It’s time to publish the first timeline of September, covering the main cyber attacks occurred between September 1st and September 15th (plus some August events that were disclosed in September, so could not appear in the previous timeline).
I collected 51 entries for September alone. Easily predictable, the numbers are growing compared to August: crooks are back in business after the Summer break.
This fortnight has been characterized by the breach occurred to British Airways where 380,000 transactions were compromised Unfortunately the Magecart gang, the malicious actors behind this attack, were quite active in September: they also hit Feedify (and some more targets that will appear in the next timeline).
State-sponsored actors were also quite active in this period: Goblin Panda and APT10 (China), OilRig and Domestic Kitten (Iran), are only some of the malicious actors belonging to this category that appear in the timeline. But also organized crime kept the pace: FIN6 hit PoS Systems across the United States and Europe with malware, whereas the Cobalt gang was quite creative targeting bank customers in Russia and Romania, and unprotected MongoDB instances.
And, last but not least, Cryptovalues are always on the spot: attackers took advantage of two vulnerabilities in the EOS blockchain and made off with $24,000 from DEOSGames and $200,000 from EOSBet.
My advice is always the same: read the timeline from the top to the bottom (and share it!). And if you want, you may also have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014, 2015, 2016, 2017 and now 2018 (regularly updated… Hopefully!). And do not forget the Cyber Attack Statistics that are regularly published, and follow @paulsparrows on Twitter for the latest updates.
Last but not least, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts), and please notice that, starting from this month, it is possible to download the raw data directly from the tools above the table. You may always ask for the raw data, but please do not forget to include a short presentation and the purpose of the project. I am not supposed to accept requests without any details.
wdt_ID
ID
Date
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
1
1
17/08/2018
?
Dallas County Community College
Dallas County Community College discloses a breach after some employees' emails credentials are compromised by a phishing attack from September 14, 2017 to December 18, 2017.
Account Hijacking
P Education
CC
US
Dallas County Community College
2
2
24/08/2018
?
Schneider Electric
Schneider Electric finds a malicious code on the USB drives that have been shipped with Conext ComBox and Conext Battery Monitor products.
Malware
C Manufacturing
CC
FR
Schneider Electric
3
3
24/08/2018
?
Coweta County
Coweta County restores most of its computer servers, nearly two weeks after hackers demanded $341,000 in bitcoins.
Malware
O Public administration and defence, compulsory social security
CC
US
Coweta Country, Ransomware
4
4
29/08/2018
GOBLIN PANDA
Vietnam
Researchers from security firm CrowdStrike have observed a new campaign associated with the GOBLIN PANDA APT group, targeting Vietnam via a spear phishing campaign using weaponized documents.
Targeted Attack
O Public administration and defence, compulsory social security
CE
VN
GOBLIN PANDA, Vietnam, Crowdstrike
5
5
30/08/2018
"@joshua" from group Fatal Error Crew
C&A
The Brazilian operation of international fashion retail clothing chain C&A confirms a cyberattack to its gift card platform. Data from 36,000 customers who purchased gift cards is leaked on Pastebin.
Unknown
G Wholesale and retail trade
CC
BR
C&A, @joshua, Fatal Error Crew, Pastebin
6
6
01/09/2018
?
Town of Midland
The small Canadian town of Midland, Ontario plans to pay off a $35,000 ransom to the malicious actors who shut down the municipalities compute system with a ransomware attack.
Malware
O Public administration and defence, compulsory social security
CC
CA
Midland, ransomware
7
7
02/09/2018
?
Single Individuals
Researchers discover a new ransomware that only encrypts .EXE files on a computer. It then displays a screen with a picture of President Obama that asks for a "tip" to decrypt the files.
Malware
X Individual
CC
>1
Barak Obama, ransomware
8
8
03/09/2018
?
South African Department of Labour
The South African Department of Labour confirms a DDoS attack which disrupted the government agency's website.
DDoS
O Public administration and defence, compulsory social security
CC
ZA
South African Department of Labour
9
9
03/09/2018
?
Vulnerable IoT devices
A new IoT botnet called Hakai comes out online.
Malware
Y Multiple Industries
CC
>1
Hakai
10
10
03/09/2018
?
Hoopeston Area School District
The Hoopeston Area School District website is hacked with pictures and repeated emergency callout messages to district families.
