It’s time to publish the second timeline of September covering the main cyber attacks occurred between September 16th and September 30th (plus a few events that slipped away from the previous timeline, which you can find here).
If you still have an account on Facebook, you have a good chance to be among the 90 million users forced to reset their password after the breach due to the “view as feature”. For sure this is the most important breach of this timeline that overshadows other massive events like the password reset for 40 million users belonging to Chegg, the 11 million compromised records belonging to Serverspy.com and the 6.42 million customers of fashion brand SHEIN.
And while two cyber attacks crippled the ports of San Diego and Barcelona, cryptoservices are always a hot topic, as shown by the cyber attack suffered by the Japanese Cryptocurrency exchange Zaif (about $60 million worth of cryptocurrency gone with the wind).
The events led by hacktivism confirm their decreasing trend, whilst alleged state-sponsored malicious actors from Russia and North Korea are always on the spot.
In any case read the timeline to have a complete view of the threat landscape (and share it!). And if you want, you may also have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014, 2015, 2016, 2017 and now 2018 (regularly updated… Hopefully!). Do not forget the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.
If you want, you can always submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).
You may always ask for the raw data, but please do not forget to include a short presentation and the purpose of the project. I will not accept requests without any details.
wdt_ID
ID
Date
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
1
1
12/09/2018
?
SMEG UK
The UK branch of the appliance manufacturer SMEG reveals to have been hit by a "targeted cyber attack".
Unknown
C Manufacturing
CC
UK
SMEG UK
2
2
14/09/2018
Magecart
Groopdealz
Groopdealz joins the list of the victims of the Magecart group.
Malware
G Wholesale and retail trade
CC
US
Groopdealz, Magecart
3
3
17/09/2018
?
Saverspy.com
Bob Diachenko, a security researcher, identifies an unsecured MongoDB server leaking the personal details of nearly 11 million users. The database seems to have been ransomed back in June.
Unsecured MongoDB
G Wholesale and retail trade
CC
US
Bob Diachenko, MongoDB, Saverspy.com
4
4
17/09/2018
LulzSecITA
Unuci.org (Union of Italian Retired Military Officials)
LulzSecITA leaks the personal details of about 300 retired military officials.
Unknown
S Other service activities
H
IT
LulzSecITA, unuci.org
5
5
17/09/2018
Iron cybercrime group (AKA Roke)
Vulnerable Windows and Linux Servers
Researchers from Palo Alto Networks discover a new malware strain dubbed XBash that combines features from four types of malware categories: ransomware, coinminers, botnets, and worms.
Researchers from Qihoo's 360Netlab discover Fbot, a botnet based on Satori, which instead of infecting devices, appears to be actually wiping them clean of cryptocurrency mining malware. The botnet hides its C&C behind a blockchain-based DNS.
Malware
Y Multiple Industries
CC
>1
Qihoo's 360Netlab, Fbot,
7
7
17/09/2018
?
Perth Mint
A data breach at Perth Mint sees hackers take the personal details of about 3200 customers, far more than initially suspected. The breach occurred on the system of a third-party technology provider and only involved 13 customer initially.
Unknown
O Public administration and defence, compulsory social security
CC
AU
Perth Mint
8
8
17/09/2018
?
Multiple government websites in India.
Security researchers discover that multiple government websites in the country are infected with cryptojackers.
Malware
O Public administration and defence, compulsory social security
CC
IN
Crypto
9
9
17/09/2018
?
Nonresident aliens in the U.S.
Researchers at Fortinet discover a phishing campaign claiming to be from the IRS but reportedly sent from a server originating in Italy. The campaign appears to be targeting nonresident aliens.
Account Hijacking
X Individual
CC
US
Fortinet
10
10
18/09/2018
Magecart
ABS-CBN
213 customers of ABS-CBN, a Filipino media conglomerate, have their financial data stolen data due to a payment skimmer discovered in the broadcaster's online store.