Last Updated on November 28, 2016
It’s time to publish the first Cyber Attack Timeline of November, covering the main events occurred between 1 and 15 November 2016.
The crown of “breach of the fortnight” goes to Adultfriendfinder.com, hacked again with the consequent leak of a stunning 412 million records. Other massive breaches include the leak of 780,000 job applicants’ records suffered by Michael Page and the one affecting the confidential personal records of over 34 million residents in the Indian state of Kerala The City of El Paso has also been hit hard and robbed of about $3 million after a phishing scam, like Tesco Bank, whose 9,000 customers had money stolen from their account for a total cost of the attack of GBP 2.5 M (USD 3M). On the Cyber Espionage front this fortnight has seen the return of APT28 and APT29, whilst the Anonymous came out of the blue, DDoSing Scotland Yard in retaliation for the arrests during the annual Million Mask March in London. As usual, if you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014, 2015 and, in a bit, 2016 (regularly updated). You may also want to have a look at the Cyber Attack Statistics that are regularly published, and follow @paulsparrows on Twitter for the latest updates. Additionally, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts), and if useful, you can access the timeline in Google Sheet format:
ID Date Author Target Description Attack Target Class Attack Class Country 1 01/11/2016 ? PageGroup UK-based global recruitment firm PageGroup confirms that an alleged lone hacker broke into its network and illegally accessed job applicants' personal information. The data breach occurred when the hacker infiltrated a development server run by Capgemini, PageGroup's IT outsourcer. Unknown Industry: Recruitment CC UK 2 01/11/2016 ? MacOS Users Cylance discovers a massive malvertising campaign on Google AdWords targeting MacOS users. Malvertising Single Individuals CC >1 3 01/11/2016 UCC (United Cyber Caliphate) Raqqa Telegram Channel Hackers claiming to be associated with the Islamic State (ISIS) claim to have shut down the Telegram channel belonging to a Syrian activist group reporting out of Raqqa. Unknown Org: Activism CW SY 4 01/11/2016 ? City of Duluth More than 55,000 Duluth residents receive letters informing them that voter registration lists and other personal information may have been exposed as a result of an email phishing attack at city hall. Account Hijacking Government CC US 5 02/11/2016 APT28 (Fancy Bear) Unnamed set of Microsoft Customers Microsoft reveals that the hacker group APT28 is actively leveraging two zero-day vulnerabilities, recently exposed by Google, in Adobe Flash and down-level Windows kernel to "target a specific set of customers". Targeted Attack >1 CE >1 6 02/11/2016 ? New Zealand Nurses Organization New Zealand Nurses Organization notifies 47,000 members of a breach after a spear phishing campaign. Account Hijacking Org: Trade Union and Professional CC NZ 7 02/11/2016 ? Wikileaks WikiLeaks, the whistleblowing platform managed by Julian Assange, suffers a "targeted" DDoS attack, less than 24 hours after releasing over 8,000 fresh emails from the Democratic National Committee (DNC). DDoS Org: Non-Profit CC INT 8 02/11/2016 ? City of El Paso The City of El Paso is "robbed" of about $3 million intended for the streetcar project, when a person or group pretending to be a vendor scammed the city by using a phishing attack. Account Hijacking Government CC US 9 02/11/2016 OurMine Business Insider The collective called OurMine post and edited some stories on the US version of the website. Account Hijacking Online Newspaper CC US 10 02/11/2016 Jonathan Powell Several higher education institutions An Arizona man is arrested on charges that he hacked into over 1,000 email accounts for students and others at two universities, including Pace University in New York, and tried to do the same at 75 other higher-education institutions. Brute Force Education CC US 11 02/11/2016 ? National Health Service’s Lincolnshire and Goole Citing a computer virus outbreak, a hospital system in the United Kingdom cancels all planned operations and diverts major trauma cases to neighboring facilities. Malware Healthcare CC UK 12 04/11/2016 ? Sentinel Hotel Sentinel Hotel announces to have taken action to investigate and address an incident affecting payment card data at the hotel’s front desk. PoS Malware Industry: Hotel and Hospitality CC US 13 05/11/2016 ? Sam's Club Wholesale retail giant Sam's Club has reset passwords for thousands of customers (14,600 email addresses and plain-text passwords) after their account details were posted online. Unknown Industry: Retail CC US 14 06/11/2016 Kapustkiy & Kasimierz L Indian Embassies in South Africa, Libya, Italy, Switzerland, Malawi, Mali, Romania Seven domains of Indian Embassy in Europe and Africa has been hacked and published by Kapustkiy & Kasimierz L on Pastebin (South Africa, Libya, Italy, Switzerland, Malawi, Mali, Romania). SQLi Government CC IN 15 06/11/2016 ? East Baton Rouge Parish School System The top business manager for the East Baton Rouge Parish school system falls victim of a phishing email fraud, wiring $46,500 to someone who claimed via email to be Superintendent Warren Drake, even though the man himself was working in an office next door. Account Hijacking Education CC US 16 07/11/2016 ? Tesco Bank Tesco Bank is the victim of "a systematic, sophisticated attack" targeting 9,000 customers who have money stolen from their account. The total cost of the attack is GBP 2.5 M (USD 3M) Malware Industry: Retail CC UK 17 07/11/2016 ? Two properties in the city of Lappeenranta A Distributed Denial of Service (DDoS) attack halted heating distribution at least in two properties in the city of Lappeenranta, located in eastern Finland. In both of the events the attacks disabled the computers that were controlling heating in the buildings. DDoS Industry: Property Management CC FI 18 07/11/2016 ? Campaign websites of US presidential candidates Hillary Clinton and Donald Trump According to security firm Flashpoint, hackers tried to cripple the campaign websites of US presidential candidates Hillary Clinton and Donald Trump, employing the Mirai botnet. DDoS Org: Politics CC US 19 07/11/2016 Anonymous Scotland Yard's website (content.met.police.uk) The Anonymous claim to have shut down part of Scotland Yard’s website (content.met.police.uk) for eight hours in revenge for dozens of arrests during the annual Million Mask March on parliament in London. DDoS Law Enforcement H UK 20 08/11/2016 vimproducts Several major Russian banks including: the Moscow Exchange, the Bank of Moscow, Rosbank, and Alfa-Bank. A hacker called vimproducts claims to have taken down several Russian banks including the Moscow Exchange, the Bank of Moscow, Rosbank, and Alfa-Bank. DDoS Finance CC RU 21 08/11/2016 ? YouTube account of Theo Ogden In a cyber-attack coordinated by an alleged jealous teenager, the YouTube account of Theo Ogden (a popular video channel with 200 videos, 20,000 subscribers and 1.6 million views), is deleted permanently. Account Hijacking Single Individual CC UK 22 09/11/2016 ? National Crime Agency The UK's National Crime Agency public web site is briefly taken down by a DDoS attack. DDoS Law Enforcement CC UK 23 09/11/2016 CyberZeist Alaskan Elections Results website (elections.alaska.gov) CyberZeist claims to have breached the Alaskan Elections Results website (elections.alaska.gov) and dumps a screenshot, the server IPs and the username/password combination. Unknown Government CC US 24 10/11/2016 APT28 (Fancy Bear) Various governments and embassies around the world Trend Micro reveals that the hacker group APT28 is currently maximizing the usage of the 0-days vulnerabilities discovered in Adobe and Windows to target various governments and embassies around the world. Targeted Attack Government CE >1 25 10/11/2016 ? Casino Rama Resort Casino Rama Resort issues a warning to its customers and employees after a hacker claimed to have stolen over a decades' (from 2004 to 2016) worth of sensitive information from its computer networks – including payroll data and social insurance numbers. Unknown Industry: Hotel and Hospitality CC CA 26 11/11/2016 Cozy Bear (APT29) U.S.-based think tanks and non-governmental organizations (NGOs) Few hours after Donald Trump is declared victorious in the wake of the US elections, Kremlin-linked hacker group Cozy Bear (APT29), reportedly launches a wave of attacks on US-based targets. The attacks focus on U.S.-based think tanks and non-governmental organizations (NGOs) Targeted Attack Org: NGO CE US 27 11/11/2016 ? A&M LLC A&M LLC announces that a recent data security incident may have compromised the security of payment information of some customers who used debit or credit cards at Annie Sez, Afaze, Mandee, Sirens and Urban Planet locations between November 24, 2015 and August 23, 2016. PoS Malware Industry: Retail CC US 28 12/11/2016 CyberZeist Windham County Sheriff’s Office CyberZeist announces that the Windham County Sheriff’s Office has been hacked, and dumps the entire database with 300 records of personnel. SQLi Law Enforcement CC US 29 12/11/2016 ElSurveillance 24luv.com freedateusa.com The hacktivist known as ElSurveillance is back with its operation #EscortsOffline and two more data dumps from two dating sites: 24luv.com (92,937 users’ email addresses and plain-text passwords) and freedateusa.com (127,395 email addresses and plain-text passwords). Account Hijacking Dating H CA 30 12/11/2016 CyberZeist Washington State Government Website (wa.gov) CyberZeist announces a breach on the Washington state government website. The dump contains 59 administrator accounts with user email addresses, encrypted passwords and salts. SQLi Government CC US 31 13/11/2016 ? AdultFriendFinder Networks Here we are again: adult dating and entertainment company FriendFinder Networks has reportedly been hacked in a massive data breach exposing more than 412 million accounts and user credentials collected over two decades. The breach is believed to have occurred in October with email addresses and passwords from six adult-oriented FriendFinder Networks websites (including cams.com and penthouse.com) dumped online. Local File Inclusion Vulnerability Industry: Entertainment CC US 32 14/11/2016 Anthony Clark FIFA Ultimate Team Anthony Clark is charged by the Northern Texas District Court with a count of Conspiracy to Commit Wire Fraud for his role in a scheme to automatically generate and then resell the digital coins used to purchase perks in FIFA Ultimate Team on the PlayStation and Xbox console lines. Digital Coin Mining Industry: Video Games CC US 33 14/11/2016 Carabanak Three Unnamed Firms in the Hospitality Sector Trustwave researchers spot the Carbanak cybergang using a new socially engineered trick to spread point-of-sale (POS) malware to businesses in the hospitality industry. Targeted Attack Industry: Hotel and Hospitality CC N/A 34 15/11/2016 N.T.R. civilsupplieskerala.gov (Kerala government’s civil supplies department) Confidential personal records of over 34 million residents in the Indian state of Kerala are compromised, after an Indian man living in Tokyo posts them on Facebook after the Indian government failed to address security flaws in website Unknown Government CC IN