Last Updated on May 3, 2017
Here’s the second part of the March timeline (first part here), covering the main cyber attacks occurred between 16 and 31 March 2017.
Let’s start from the mega breaches: unfortunately, but we should be used to it, the damage report of this fortnight has confirmed the trend we have been experiencing in the last months. The list includes: some cryptocurrency forums (approximately 12 million accounts compromised), the Illinois Department of Employment Security (1.4 million records compromised), and online forum called Dueling Network (6.5 million email addresses and hashed passwords).
Despite the impact is considerably smaller, the list of the victims also includes McDonald’s Canada, whose career website has been hacked, compromising the personal data of around 95,000 restaurant job applicants.
The list of Cyber Espionage includes: El Machete, a massive cyber espionage campaign targeting high-profile international government organizations across the globe, a campaign targeting GitHub users, and a new attack against the German Parliament.
If you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014, 2015 and 2016 (regularly updated). You may also want to have a look at the Cyber Attack Statistics that are regularly published, and follow @paulsparrows on Twitter for the latest updates.
Additionally, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts), and if useful, you can access the timeline in Google Sheet format.
|1||16/03/2017||?||Defense Point Security, LLC||The CEO of Defense Point Security, LLC tells all employees that their W-2 tax data was handed directly to fraudsters after someone inside the company got caught in a phisher’s net.||Account Hijacking||Industry: Security Services||CC||US|
|2||16/03/2017||?||Datapoint POS||Datapoint POS appears to have been hacked.||PoS Malware||Industry: Financial Services||CC||US|
|3||16/03/2017||?||The Independent Electoral and Boundaries Commission (IEBC)||The Independent Electoral and Boundaries Commission (IEBC) admits hackers attempted to breach its systems to steal crucial information ahead of the 2017 election.||Unknown||Government||CC||KE|
|4||17/03/2017||?||Lane Community College||A virus-infected computer at the Lane Community College health clinic may have relayed patient information such as names, addresses, Social Security numbers and more, to an unknown third party for more than a year||Malware||Education||CC||US|
|5||17/03/2017||?||Arkansas Department Workforce||Investigators try to determine whether personal information -- including Social Security numbers -- for an estimated 19,000 Arkansas job seekers was stolen after a virus was detected in a statewide database, a government spokesman said.||Malware||Government||CC||US|
|6||19/03/2017||?||Several Celebrities including Emma Watson, Rose McGowan, Amanda Seyfried and Jillian Murray||Fappening 2.0 is here: nude pictures of several celebrities are leaked online, including Emma Watson, Rose McGowan, Amanda Seyfried and Jillian Murray.||Unknown||Single Individuals||CC||>1|
|7||20/03/2017||?||Alfa Bank||Alfa Bank announces to have been targeted by a large-scale DNS Botnet attack.||DDoS||Finance||CC||RU|
|8||21/03/2017||?||Multipe targets||A study by security firm Dragos reveals that malware posing as legitimate software for Siemens ICS devices has apparently infected 10 industrial equipment worldwide over the past four years.||Malware||>1||CE||>1|
|9||21/03/2017||?||Chinese Mobile Users||Researchers from Check Point reveal a new mechanism to spread the "Swearing Trojan", using fake base transceiver stations (BTSs) that send phishing SMS messages masquerading as ones coming from Chinese telecom service providers China Mobile and China Unicom.||Malware||Single Individuals||CC||CN|
|10||21/03/2017||?||Joblink Alliance||Joblink Alliance, a provider of the nationwide web-based database Joblink, which is used by the State of Vermont, notifies the State that the job seeker functionality of its website has been compromised by a malicious software.||Malware||Industry: Job Seeking||CC||US|
|11||22/03/2017||El Machete||Multiple International Government Organizations||Researchers from Cylance reveal the details of "El Machete" a massive cyber espionage campaign targeting high-profile international government organisations across the globe. Primary targets are in Latin America, but the campaign has also targeted organisations in Canada, England, Germany, Korea, Russia, the Ukraine and the United States.||Targeted Attack||Government||CE||>1|
|12||22/03/2017||?||UK viewers or popular porn sites||Malwarebytes warns about an increase in malware attacks currently targeting UK viewers of popular pornography websites. The campaign abuses a legitimate ad network called ExoClick distributing the Ramnit malware.||Malvertising||Single Individuals||CC||UK|
|13||23/03/2017||@The6Clerk and @PlzNoHack||Official Twitter Accounts of ABC News (@ABC) and Good Morning America (@GMA)||The official Twitter accounts of mainstream US news outlet ABC News and its daily show Good Morning America, are taken over by hackers. The profiles, each with millions of followers, displayed a series of explicit messages left by the culprits.||Account Hijacking||News||CC||US|
|14||23/03/2017||?||Saudi Arabia Governmental Organizations||Malwarebytes reveal the details of a new spear phishing campaign targeting Saudi Arabia governmental organizations.||Targeted Attack||Government||CE||SA|
|15||23/03/2017||?||Payment Processors on websites||A new bot targeting card payment processes on websites is spotted in the wild. Called GiftGhostBot, the bot tries to defraud consumers of the money loaded on gift cards from a wide range of retailers around the globe, with attacks being noticed on almost 1,000 customer websites.||Malware||Single Individuals||CC||>1|
|16||23/03/2017||?||Idaho Department of Labor||A hacking incident that occurred on March 12 and March 13 compromised more than 170,000 job-seeker accounts of the Idaho Department of Labor.||Unknown||Government||CC||US|
|17||23/03/2017||?||FIRST Forum (forums.usfirst.org) and FIRST Tech Challenge Forum (ftcforum.usfirst.org)||FIRST Forum (forums.usfirst.org) and FIRST Tech Challenge Forum (ftcforum.usfirst.org) notify a data breach.||Unknown||Online Forum||CC||US|
|18||24/03/2017||?||Illinois Department of Employment Security (Ides)||The Illinois Department of Employment Security (Ides) revealed on Friday (24 March) that one of its vendors was hacked, potentially compromising personal information of approximately 1.4 million job seekers in the state.||Unknown||Government||CC||US|
|19||24/03/2017||?||Android Forums||Android Forums announces that its servers were accessed by a third-party resulting in a data breach affecting the 2.5% of the active users.||Unknown||Online Forum||CC||US|
|20||24/03/2017||?||Washington University School of Medicine||Washington University School of Medicine notifies to have been targeted by a Phishing Attack.||Account Hijacking||Education||CC||US|
|21||25/03/2017||Cfnt||25 Vulnerable Forums||A hacker going by the handle of “Cfnt” compromises 25 web forums using an outdated version of vBulletin and put the data on sell on a popular Dark Web marketplace.||Unknown||Online Forum||CC||>1|
|22||26/03/2017||?||12 million accounts from at least 11 separate cryptocurrency forum||Roughly 12 million accounts pilfered from at least 11 separate cryptocurrency forums over the past six years are being sold on the Dark Web, with a vendor under the pseudonym 'doubleflag' marketing the trove of stolen credentials as a "package" deal.||Unknown||Online Forum||CC||>1|
|23||27/03/2017||?||World of Warcraft users||Malwarebytes reveals the details of a phishing campaign attempting to bait World of Warcraft users with the promise of free in-game pets||Account Hijacking||Single Individuals||CC||>1|
|24||28/03/2017||?||GitHub Users||Researchers from Palo Alto Networks reveal the details of a new campaign targeting developers sharing code on GitHub with a malicious with a stealth malware called Dimnie.||Targeted Attack||Single Individuals||CE||>1|
|25||28/03/2017||?||Tweede Kamer (Lower House of Dutch Parliament)||Ransomware is found on the computer systems of the Tweede Kamer, the lower house of Dutch parliament,||Malware||Government||CC||NL|
|26||28/03/2017||?||Forsyth Public Schools||Forsyth Public Schools are hit with computer malware causing problems for teachers, students, parents and district administrators.||Malware||Education||CC||US|
|27||29/03/2017||?||German Parliament||Berlin's cyber security watchdog reveals that the German parliament was the target of fresh cyber attacks in January that attempted to piggy-back on an Israeli newspaper site to target politicians in Germany.||Targeted Attack||Government||CE||DE|
|28||29/03/2017||?||Dueling Network||A hacker makes off with at least 6.5 million email addresses and poorly hashed passwords from a Yu-Gi-Oh fan project called “Dueling Network.”||SQLi||Online Forum||CC||US|
|29||29/03/2017||?||Undisclosed US College||Research from Incapsula discover a new Mirai variant used to launch a 54-hour DDoS attack against a US college.||DDoS||Education||CC||US|
|30||30/03/2017||?||Skype users||Several users complain that ads served through Microsoft's Skype app are serving malicious downloads, which if opened, can trigger ransomware.||Malvertising||Single Individuals||CC||>1|
|31||30/03/2017||?||Amaq Media||Amaq media, the news outlet associated with ISIS, claims its website was hacked by perpetrators who were spreading malware on the site.||Malware||News||CE||N/A|
|32||30/03/2017||?||ShowTix4U||ShowTix4U notifies that an unauthorized actor was able to gain access to a third-party vendor’s server and install malicious software on their website.||Malware||Industry: Online Ticket Sales||CC||US|
|33||31/03/2017||?||McDonald's Canada||McDonald's Canada says that its career website has been hacked, compromising the personal data of around 95,000 restaurant job applicants. The accessed information includes names, addresses, email addresses, phone numbers, employment background and other standard job application information of people who applied online for a job at McDonald's Canada restaurants between March 2014 and March 2017.||Unknown||Industry: Restaurant||CC||CA|
|34||31/03/2017||?||Major US Universities||Researchers find nearly 14M email addresses and passwords belonging to faculty, staff, students and alumni of major universities across the country on the dark web.||Unknown||Education||CC||US|