1-15 September 2018 Cyber Attacks Timeline

It’s time to publish the first timeline of September, covering the main cyber attacks occurred between September 1st and September 15th (plus some August events that were disclosed in September, so could not appear in the previous timeline).

I collected 51 entries for September alone. Easily predictable, the numbers are growing compared to August: crooks are back in business after the Summer break.

This fortnight has been characterized by the breach occurred to British Airways where 380,000 transactions were compromised Unfortunately the Magecart gang, the malicious actors behind this attack, were quite active in September: they also hit Feedify (and some more targets that will appear in the next timeline).

State-sponsored actors were also quite active in this period: Goblin Panda and APT10 (China), OilRig and Domestic Kitten (Iran), are only some of the malicious actors belonging to this category that appear in the timeline. But also organized crime kept the pace: FIN6 hit PoS Systems across the United States and Europe with malware, whereas the Cobalt gang was quite creative targeting bank customers in Russia and Romania, and unprotected MongoDB instances.

And, last but not least, Cryptovalues are always on the spot: attackers took advantage of two vulnerabilities in the EOS blockchain and made off with $24,000 from DEOSGames and $200,000 from EOSBet.

My advice is always the same: read the timeline from the top to the bottom (and share it!). And if you want, you may also have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014, 2015, 2016, 2017 and now 2018 (regularly updated… Hopefully!). And do not forget the Cyber Attack Statistics that are regularly published, and follow @paulsparrows on Twitter for the latest updates.

Last but not least, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts), and please notice that, starting from this month, it is possible to download the raw data directly from the tools above the table. You may always ask for the raw data, but please do not forget to include a short presentation and the purpose of the project. I am not supposed to accept requests without any details.

wdt_ID ID Date Author Target Description Attack Target Class Attack Class Country Link Tags
1 1 17/08/2018 ? Dallas County Community College Dallas County Community College discloses a breach after some employees' emails credentials are compromised by a phishing attack from September 14, 2017 to December 18, 2017. Account Hijacking P Education CC US Dallas County Community College
2 2 24/08/2018 ? Schneider Electric Schneider Electric finds a malicious code on the USB drives that have been shipped with Conext ComBox and Conext Battery Monitor products. Malware C Manufacturing CC FR Schneider Electric
3 3 24/08/2018 ? Coweta County Coweta County restores most of its computer servers, nearly two weeks after hackers demanded $341,000 in bitcoins. Malware O Public administration and defence, compulsory social security CC US Coweta Country, Ransomware
4 4 29/08/2018 GOBLIN PANDA Vietnam Researchers from security firm CrowdStrike have observed a new campaign associated with the GOBLIN PANDA APT group, targeting Vietnam via a spear phishing campaign using weaponized documents. Targeted Attack O Public administration and defence, compulsory social security CE VN GOBLIN PANDA, Vietnam, Crowdstrike
5 5 30/08/2018 "@joshua" from group Fatal Error Crew C&A The Brazilian operation of international fashion retail clothing chain C&A confirms a cyberattack to its gift card platform. Data from 36,000 customers who purchased gift cards is leaked on Pastebin. Unknown G Wholesale and retail trade CC BR C&A, @joshua, Fatal Error Crew, Pastebin
6 6 01/09/2018 ? Town of Midland The small Canadian town of Midland, Ontario plans to pay off a $35,000 ransom to the malicious actors who shut down the municipalities compute system with a ransomware attack. Malware O Public administration and defence, compulsory social security CC CA Midland, ransomware
7 7 02/09/2018 ? Single Individuals Researchers discover a new ransomware that only encrypts .EXE files on a computer. It then displays a screen with a picture of President Obama that asks for a "tip" to decrypt the files. Malware X Individual CC >1 Barak Obama, ransomware
8 8 03/09/2018 ? South African Department of Labour The South African Department of Labour confirms a DDoS attack which disrupted the government agency's website. DDoS O Public administration and defence, compulsory social security CC ZA South African Department of Labour
9 9 03/09/2018 ? Vulnerable IoT devices A new IoT botnet called Hakai comes out online. Malware Y Multiple Industries CC >1 Hakai
10 10 03/09/2018 ? Hoopeston Area School District The Hoopeston Area School District website is hacked with pictures and repeated emergency callout messages to district families. Unknown P Education CC US Hoopeston Area School District
ID Date Author Target Description Attack Target Class Attack Class Country Link Tags

Leave a Reply

%d bloggers like this: