16-31 March 2018 Cyber Attacks Timeline

So it’s time to publish the second timeline of March, covering the main cyber attacks occurred between the 16th and the 31st of the same month (the first part is available here).




The good news is that the increasing trend seems to have hit a break, as this fortnight the number of events is the lower recorded so far in 2018. The bad news is that there has been yet another massive breach, I am obviously referring to Under Armour, which had the data of 150 million users of the food and nutrition app and website, MyFitnessPal, compromised.

Unfortunately this wasn’t the only massive event of this fortnight: also the UK National Lottery was under attack, with the consequence that 15 million users were warned to change their passwords, similarly to Orbitz, a subsidiary of the online travel agency Expedia, which revealed that hackers might have accessed personal information from about 880,000 payment cards.

APT28 (AKA Fancy Bear) continues its momentum even if apparently their attack against the UK Anti-Doping Agency has been foiled. Another actor than pops up now and then is the alleged Iranian-linked OilRig APT: as a matter of fact a report has revealed a new wave of attacks against a number of organizations across the Middle East. Last but not least, the Italian football team S.S. Lazio deserves a special mention, as the first football team to fall victim of an email scam, paying to fraudsters, €2m of the final instalment for a player.

As usual, if you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014, 2015, 2016, 2017 and now 2018 (regularly updated… Hopefully!). You may also want to have a look at the Cyber Attack Statistics that are regularly published, and follow @paulsparrows on Twitter for the latest updates.

Additionally, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts). If useful, you can access the timeline in Google Sheet format.

IDDateAuthorTargetDescriptionAttackTarget
Class
Attack
Class
Country
116/03/2018TEMP.Periscope AKA LeviathanU.S. Maritime EntitiesSecurity firm FireEye reveals the details of TEMP.Periscope, a Chinese group focused on U.S. maritime entities that were either linked to -- or have clients operating in -- the South China Sea.Targeted AttackH Transportation and storageCEUS
216/03/2018?UK National LotteryThe UK National Lottery advises all 10.5 million people with online accounts to change their passwords following an attempt by hackers to access accounts using credential stuffing.Brute Force (Credential Stuffing)R Arts entertainment and recreationCCUK
316/03/2018?Atrium HospitalityAtrium Hospitality notifies 376 hotel guests of a ransomware attack occurred on December 2017.MalwareI Accommodation and food service activitiesCCUS
416/03/2018?Frost BankFrost Bank investigates a breach after the company discovered unauthorized access to digital images stored in those customers’ commercial image archives.UnknownK Financial and insurance activitiesCCUS
516/03/2018?TheDarkOverlordTheDarkOverlord claims to have breached H-E Parts Morgan. The breach seems to have occurred in November.UnknownG Wholesale and retail tradeCCUS
618/03/2018?Russian Central Election CommissionThe Russian Central Election Commission is hit by a DDoS attack.DDoSO Public administration and defence, compulsory social securityCWRU
720/03/2018?OrbitzOrbitz, a subsidiary of online travel agency Expedia Inc reveals that hackers may have accessed personal information from about 880,000 payment cards. The breach may have occurred between Jan. 1, 2016 and Dec. 22, 2017 for its partner platform and between Jan. 1, 2016 and June 22, 2016 for its consumer platform.UnknownJ Information and communicationCCUS
820/03/2018?David NottDavid Nott, a British surgeon who helped carry out operations in Aleppo, reveals that the hacking of his computer could have led to a hospital being bombed by suspected Russian warplanes.Targeted AttackX IndividualCESY
920/03/2018?Puerto Rico’s Power Utility, PREPAPuerto Rico’s Power Utility, PREPA reveals to have been hacked over the weekend, but customer information was not compromised.UnknownD Electricity gas steam and air conditioning supplyCCPR
1020/03/2018?Trusted QuidTrusted Quid reports a theft of data from unauthorised access to its website. The incident relates to data directly entered by people applying for a loan only on the Trusted Quid website between 1 July 2016 and 17 February 2018. Up to 65,925 people may have been affected.UnknownK Financial and insurance activitiesCCUK
1120/03/2018?Finger Lakes HealthFinger Lakes Health is functioning the old-fashioned way while its computer system remains locked up by an unspecified type of ransomware.MalwareQ Human health and social work activitiesCCUS
1221/03/2018?Uttar Haryana Bijli Vitran Nigam Limited (UHBVNL)Uttar Haryana Bijli Vitran Nigam Limited (UHBVNL), a power distribution company suffers a cyber attack on its Automatic Meter Reading System (AMR) in which billing data of about 4,000 industrial consumers are encrypted. The attackers demand a ransomware equivalent to $150,000.MalwareD Electricity gas steam and air conditioning supplyCCIN
1321/03/2018?Vulnerable Cacti ServersResearchers from Trend Micro reveal that a hacker group has made nearly $75,000 by installing a Monero miner on Linux servers after exploiting a five-year-old vulnerability in the Cacti "Network Weathermap" plugin (CVE-2013-2618). The researchers believe this is the same group that recently exploited CVE-2017-1000353 to inject Monero miners into vulnerable Jenikins installations.MalwareY Multiple IndustriesCC>1
1421/03/2018?SIngle IndividualsResearchers from security firm Webroot reveal the details of a new variant of the well-known Trickbot financial trojan.MalwareK Financial and insurance activitiesCC>1
1521/03/2018OilRig APTA number of organizations across the Middle EastAccording to a new analysis by security firm Nyotron, the Iran-linked OilRig APT is back with a new more advanced malware toolkit.Targeted AttackY Multiple IndustriesCE>1
1622/03/2018?Russian Defense MinistryThe Russian Defense Ministry reveals that a total of 7 DDoS attacks are carried out against its website during the final vote of the general elections.DDoSO Public administration and defence, compulsory social securityCWRU
1722/03/2018?City of AtlantaIT systems used by the City of Atlanta, are hit by a SamSam ransomware attack, cutting off some online city services and potentially putting the personal information of employees and citizens at risk.MalwareO Public administration and defence, compulsory social securityCCUS
1822/03/2018?Android UsersResearchers from SophosLabs reveal the details of Andr/HiddnAd-AJ, a malicious app in disguise of an Ad blocker, downloaded more than 500,000 times before being pulled off the Google Play Store.MalwareX IndividualCC>1
1922/03/2018?Some Government AgenciesResearchers from FireEye discover a new spear phishing campaign targeting government agencies with an evolved version of Sanny malware, a five-year-old information-stealer that now features a multi-stage infection process, whereby each stage is downloaded from the attacker's server.Targeted AttackO Public administration and defence, compulsory social securityCE>1
2024/03/2018?Baltimore's Automated Dispatch System.Unknown actors temporarily cause a shutdown of Baltimore's automated dispatch system, impacting the messaging functions within the Computer Aided Dispatch (CAD) system used by both of the city's 911 and 311 services.UnknownQ Human health and social work activitiesCCUS
2126/03/2018APT28 AKA Fancy BearUK Anti-Doping AgencyThe UK Anti-Doping Agency revels to have foiled an attempted cyberattack during the weekend that tried to access confidential medical and drug‑testing data.Targeted AttackS Other service activitiesCEUK
2226/03/2018?Vulnerable Linux-based systemsResearchers from Cisco Talos reveal the details of GoScanSSH, a new strain of malware that targets vulnerable Linux-based systems, avoiding government and military networks.MalwareY Multiple IndustriesCC>1
2327/03/2018Alleged Nigerian HackersNaukri.comNigerian hackers hack into Naukri.com’s servers, stealing 100,000 resumes and contacting 10,000 job seekers for fake interviews.UnknownM Professional scientific and technical activitiesCCIN
2427/03/2018?Stormont (Northern Ireland Parliament)Stormont (the Northern Irish Parliament)issues a warning to all staff, including political parties, after discovering its email service was hit by a cyber attack.Targeted AttackO Public administration and defence, compulsory social securityCEIE
2527/03/2018?YouTube UsersResearchers at Russian anti-virus vendor Dr. Web discover a dangerous malware campaign spread by cybercriminals from comments posted on YouTube. The malware is dubbed Trojan.PWS.Stealer.23012.MalwareX IndividualCC>1
2628/03/2018?Android UsersResearchers from Trend Micro discover HiddenMiner, a new type of Android malware that infects devices and untetheredly mines Monero in the phone's background until the battery is exhausted or the device gives out.MalwareX IndividualCC>1
2728/03/2018?BoeingA Boeing facility in South Carolina is hit by the Wannacry ransomware.MalwareC ManufacturingCCUS
2828/03/2018?Vulnerable MicroTik devicesAnother IoT Botnet: a new Hajime variant infects MicroTik devices vulnerable to an exploit known as "Chimay Red".MalwareY Multiple IndustriesCC>1
2928/03/2018?Single IndividualsResearchers from security company Cybereason reveal the details of "Fauxpersky", a simple and efficient keylogger impersonating the Russian antivirus software Kaspersky.MalwareX IndividualCC>1
3028/03/2018?S.S. LazioItalian newspaper "Il Tempo" reports that Italian football team Lazio have fallen for an email scam and paid £1.75m (€2m) of the final instalment for defender Stefan de Vrij's transfer from Dutch club Feyenoord to fraudsters.Account HijackingR Arts entertainment and recreationCCIT
3128/03/2018?Indian Bank CustomersA complaint reveals that 1,020 bank accounts in different banks were used by fraudsters to receive money from victim's bank accounts through phishing.Account HijackingK Financial and insurance activitiesCCIN
3229/03/2018?Under ArmourUnder Armour, Inc. announces that it is notifying users of MyFitnessPal - the company's food and nutrition application and website, about a data security issue. On March 25, the MyFitnessPal team became aware that an unauthorized party acquired data associated with MyFitnessPal user accounts in late February 2018. The company investigation reveals that approximately 150 million user accounts were affected by this issue.UnknownC ManufacturingCCUS
3329/03/2018?Bank Negara MalaysiaBank Negara Malaysia reveals to have foiled cyberattack in which fraudulent messages to transfer funds were sent on the SWIFT transactions platform.UnknownK Financial and insurance activitiesCCMY
3429/03/2018?Unnamed Bestiality WebsiteThousands of user account details—many related to a bestiality website—are circulating on public image boards, according to data obtained by Motherboard.UnknownS Other service activitiesCCN/A
3530/03/2018?CareFirst BlueCross BlueShieldA phishing email attack on Baltimore-based CareFirst BlueCross BlueShield may have comprised nearly 6,800 members’ personal data. The insurer learned on March 12 that one of its employees fell victim to a phishing email that compromised his or her email account. The hacker used the email account to send spam messages to an email list of individuals not associated with CareFirst.Account HijackingQ Human health and social work activitiesCCUS

Leave a Reply

%d bloggers like this: