I am back from my Summer holiday and finally I can publish the second timeline of July covering the main cyber attacks occurred between July 16 and July 31. Well, I believe I do not remember so many events since a while, as I have collected 81 events in this fortnight.
I really don’t know where to start from since the amount of events is really noticeable, similarly to their impact that in most cases is quite important
So this fortnight has seen some mega breaches: the most important affected Singapore’s largest health care group, SingHealth, which had the records of 1.5 million patients compromised, but also UnityPoint Health was severely hit with 1.4 million patients who had their information breached after a phishing attacks.
Millions are also the dollars that were stolen in this fortnight. From traditional banks like the National Bank of Blacksburg ($2.4 million in two separate cyber attacks) and the PIR Bank of Russia ($1 million thanks to an unpatched router), or even from Crypto startups like KICKICO (the equivalent of $7.7 million in crypto tokens gone).
Another interesting event is a massive SIM hijacking operation, with the alleged authors (arrested by the California Authorities) able to steal a staggering $5 million in cryptocurrencies from around 40 victims).
Don’t make the mistake to believe that the massive breaches end here! This timeline is really to long to summarize, so my advice is to read it all and realize the fragility of our identity inside the cyber space? You may also want to have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014, 2015, 2016, 2017 and now 2018 (regularly updated… Hopefully!). And do not forget the Cyber Attack Statistics that are regularly published, and follow @paulsparrows on Twitter for the latest updates.
Last but not least, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts). If useful, you can access the timeline in Google Sheet format.
wdt_ID
ID
Date
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
1
1
12/07/2018
Joel Ortiz
Around 40 victims
California authorities arrest Joel Ortiz, a 20-year-old college student, who hijacked more than 40 phone numbers and stole $5 million in bitcoins and other crypto currencies.
SIM Hijacking
X Individual
CC
US
2
2
15/07/2018
?
Mahatma Gandhi Mission Hospital
The Mahatma Gandhi Mission Hospital in Mumbai is hit by a ransomware attack.
Malware
Q Human health and social work activities
CC
IN
3
3
16/07/2018
?
Mega
Thousands of credentials for accounts associated with New Zealand-based file storage service Mega are published online. The text file contains over 15,500 usernames, passwords, and files names.
Credential Stuffing
J Information and communication
CC
NZ
4
4
16/07/2018
?
LabCorp
LabCorp, the US' biggest blood testing laboratories network, announces that hackers breached its IT network over the weekend.
Unknown
Q Human health and social work activities
CC
US
5
5
16/07/2018
Andariel Group
South Korean targets
Researchers from Trend Micro discover a new campaign from the Andariel Group carried out via the injection of a malicious script into four compromised South Korean websites for reconnaissance purposes.
Targeted Attack
O Public administration and defence, compulsory social security
CE
KR
6
6
16/07/2018
?
Sunspire Health
Sunspire Health notifies an undisclosed number of individuals after several employee email accounts were accessed in a phishing attack between March 1, 2018 and May 4, 2018.
Account Hijacking
Q Human health and social work activities
CC
US
7
7
16/07/2018
?
University of Pittsburgh Medical Center - Cole
UPMC Cole has notified 790 patients treated at UPMC Cole that their personal information may have been inappropriately accessed after two phishing attacks on June 7 and June 14.
Account Hijacking
Q Human health and social work activities
CC
US
8
8
16/07/2018
?
City of Bozeman
The city of Bozeman says some customers that used its Click2Gov utility payment system in 2017 may have had their credit information stolen.
Vulnerability
O Public administration and defence, compulsory social security
CC
US
9
9
16/07/2018
?
Single Individuals
Researchers from Kromtech discover an automated operation aimed to launder money from stolen credit cards, buying and selling goods for three popular games: Clash of Clans, Clash Royale, Marvel Contest of Champions.
Account Hijacking
X Individual
CC
>1
10
10
16/07/2018
?
Southern College of Optometry
The Southern College of Optometry notifies an undisclosed number of students whose student loan information and Social Security numbers were in an employee email account that was hacked
