16-31 December 2017 Cyber Attacks Timeline

It’s time for the last timeline of 2017 covering the main events occurred between December 16 and 31 (as usual you can find the first one here). After this one my plan is to publish the statistics of December, and then a summary of what happened in 2017 from a statistical standpoint, so stay definitely tuned!

One thing is certain: the cryptocurrency madness continues to have consequences also in the cyberspace. This fortnight has seen a Bitcoin exchange closing down after suffering the second (deadly) cyber attack in few months (Youbit), another one having its DNS hijacked (EtherDelta), two other services crippled by DDoS attacks (Bitfinex and Exmo, this second one also had one of his lead analysts kidnapped and… Guess what, released after the payment of a $1M ransom in Bitcoins). Without considering the multiple campaigns aimed to infect users with miners and also the official Twitter account of John McAfee compromised to promote alternative cryptocurrencies.

So all these events ended up overshadowing the massive breach suffered by Nissan Canada Finance that had 1.13 million customer records compromised.

As usual, feel free to scroll down the whole list for all the events happened in this fortnight. And if you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014, 2015 and 2016 (regularly updated). You may also want to have a look at the Cyber Attack Statistics that are regularly published, and follow @paulsparrows on Twitter for the latest updates.

Additionally, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts). If useful, you can access the timeline in Google Sheet format.

Additionally, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts). If useful, you can access the timeline in Google Sheet format.

111/12/2017?PinterestPinterest notifies users of suspicious activity due to attackers trying to compromise account using 'credential stuffing' (credentials obtained from other breaches).Credential StuffingIndustry: Online ServicesCCUS
215/12/2017?Linux and Windows ServersResearchers from F5 Networks discover an aggressive and sophisticated malware campaign, targeting Linux and Windows servers with an assortment of exploits with the goal of installing malware that mines the Monero cryptocurrency. The campaign is dubbed Zealot.Malware>1CC>1
317/12/2017?BitfinexBitfinex is, once again hit by a massive DDoS attack.DDoSCryptocurrency ExchangeCCUS
418/12/2017?Android UsersKaspersky Lab reveals the details of a new Android malware called Trojan.AndroidOS.Loapi. the malware features a complicated modular architecture that means it can conduct a variety of malicious activities: mine cryptocurrencies, annoy users with constant ads, launch DDoS attacks and much more.MalwareSingle IndividualsCC>1
518/12/2017?Wordpress SitesWordPress sites around the globe are the targets of a massive brute-force campaign where hackers attempt to guess admin account logins in order to install a Monero miner on compromised sites.Brute ForceSingle IndividualsCC>1
618/12/2017?iOS UsersA phony iOS version of Cuphead, a very popular retro game, finds its way into Apple's notoriously restrictive iTunes App store.MalwareSingle IndividualsCCUS
719/12/2017?YoubitThe South Korean Bitcoin exchange Youbit, previously known as Yapizon quits its operation and files for bankruptcy due to two cyber attacks in last eight months. The company suffers another data breach in which 17% of total assets have been stolen. However, the total value of stolen assets is not mentioned.UnknownCryptocurrency ExchangeCCKR
819/12/2017APT-C-15?Arabic Speaking Android UsersResearchers at Trend Micro discover a new Android malware, dubbed AnubisSpy, linked with the Sphinx cyberespionage campaign, which was discovered in 2014-15 and launched by the APT-C-15.MalwareSingle IndividualsCE>1
919/12/2017?Wordpress SitesCaptcha, a WordPress plugin installed on over 300,000 sites is recently modified to download and install a hidden backdoor.Compromised Wordpress PluginsSingle IndividualsCC>1
1019/12/2017?Multiple Systems WorldwideResearchers from security firm GuardiCore discover multiple hacking campaigns conducted by a Chinese criminal gang targeting database servers. The attackers target systems worldwide for mining cryptocurrencies, exfiltrating sensitive data and building a DDoS botnet.Malware>1CC>1
1119/12/2017?MedhostThe website of medhost.com is redirected to a page where the attackers post a message claiming to have stolen personal information from the servers. However they do not provide any evidence of the data.DNS HijackingHealthcareCCUS
1220/12/2017People’s Republic of China (PRC)-based actorsFour Western think tanks and an additional two non-governmental organizations (NGOs).Crowdstrike reveals the details of espionage-driven targeted attacks carried on by Chinese actors against four Western think tanks and an additional two non-governmental organizations (NGOs).Targeted AttackOrg: Think Tank Org: Non-ProfitCE>1
1320/12/2017?EtherDeltaPopular cryptocurrency exchange EtherDelta is hacked, with many users unknowingly sending their tokens to the hacker instead of the exchange. At least 308 ETH ($266,789) were stolen, as well as a large number of tokens potentially worth hundreds of thousands of dollars.DNS HijackingCryptocurrency ExchangeCCUS
1420/12/2017?Single IndividualsResearchers from Trend Micro spot a new campaign exploiting CVE-2017-11882 to distribute the Loki Infostealer.MalwareSingle IndividualsCC>1
1520/12/2017?Golden OptometricGoldon Optometric informs some patients whose information was affected by a CrySiS ransomware attack.MalwareHealthcareCCUS
1621/12/2017?Nissan Canada FinanceNissan Canada's vehicle-financing wing has been hacked, putting personal information on as many as 1.13 million customers at risk. The exposed data includes at least customer names, addresses, vehicle makes and models, vehicle identification numbers (VINs), credit scores, loan amounts and monthly payment figures.UnknownIndustry: AutomotiveCCCA
1721/12/2017The Lazarus GroupSingle IndividualsProofpoint researchers uncover what it’s calling the first publicly documented instance of a nation-state targeting a POS-related framework for the theft of credit-card data, carried out by the notorious Lazarus Group hacking arm of Pyongyang.PoS MalwareSingle IndividualsCC>1
1821/12/2017Cron Cybercrime GroupSingle IndividualsSecurity researchers from AVAST warn of new malware designed to harvest banking and card details, which could be linked to the infamous Cron cybercrime group. The malware is dubbed Catelites Bot.MalwareSingle IndividualsCC>1
1921/12/2017?Android UsersSecurity researchers at Lookout find three fake Bitcoin wallet apps on Play Store developed with the intention to steal Bitcoin-related data from users.MalwareSingle IndividualsCC>1
2021/12/2017?Facebook Messenger UsersResearchers at Trend Micro discover a malicious new cryptocurrency mining malware that specifically targets Facebook Messenger users . The malware has been dubbed as Digmine.MalwareSingle IndividualsCC>1
2121/12/2017?WWE Diva PaigeUnknown hackers leak new private photo of WWE Diva PaigeUnknownSingle IndividualCEUK
2221/12/2017Nexus ZetaHuawei home router HG532Researchers from Check Point discover a zero-day vulnerability in Huawei home router HG532 and a campaign aimed to exploit this vulnerability to inject the SATORI payload.0-Day VulnerabilitySingle IndividualsCC>1
2321/12/2017?GlobexHackers try to steal 55 million rubles ($940,000) from Russian state bank Globex using the SWIFT international payments messaging system. At the end the hackers only withdraw around $100,000.MalwareFinanceCCRU
2421/12/2017?Multiple OrganizationsResearchers from Barracuda spot a new campaign where cybercriminals are spoofing scanners to launch attacks containing malicious attachments that appear to be coming from the network printer.Malware>1CC>1
2522/12/2017?Single IndividualsA new variant of the GlobeImposter ransomware is distributed via a massive malspam campaign.MalwareSingle IndividualsCC>1
2622/12/2017?Jason's DeliJason's Deli notifies its customers that a large quantity of payment card information has appeared for sale on the “dark web,” and that an analysis of the data indicated that at least a portion of the data may have come from various Jason’s Deli locations.UnknownIndustry: RestaurantsCCUS
2722/12/2017?Colorado Mental Health InstituteColorado Mental Health Institute notifies 650 patients after phishing incident.Account HijackingHealthcareCCUS
2823/12/2017?Veyna & ForschinoVeyna & Forschino disclose a breach involving an unauthorized access to a company email. Compromised information includes individuals’ name, date of birth, telephone numbers, address, Social Security number, W-2 information, 1099 records including account and direct deposit bank account information.Account HijackingAccountingCCUS
2926/12/2017?Single IndividualsThe Necurs botnet continues its massive campaign aimed to distribute ransomware with as many as 47 million emails per day.MalwareSingle IndividualsCC>1
3026/12/2017?Offset iCloud accountMigos' Offset iCloud is hacked and nude images of fiancé Cardi B leaked.Account HijackingSingle IndividualsCCUS
3127/12/2017?Longs Peak Family PracticeLongs Peak Family Practice notifies patients following a ransomware and hacking incident that were first detected on November 5.MalwareHealthcareCCUS
3227/12/2017?hounddawg.orghounddawg.org, a popular torrent tracker is hacked. The attacker claims to have downloaded the entire database and the site source code.UnknownTorrent TrackerCCNL
3328/12/2017?ExmoA UK-based Bitcoin exchange called Exmo is hit by a targeted DDoS attack. The attack happens just days after one of Exmo's leading analysts, a blockchain expert named Pavel Lerner, is kidnapped in Kiev while leaving his office. A $1M bitcoin ransom is paid to release him.DDoSCryptocurrency ExchangeCCUK
3428/12/2017?John McAfee Twitter Account (@officialmcafee)John McAfee has his Twitter account hacked and used to promote lesser-known crypto-currencies.Account HijackingSingle IndividualCCUK
3528/12/2017?Magento SitesDutch security researcher Willem de Groot discovers that Hackers are actively targeting Magento sites running a popular helpdesk extension called Mirasvit Helpdesk.Vulnerable Magento extensionSingle IndividualsCC>1
3628/12/2017?Three PluginsThe Wordpress security team removes three plugins infected with backdoors tied to the same threat actor.Compromised Wordpress PluginsSingle IndividualsCC>1
3728/12/2017?Unnamed OrganizationsThe Italian researcher Marco Ramilli finds a new infostealer campaign in the wild.Malware>1CC>1
3828/12/2017?Jones Memorial HospitalA cyberattack disrupts computer systems at Jones Memorial Hospital.MalwareHealthcareCCUS
3929/12/2017?Chrome UsersArchive Poster, a popular Chrome extension with over 105,000 users has been deploying an in-browser cryptocurrency miner to unsuspecting users for the past few weeks.MalwareSingle IndividualsCC>1
4029/12/2017?Miracle-EarMiracle-Ear Inc. says that 554 patient records have been compromised in a security breach to its e-mail system. The incident occurred Oct. 24, when “an unknown and unauthorized intruder” gained access to the e-mail account of an employee of Miracle-Ear’s parent company, Amplifon.Account HijackingIndustry: Hearing AidsCCUS
4131/12/2017AnonymousCorreggio Speed Cameras databaseThe Anonymous hack the speed cameras database of an Italian city (Correggio) and dump the content.UnknownLaw EnforcementHIT

Leave a Reply

%d bloggers like this: