16-30 September 2018 Cyber Attacks Timeline

It’s time to publish the second timeline of September covering the main cyber attacks occurred between September 16th and September 30th (plus a few events  that slipped away from the previous timeline, which you can find here).

If you still have an account on Facebook, you have a good chance to be among the 90 million users forced to reset their password after the breach due to the “view as feature”. For sure this is the most important breach of this timeline that overshadows other massive events like the password reset for 40 million users belonging to Chegg, the 11 million compromised records belonging to Serverspy.com and the 6.42 million customers of fashion brand SHEIN.

And while two cyber attacks crippled the ports of San Diego and Barcelona, cryptoservices are always a hot topic, as shown by the cyber attack suffered by the Japanese Cryptocurrency exchange Zaif (about $60 million worth of cryptocurrency gone with the wind).

The events led by hacktivism confirm their decreasing trend, whilst alleged state-sponsored malicious actors from Russia and North Korea are always on the spot.

In any case read the timeline to have a complete view of the threat landscape (and share it!). And if you want, you may also have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014, 2015, 2016, 2017 and now 2018 (regularly updated… Hopefully!). Do not forget the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

If you want, you can always submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

You may always ask for the raw data, but please do not forget to include a short presentation and the purpose of the project. I will not accept requests without any details.

wdt_ID ID Date Author Target Description Attack Target Class Attack Class Country Link Tags
1 1 12/09/2018 ? SMEG UK The UK branch of the appliance manufacturer SMEG reveals to have been hit by a "targeted cyber attack". Unknown C Manufacturing CC UK SMEG UK
2 2 14/09/2018 Magecart Groopdealz Groopdealz joins the list of the victims of the Magecart group. Malware G Wholesale and retail trade CC US Groopdealz, Magecart
3 3 17/09/2018 ? Saverspy.com Bob Diachenko, a security researcher, identifies an unsecured MongoDB server leaking the personal details of nearly 11 million users. The database seems to have been ransomed back in June. Unsecured MongoDB G Wholesale and retail trade CC US Bob Diachenko, MongoDB, Saverspy.com
4 4 17/09/2018 LulzSecITA Unuci.org (Union of Italian Retired Military Officials) LulzSecITA leaks the personal details of about 300 retired military officials. Unknown S Other service activities H IT LulzSecITA, unuci.org
5 5 17/09/2018 Iron cybercrime group (AKA Roke) Vulnerable Windows and Linux Servers Researchers from Palo Alto Networks discover a new malware strain dubbed XBash that combines features from four types of malware categories: ransomware, coinminers, botnets, and worms. Malware Y Multiple Industries CC >1 Palo Alto Networks, Iron, Roke, Xbash, Crypto, Ransomware
6 6 17/09/2018 ? Multiple targets Researchers from Qihoo's 360Netlab discover Fbot, a botnet based on Satori, which instead of infecting devices, appears to be actually wiping them clean of cryptocurrency mining malware. The botnet hides its C&C behind a blockchain-based DNS. Malware Y Multiple Industries CC >1 Qihoo's 360Netlab, Fbot,
7 7 17/09/2018 ? Perth Mint A data breach at Perth Mint sees hackers take the personal details of about 3200 customers, far more than initially suspected. The breach occurred on the system of a third-party technology provider and only involved 13 customer initially. Unknown O Public administration and defence, compulsory social security CC AU Perth Mint
8 8 17/09/2018 ? Multiple government websites in India. Security researchers discover that multiple government websites in the country are infected with cryptojackers. Malware O Public administration and defence, compulsory social security CC IN Crypto
9 9 17/09/2018 ? Nonresident aliens in the U.S. Researchers at Fortinet discover a phishing campaign claiming to be from the IRS but reportedly sent from a server originating in Italy. The campaign appears to be targeting nonresident aliens. Account Hijacking X Individual CC US Fortinet
10 10 18/09/2018 Magecart ABS-CBN 213 customers of ABS-CBN, a Filipino media conglomerate, have their financial data stolen data due to a payment skimmer discovered in the broadcaster's online store. Malware J Information and communication CC PH ABS-CBN, Magecart
ID Date Author Target Description Attack Target Class Attack Class Country Link Tags

Leave a Reply

%d bloggers like this: