16-30 November 2017 Cyber Attacks Timeline

Last Updated on December 19, 2017

Of course we cannot introduce the second timeline of November (first timeline here) without mentioning the cyber attack that hit Uber Technologies in 2016, leading to the compromising of 57 million records. This is without any doubt the main event of this fortnight, and the scar left by the consequences (of both the attack and the way the company tried to handle it) will be remembered for long.

Unfortunately Uber is in good company since the list of the primary victims in November also includes Imgur, even if in this case the number of accounts possibly compromised is “only” 1.7 million.

Another interesting trend, quite common lately, is the spree of attacks targeting virtual currencies, and the second half of November made no exception. The list of this fortnight includes: Tether ($30 million worth of tokens gone), Bitcoin Gold ($3.3 million), CoinPouch ($655,000) and also an Austrian individual who saw his wallet depleted of the equivalent of $117,000). And why do not taking into consideration the massive cryptojacking campaign carried on injecting Coinhive into one of the JavaScript files used by LiveHelpNow, a live chat and support widget.

As usual, there are many more remarkable events (like the campaign carried on by the Lazarus Group using a malicious app in disguise of a Bible reader), so feel free to scroll down the whole list for all the events happened in this fortnight. And if you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014, 2015 and 2016 (regularly updated). You may also want to have a look at the Cyber Attack Statistics that are regularly published, and follow @paulsparrows on Twitter for the latest updates.

Additionally, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts). If useful, you can access the timeline in Google Sheet format.

ID	Date	Author	Target	Description	Attack	Target Class	Attack Class	Country
1	13/11/2017	?	Vulnerable Wordpress websites	Researchers from Sucuri observe a new wave of wp-vcd malware attacks targeting WordPress sites leveraging flaws in outdated plugins and themes.	Malicious code Injection	Single Individuals	CC	>1
2	15/11/2017	?	UPMC Susquehanna	UPMC Susquehanna notifies 1,200 patients treated at various locations that their personal information, including names, dates of birth, contact information and Social Security numbers, may have been inappropriately accessed.	Account Hijacking	Healthcare	CC	US
3	16/11/2017	?	Cash Converters	Cash Converters warns customers about a data breach on its website. The company says customer usernames, passwords and addresses have potentially been accessed by a third party. The breach happened on the company's old UK website, which was replaced in September 2017.	Unknown	Industry: Retail Pawnbroker	CC	UK
4	16/11/2017	?	Bank Customers	Researchers from Bitdefender unveil the details of Terdot, a Banker Trojan that derives inspiration from the 2011 Zeus source code leak.	Malware	Finance	CC	>1
5	17/11/2017	?	Algérie Telecom	The Algerian state telecom operator Algérie Telecom is hit by a prolonged DDoS attack.	DDoS	Industry: Telco	CC	DZ
6	17/11/2017	?	Medical College of Wisconsin	The Medical College of Wisconsin reveals that the confidential medical information or other personal data of 9,500 patients was compromised by a targeted attack on the school’s email system in July.	Targeted Attack	Education	CC	US
7	17/11/2017	?	Montgomery County	The Montgomery County Emergency Management Agency reported that much of the county's computer system went down last week due to what it is calling a malware incident.	Malware	Government	CC	US
8	18/11/2017	?	Melbourne International Shooting Club	Police investigate the hacking of Melbourne International Shooting Club, a gun club database that may have exposed where more than 1500 semi-automatic handguns are stored. The breach happened in September.	Unknown	Industry: Entertainment	CC	AU
9	18/11/2017	?	Xinmin Secondary School	Xinmin Secondary School discovers to have been breached when names and identity card numbers of its students have been leaked on pastebin.	Unknown	Education	CC	SG
10	18/11/2017	Daeshgram	ISIS	A group of Iraqi hackers called Daeshgram places pornographic images into the terror group's communication networks in order to mine ISIS credibility.	Unknown	Org: Terrorism	H	N/A
11	19/11/2017	?	Sacramento Regional Transit system	The Sacramento Regional Transit system is hit by destructive ransomware, and the attackers threaten to do more damages if the SacRT doesn’t pay them the equivalent of $8,000 in bitcoins.	Malware	Transportation	CC	US
12	19/11/2017	?	Single Individuals	Crooks finds an ingenious way to spread a new variant of the OSX.Proton malware via a fake Symantec blog.	Malware	Single Individuals	CC	N/A
13	20/11/2017	MuddyWater	Saudi Arabian Government	Saudi Arabian security officials confirm that the country has been targeted by the MuddyWater campaign uncovered by Palo Alto Networks few days before.	Targeted Attack	Government	CE	SA
14	20/11/2017	The Lazarus Group	South Korea	Researchers from McAfee discover a new campaign by the infamous Lazarus Group, carried on via a malicious Android App in disguise of a Bible reader in Korean.	Targeted Attack	Government	CE	KR
15	20/11/2017	?	Tether	Tether, a start-up known for offering dollar-backed cryptocurrency, announces that hackers have breached their security and stole a whopping $30 million worth of tokens. The breach took place on 19th November 2017.	Unknown	Cryptocurrency Exchange	CC	HK
16	21/11/2017	?	Uber Technologies	Bloomberg reveals that hackers stole the personal data of 57 million customers and drivers from Uber, a massive breach that the company concealed for more than a year, after paying $100,000 to the attackers. Compromised data from the October 2016 attack includes names, email addresses and phone numbers of 50 million Uber riders around the world. The personal information of about 7 million drivers was accessed as well, including some 600,000 U.S. driver’s license numbers.	Account Hijacking	Industry: Transportation	CC	US
17	21/11/2017	Russian Criminals	UK Citizens	The Times reveals the details of ongoing campaign carried on by Russian cybercriminals. The criminals steal reward points from UK Citizens and enjoy five-star holidays at knockdown prices	Account Hijacking	Single Individuals	CC	UK
18	22/11/2017	?	Bitcoin Gold	More than $3.3 million worth of Cryptocurrency is stolen as part of an elaborate scam that took advantage of bitcoin users seeking to claim their share of the newly created cryptocurrency Bitcoin Gold.	Account Hijacking	Cryptocurrency Exchange	CC	PA
19	22/11/2017	?	Loake Shoes	Loake Shoes warns its customers to have been the victim of a cyber attack. Apparently the email server has been compromised even if no other details are disclosed.	Unknown	Industry: Retail	CC	UK
20	22/11/2017	?	CoinPouch	Hackers allegedly steal over $655,000 worth of Verge cryptocurrency from the CoinPouch wallet.	Unknown	Cryptocurrency Exchange	CC	US
21	22/11/2017	?	SIngle Individual's Bitcoin wallet	Austrian police say cyber-thieves transferred bitcoin worth more than €100,000 ($117,000) from a man's account while he was logged in on a restaurant's public WiFi network.	Fake Wi-Fi Network	Single Individuals	CC	AT
22	22/11/2017	?	YMCA of Central Florida	The YMCA of Central Florida (YMCA) announces it is notifying individuals related to an isolated security incident involving certain personal information.	Account Hijacking	Org: Religion	CC	US
23	23/11/2017	?	Imgur	Imgur is notified of a potential security breach that occurred in 2014 and affected the email addresses and passwords of 1.7 million user accounts.	Unknown	Industry: Internet Services	CC	US
24	23/11/2017	?	Single Individuals	The Necurs botnet starts a massive spam campaign sending 12.5 million emails in 6 hours distributing the Scarab ransomware.	Malware	Single Individuals	CC	>1
25	23/11/2017	?	Single Individuals	Security researcher Troy Mursch discovers a massive cryptojacking campaign carried on injecting Coinhive into one of the JavaScript files used by LiveHelpNow, a live chat and support widget.	Malicious JS injection	Single Individuals	CC	US
26	27/11/2017	?	Android users	Researchers from Google unveil the detail of Tizi, and Android spyware with extensive data-stealing capabilities. Although immediately removed from Play Store, the malware is believed to have infected 1,300 devices.	Malware	Single Individuals	CC	>1
27	27/11/2017	?	Russian speakers	Researchers from Fortinet reveal the details of a campaign against Russian speakers, exploiting CVE-2017-11882, a 17-year old vulnerability in Microsoft Office recently patched.	Malware	Single Individuals	CC	RU
28	27/11/2017	?	Bulletproof Coffee	Bulletproof Coffee, the company behind the trendy energy-boosting, butter-infused java, says it has suffered a data breach, compromising the personal and financial details of its customers. The company discovered "unauthorised computer code" added to the software that operates the checkout page on its website.	Malware	Industry: Dietary Supplements	CC	US
29	28/11/2017	?	Australian Bank customers	Researchers from IBM X-Force reveal the details of a new version of the Ursnif banking Trojan with code modifications and new attack techniques that attempt to make it even more effective.	Malware	Finance	CC	AU
30	28/11/2017	?	FTSE 100 Companies	Anomali finds thousands logins belonging to FTSE 100 companies in the dark web.	Unknown	>1	CC	>1
31	28/11/2017	?	Individuals or organizations linked to South Korea or the video game industry.	Researchers from Palo Alto Networks Unit 42 reveal the details of a new remote access Trojan dubbed UBoatRAT, distributed via Google Drive, and targeting individuals or organizations linked to South Korea or the video game industry.	Targeted Attack	Industry: Video Games	CE	KR
32	29/11/2917	?	Clarkson Plc	British shipping services provider Clarkson Plc reveals to have been the victim of a cyber security hack and warns that the person or persons behind the attack may release some data shortly.	Account Hijacking	Industry: Shipping	CC	UK
33	30/11/2917	?	Several East Texas school districts	Several East Texas school districts are affected by Ransomware, according to a notice from the Texas Department of Agriculture. Affected school districts include New Diana, Ore City, Gilmer, Gladewater, Harleton, Harrison County Juvenile Services, Karnack, Union Grove and Union Hill.	Malware	Education	CC	US

Related Posts

Like this:

Leave a Reply Cancel reply