their victims' Origin accounts to email addresses they controlled. Account Hijacking Single Individuals CC UK http://www.bbc.co.uk/news/technology-34442322 21 09/10/2015 ? Dow Jones & Co. Dow Jones & Co. reveals that hackers had gained unauthorized entry to its systems, accessing contact information for current and former subscribers in order to send fraudulent solicitations. The data breach potentially accessed payment card information for fewer than 3,500 individuals. Unknown Industry: News And Publishing CC US http://www.wsj.com/articles/dow-jones-discloses-customer-data-breach-1444406517 22 09/10/2015 ? E-Trade E-Trade notifies about 31,000 customers this week that some of their personal information may have been accessed during a cyberattack in late 2013. Targeted Attack Industry: Financial Services CC US https://www.washingtonpost.com/news/the-switch/wp/2015/10/09/e-trade-notifies-31000-customers-that-their-contact-info-may-have-been-breached-in-2013-hack/ 23 09/10/2015 Sally-Anne Jones
(Umm Hussain Britaniya)
Army Sgt. Dillard Johnson
Navy SEAL Rob O’Neill
Sally-Anne Jones, a well known ISIS supporter, through her Twitter account Umm Hussain Britaniya, leaks the addresses of Army Sgt. Dillard Johnson, and Navy SEAL Rob O’Neill, urging lone-wolf terrorists in the U.S. to take them down. Unknown Single Individuals H US http://www.nydailynews.com/news/national/isis-fanatic-leaks-addresses-decorated-u-s-soldiers-article-1.2391942 24 09/10/2015 ? Israeli Public Sector Researchers from Check Point disclose the details of a campaign targeting the Israeli public sector, using the MWI (Microsoft Word Intruder) exploit kit to deliver a modified version of the Zeus malware. Targeted Attack Government CE IL http://blog.checkpoint.com/2015/10/09/israeli-public-sector-targeted-by-zeus-trojan-hidden-in-a-word-document/ 25 09/10/2015 Comcastkids http://shopatsullivan.com A crew of hackers called Comcastkids hacks shopatsullivan.com and dumps more than 10,000 accounts. SQLi Industry: E-Commerce CC US http://siph0n.net/exploits.php?id=4110 26 10/10/2015 Anonymous Narita International Airport
Chubu Centrair International Airport
In name of #OpKillingBay the online protest against the dolphin slaughter, the Anonymous take down the two main Japanese Airports: Narita International Airport (www.narita-airport.jp) and Chubu Centrair International Airport (www.centrair.jp). DDoS Airport H JP https://www.hackread.com/op-killingbay-anonymous-attacks-japanese-airports/ 27 11/10/2015 Anonymous Belgium Federal Public Services Home Affairs
Official website of Belgian Prime Minister Charles Michel
The Belgian branch of the Anonymous collective takes down the official websites of Belgian Prime Minister Charles Michel, the Brussels parliament and the website of Federal Public Services Home Affairs. DDoS Government H BE https://www.hackread.com/anonymous-targetes-belgian-govt-websites/ 28 12/10/2015 ? America’s Thrift Stores Another charity store hacked: America’s Thrift Stores, an organization that operates donations-based thrift stores throughout the southeast United States, says to have been the victim of a malware-driven security breach that targeted software used by a third-party service provider. Malware Industry: Charity Shop CC US http://krebsonsecurity.com/2015/10/credit-card-breach-at-americas-thrift-stores/ 29 13/10/2015 ? Daily Mail Malwarebytes discloses in a blog post that the "sophisticated" attack, previously documented as targeting eBay and Yahoo, has now turned its attention to the Daily Mail, a popular UK-based news publication which accounts for millions of monthly visitors. Malvertising News CC UK http://www.zdnet.com/article/angler-targets-156-million-uk-daily-mail-readers-in-malvertising-spree/ 30 13/10/2015 Kuroi SH Uniformed Services University
A hacker going with the online handle of Kuroi SH defaces several domains of the United States based Uniformed Services University and leaks 2014 login credentials online. Unknown Military CC US https://www.hackread.com/uniformed-services-university-domain-hacked/ 31 14/10/2015 Fin5 Unnamed Casino According to two FireEye researchers, an un-named Casino has lost 150,000 credit cards after being raided by the Fin5 hacking group. Targeted Attack Industry: Hospitality CC N/A http://www.theregister.co.uk/2015/10/14/jackpot_new_hacking_group_steals_150000_credit_cards_from_casino/ 32 14/10/2015 @An0nBlank AKA HTGz Terminal Royal Institution of Chartered Surveyors
@An0nBlank AKA HTGz Terminal hacks ricsasia.org (Royal Institution of Chartered Surveyors) and dumps 3,410 records. SQLi Org: Professional Body CC UK https://twitter.com/An0nBlank/status/654266850046554112 33 15/10/2015 ? Electronic Arts Account details of some 600 Electronic Arts (EA) customers are apparently leaked on Pastebin. The company has yet to confirm that the leak is genuine, but they are "taking steps to secure any account that has an EA or Origin user ID that matches the usernames on this list". Unknown Industry: Video Games CC US http://www.csoonline.com/article/2993909/data-breach/data-dump-suggests-possible-breach-at-electronic-arts.html 34 15/10/2015 Abdellah Elmaghribi Adult Magazine
An Islamist hacker called Abdellah Elmaghribi defaces Adult Magazine, an online blog about graduate students having sex. Defacement Adult Site H US http://gawker.com/islamist-terrorists-hack-pretentious-brooklyn-sex-zine-1736775518 35 15/10/2015 Implosion http://pharmafellows.rutgers.edu/ A hacker dubbed Implosion hacks the Rutgers University Pharmaceutical Industry Program and dumps 1057 usernames and hashed passwords. SQLi Education CC US http://pastebin.com/14ZudLcB 36 16/10/2015 ? Dow Jones & Co. A new breach targeting Dow Jones & Co. Bloomberg reveals that a group of Russian hackers infiltrated the servers and stole information to trade on before it became public. The probe began at least a year ago. Unknown Industry: News And Publishing CC US http://www.bloomberg.com/news/articles/2015-10-16/russian-hackers-of-dow-jones-said-to-have-sought-trading-tips