Last Updated on December 30, 2018

I am back from my Summer holiday and finally I can publish the second timeline of July covering the main cyber attacks occurred between July 16 and July 31. Well, I believe I do not remember so many events since a while, as I have collected 81 events in this fortnight.

I really don’t know where to start from since the amount of events is really noticeable, similarly to their impact that in most cases is quite important

So this fortnight has seen some mega breaches: the most important affected Singapore’s largest health care group, SingHealth, which had the records of 1.5 million patients compromised, but also UnityPoint Health was severely hit with 1.4 million patients who had their information breached after a phishing attacks.

Millions are also the dollars that were stolen in this fortnight. From traditional banks like the National Bank of Blacksburg ($2.4 million in two separate cyber attacks) and the PIR Bank of Russia ($1 million thanks to an unpatched router), or even from Crypto startups like KICKICO (the equivalent of $7.7 million in crypto tokens gone).

Another interesting event is a massive SIM hijacking operation, with the alleged authors (arrested by the California Authorities) able to steal a staggering $5 million in cryptocurrencies from around 40 victims).

Don’t make the mistake to believe that the massive breaches end here! This timeline is really to long to summarize, so my advice is to read it all and realize the fragility of our identity inside the cyber space? You may also want to have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014, 2015, 2016, 2017 and now 2018 (regularly updated… Hopefully!). And do not forget the Cyber Attack Statistics that are regularly published, and follow @paulsparrows on Twitter for the latest updates.

Last but not least, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts). If useful, you can access the timeline in Google Sheet format.

wdt_IDIDDateAuthorTargetDescriptionAttackTarget ClassAttack ClassCountryLink
1112/07/2018Joel OrtizAround 40 victimsCalifornia authorities arrest Joel Ortiz, a 20-year-old college student, who hijacked more than 40 phone numbers and stole $5 million in bitcoins and other crypto currencies.SIM HijackingX IndividualCCUS
2215/07/2018?Mahatma Gandhi Mission HospitalThe Mahatma Gandhi Mission Hospital in Mumbai is hit by a ransomware attack.MalwareQ Human health and social work activitiesCCIN
3316/07/2018?MegaThousands of credentials for accounts associated with New Zealand-based file storage service Mega are published online. The text file contains over 15,500 usernames, passwords, and files names.Credential StuffingJ Information and communicationCCNZ
4416/07/2018?LabCorpLabCorp, the US' biggest blood testing laboratories network, announces that hackers breached its IT network over the weekend.UnknownQ Human health and social work activitiesCCUS
5516/07/2018Andariel GroupSouth Korean targetsResearchers from Trend Micro discover a new campaign from the Andariel Group carried out via the injection of a malicious script into four compromised South Korean websites for reconnaissance purposes.Targeted AttackO Public administration and defence, compulsory social securityCEKR
6616/07/2018?Sunspire HealthSunspire Health notifies an undisclosed number of individuals after several employee email accounts were accessed in a phishing attack between March 1, 2018 and May 4, 2018.Account HijackingQ Human health and social work activitiesCCUS
7716/07/2018?University of Pittsburgh Medical Center - ColeUPMC Cole has notified 790 patients treated at UPMC Cole that their personal information may have been inappropriately accessed after two phishing attacks on June 7 and June 14.Account HijackingQ Human health and social work activitiesCCUS
8816/07/2018?City of BozemanThe city of Bozeman says some customers that used its Click2Gov utility payment system in 2017 may have had their credit information stolen.VulnerabilityO Public administration and defence, compulsory social securityCCUS
9916/07/2018?Single IndividualsResearchers from Kromtech discover an automated operation aimed to launder money from stolen credit cards, buying and selling goods for three popular games: Clash of Clans, Clash Royale, Marvel Contest of Champions.Account HijackingX IndividualCC>1
101016/07/2018?Southern College of OptometryThe Southern College of Optometry notifies an undisclosed number of students whose student loan information and Social Security numbers were in an employee email account that was hackedAccount HijackingQ Human health and social work activitiesCCUS

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.