Views: 6,938
Last Updated on February 15, 2017
It’s time to publish the second timeline of January covering the main cyber attacks occurred between January 16th-31th (first part here ).
There are immediately two noteworthy aspects to notice: the number of attacks has been sensibly higher than the first fortnight, and also there are no events related to hacktivism, I do not remember if this ever happened before.
Unfortunately video games companies compensated this void as the lists of the victims include Supercell (1.1 million), CD Projekt Red (1.8 million), and an unconfirmed breach to the Xbox 360 and PSP (2.5 million).
Moreover, as the Spring is coming, the season of the W-2 scams is coming too, with the first victims that start to appear in the news.
Instead, the season of Cyber Espionage is never over, APT28 is always on the spot and this fortnight a new attack was discovered against the Polish Ministry of Foreign Affairs (curiously it looks like even the Italian Ministry of Foreign Affairs has been hit by APT28). Other entities victims of similar attacks (of unknown attribution) have been the Czech Ministry of Foreign Affairs (another coincidence) and the Swedish Armed Forces).
If you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 , 2012 , 2013 , 2014, 2015 and 2016 (regularly updated). You may also want to have a look at the Cyber Attack Statistics that are regularly published, and follow @paulsparrows on Twitter for the latest updates.
Additionally, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts), and if useful, you can access the timeline in Google Sheet format:
ID Date Author Target Description Attack Target Attack Country
1 13/01/2017 Indonesian Hackers Legitimate Websites Researchers from Sucuri discover two connected advertising fraud campaigns that compromise legitimate web sites and abuse Google AdSense. Clickjacking via Malicious Javascript Single Individuals CC >1
2 15/01/2017 ? IHOP (International House of Pancakes) IHOP Twitter account (@IHOP) is hacked and posts a political tweet against Hillary Clinton. Account Hijacking Industry: Restaurant CC US
3 16/01/2017 ? Sentara Healthcare A cyber security breach at a third party vendor for Sentara Healthcare compromises the records of over 5,000 patients. Unknown Healthcare CC US
4 16/01/2017 ? Channel One Russian state television Channel One blames hackers for the leak online of the final episode of the BBC drama Sherlock a day before its actual planning. Unknown Industry: Media CC RU
5 16/01/2017 ? Laptop belonging to the special investigation team probing President Park Geun-hye’s political scandal. The Korea Times reveals the details of an attempt made by oversea attackers to hack into a laptop belonging to the special investigation team probing President Park Geun-hye’s political scandal. Targeted Attack Law Enforcement CE KR
6 17/01/2017 ? Supercell Supercell Forum is hacked and 1.1 million accounts are leaked. The breach allegedly took place in September 2016. Unknown Industry: Video Games CC FI
7 17/01/2017 ? 20,000 individuals in the Netherlands Police in the Netherlands are set to email 20,000 possible fraud victims urging them to change their account details, after discovering their credentials had been stolen by a man arrested last year on suspicion of multiple cybercrime offences. Malware/Account Hijacking Single Individuals CC NL
8 17/01/2017 ? Racingpulse.in A popular horse racing website (Racingpulse.in) is hacked with Ransomware. Malware Org: Horse Racing CC IN
9 17/01/2017 ? Advanced Flexible Composites Inc. The computer system of Advanced Flexible Composites Inc. is hacked preventing the firm from processing quote requests or orders and from receiving emails. Malware Industry: Manufacturing CC US
10 18/01/2017 ? College students across the United States The FBI’s Internet Crime Complaint Center publishes an alert against a scam tricking college students into depositing fraudulent checks into their bank accounts. Account Hijacking Education CC US
11 18/01/2017 ? Several biomedical research facilities Malwarebytes reveals the details of a newly discovered Mac malware, which has likely been targeting biomedical research facilities for at least two years without detection. Malware Industry: Biomedical Research CC US
12 18/01/2017 ? POPEYES CCC Restaurant Enterprises, LLC, doing business as POPEYES, announce that a recent data security incident may have compromised the security of payment information of some customers who used debit or credit cards at 10 Restaurant locations between May 5, 2016 and August 18, 2016. PoS Malware Industry: Restaurant CC US
13 20/01/2017 ? WCHQ 100.9 FM Crescent Hill Radio WCHQ 100.9 FM, a popular, non-profit radio station in Louisville, Kentucky is hacked to play an anti-Trump song for almost 15 minutes by interrupting regular programming. Unknown Radio Station CC US
14 20/01/2017 ? St Louis Public Library St Louis Public Library is hit by a ransomware attack. Attackers demand $35,000 worth in Bitcoin. Malware Org: Library CC US
15 20/01/2017 ? Bowlmor AMF Bowlmor AMF, the world’s largest bowling center operator, says that it had a possible data breach at 21 of its more than 300 domestic locations in 12 states between Feb. 4 and March 19. PoS Malware Industry: Entertainment CC US
16 20/01/2017 ? Ohio State Veterinary Medical Center A malware infection is to blame for a security breach that could put the personal information of up to 4,611 clients of the Ohio State Veterinary Medical Center. Malware Education CC US
17 21/01/2017 ? BBC Northampton Twitter account (@BBCNorthampton) The BBC Northampton Twitter account (@BBCNorthampton) is hacked and reports the false news that Donald Trump had been shot. Account Hijacking Industry: Media CC GB
18 21/01/2017 Sc0rp10nGh0s7 www.nari-icmr.res.in Sc0rp10nGh0s7 from the Shad0w Security crew breaks into the servers of the National Aids Research Institute NARI (India) and claims to have accessed a more than 1 GB archive containing the results for dozens Hiv test. SQLi? Org: Health CC IN
19 21/01/2017 ? Sundance Film Festival The box office and other systems at the Sundance Film Festival are shut down by hackers. DDoS Industry: Entertainment CC US
20 22/01/2017 Chipher0007 AlphaBay About 218,000 unencrypted private messages posted to the AlphaBay dark web marketplace are accessed and released to the public. Undisclosed Vulnerabilities Dark Web Marketplace CC N/A
21 22/01/2017 OurMine New York Times Video Twitter Account (@nytvideo) OurMine hacks the Twitter account of New York Time Video (@nytvideo) and posts fake news. Account Hijacking Industry: Media CC US
22 23/01/2017 ? Lloyds Bank The Financial Time reveals that Lloyds Bank has been targeted by a large scale DDoS attack over the past two weeks. Two crooks claims responsibility for the attack. DDoS Finance CC GB
23 23/01/2017 ? Several targets in Saudi Arabia Saudi Arabia warns organizations in the Kingdom to be on the alert for cyber attacks carried on via a new variant of the Shamoon virus. Targets include a chemical firm (Sadara Chemical Co) and the Ministry of Labor and Social Development. Malware >1 CW SA
24 23/01/2017 ? XP Investimentos SA Hackers who stole data from 29,000 clients of XP Investimentos SA allegedly tried to get the Brazilian independent securities firm to pay 22.5 million reais ($7.1 million) to keep the security breach secret. Industry: Securities Unknown CC BR
25 24/01/2017 ? Grey Eagle Resort and Casino Grey Eagle Resort and Casino and the attackers threaten to dump hundreds of gigabytes of data. The Casino confirms the breach. Unknown Industry: Hotel and Hospitality CC US
26 24/01/2017 ? larisa@steamreal.ru ewartumba@mail.ru Websites of the Democratic Party in the Wisconsin area are hacked by alleged Russian Hackers. Undisclosed Vulnerabilities Org: Political Party CC US
27 25/01/2017 APT28 AKA Fancy Bear Unnamed TV Station in the UK SecureWorks reveals that APT28 was able to infiltrate an unnamed TV station in the UK and stay undetected for 12 months starting from July 2015. Targeted Attack Industry: Media CE GB
28 25/01/2017 ? Cockrell Hill Police Police in Cockrell Hill, Texas admits in a press release to have lost years worth of evidence after the department's server was infected with ransomware. Malware Law Enforcement CC US
29 25/01/2017 ? Argyle school district Argyle school district warns its workers that their W-2 tax forms were lost in a phishing attack. Account Hijacking Education CC US
30 25/01/2017 ? Several Chinese Internet Giants A dark web vendor going by the handle “DoubleFlag” sells 1 billion accounts stolen from several Chinese Internet giants, including NetEase Inc and its subsidiaries 126.com, 163.com and Yeah.net. Tencent Holdings Limited owned QQ.com, TOM Group’s Tom.com 163.net, Sina Corporation’s Sina.com/Sina.com.cn, Sohu, Inc.’s Sohu.com and Letter Network Information Technology Co., Ltd owned eYou.com. Unknown Industry: Internet Services CC CN
31 25/01/2017 ? U.S. Cellular DoubleFlag now claims to sell a database containing 126 million customer records from U.S. Cellular. The company denies the hack. Unknown Industry: Telco CC US
32 25/01/2017 ? Campbell County Health Social Security numbers and W-2 information for about 1,400 employees who worked over the past year at Campbell County Health are mistakenly released to someone impersonating a hospital executive. Account Hijacking Healthcare CC US
33 25/01/2017 Four Teenagers Several E-Commerce websites Four teenagers are arrested for allegedly digitally shoplifting vouchers worth Rs92 lakh [$134,985.29 USD] exploiting a vulnerability in the payment gateway (PayU). Payment gateway vulnerability Industry: E-Commerce CC IN
34 25/01/2017 ? Tipton County Schools Tipton County Schools are hit by a phishing scam aimed to steal employees' personal W-2 forms. Account Hijacking Education CC US
35 25/01/2017 ? Swedish Armed Forces Daily newspaper Dagens Nyheter reports that Sweden's armed forces were recently exposed to an extensive cyber attack that prompted them to shut down an the Caxcis IT system, used in military exercises Unknown Military CE SE
36 26/01/2017 ? Hong Kong Securities Brokers Hong Kong's securities regulator says that brokers in the city has suffered major DDoS cyber attacks and warn of possible further incidents across the industry. DDoS Industry: Securities Brokers CC HK
37 26/01/2017 ? Odessa School District The Odessa School District is hit by a phishing scam aimed to steal employees' personal W-2 forms. Account Hijacking Education CC US
38 26/01/2017 ? High Fidelity High Fidelity users receive an e-mail from Philip Rosedale, CEO and founder of the new social VR world, announcing the compromise of a staff email account in late December and Early January. Account Hijacking Virtual Reality CC US
39 27/01/2017 ? D.C. Police Ransomware infected 70 percent of storage devices that record data from D.C. police surveillance cameras eight days before President Trump’s inauguration, forcing major citywide reinstallation efforts, Malware Law Enforcement CC US
40 27/01/2017 ? NATO Talos reveals the details of Matryoshka Doll, a spear phishing campaign targeting NATO officials during the Christmas and New Year Holiday Targeted Attack Military CE INT
41 27/01/2017 ? Australian Nuclear Science and Technology Organisation (ANSTO) The Australian Nuclear Science and Technology Organisation (ANSTO) investigate a computer security breach at the Australian Synchrotron that saw hackers steal scientists' usernames and passwords. Undisclosed Vulnerabilities Government CC AU
42 27/01/2017 ? Sunrun Solar panel maker Sunrun is hit with a spearphishing attack, impersonating the CEO Lynn Jurich, that gets away with the company employee W-2 information. Account Hijacking Industry: Solar Panel CC US
43 28/01/2017 ? Romantik Seehotel Jaegerwirt One of Europe's top hotels, Romantik Seehotel Jaegerwirt, admits they had to pay thousands in Bitcoin ransom to cybercriminals who managed to hack their electronic key system, locking hundreds of guests out of their rooms until the money was paid. Malware Industry: Hotel and Hospitality CC AT
44 28/01/2017 OurMine Multiple Twitter accounts associated with the World Wrestling Entertainment Group OurMine hacks multiple Twitter accounts associated with the World Wrestling Entertainment group, including that of WWE Universe, WWE NXT, WWE Network, Summer Slam as well as wrestlers John Cena and Triple H. WWE Tumblr page is also compromised. Account Hijacking Industry: Entertainment CC US
45 28/01/2017 ? Dr.Web Emsisoft In the past week, two security firms, Dr.Web and Emsisoft, suffered DDoS attacks at the hands of cyber-criminals who attempted to bring down their websites as payback for meddling with their illegal activities. DDoS Industry: Software CC RU AT
46 30/01/2017 APT28 AKA Fancy Bear Polish Foreign Ministry The Polish daily newspaper Rzeczpospolita reveals that the hack against the Polish Foreign Ministry occurred in December was probably orchestrated by APT28. Targeted Attack Government CE PL
47 31/01/2017 ? Czech Foreign Ministry Czech Foreign Minister Lubomir Zaoralek says that hackers breached dozens of email accounts at the Czech Foreign Ministry in an attack resembling one against the U.S. Democratic Party. Targeted Attack Government CE CZ
48 31/01/2017 Gaza Cybergang Several Governments in the Middle East Area Researchers at Palo Alto Networks reveal the details of a new cyber espionage campaign carried on by the Gaza Cybergang. Targeted Attack Government CE >1
49 31/01/2017 ? CD Projekt Red CD Projekt Red, the Poland-based developer behind the popular 'Witcher' game and comic series, is hit with a forum hack that compromised over 1.8 million user credentials. The hack allegedly took place in March last year. Unknown Industry: Video Games CC PL
50 31/01/2017 ? Linking County Licking County servers are targeted by a ransomware infection. Malware Government CC US
51 31/01/2017 ? Xbox 360 and Playstation Portable ISO Forums An unidentified hacker reportedly breaches the XBOX 360 and PlayStation Portable ISO forums compromising 2.5 million gamer accounts. The breach is unconfirmed. Unknown Industry: Video Games CC US JP
52 31/01/2017 ? Sunny 107.9 WFBS-LPFM Another station is hijacked to play the "F*** Donald Trump" song. Barix box hijacking Radio Station CC US
Like this: Like Loading...
