It’s time to publish the second timeline of October, covering the main events occurred between October 16 and October 31 (the first timeline is here). The total number of collected events is 58, showing a light increase compared with the 54 events of the previous fortnight.
Many events to pinpoint these days, starting from the massive breach to Cathay Pacific, potentially affecting 9.4 million users, and not exactly an example of how breaches should be handled in the GDPR era.
Attacks against crypto exchanges play also an important role in this timeline: Trade.io has suffered an illegitimate withdrawn of $7.5 Million worth in token, while MapleChange has suffered $6 Million worth losses, despite there are many doubts this could be an exit scam.
Interesting timeline also from a cyberwarfare and hacktivism perspective: Ukraine (and Poland) were hit by GreyEnergy, yet another long-lasting operation, direct successor of the infamous BlackEnergy, whose origin dates back to 2015: while Italian hacktivists affiliated to Anonymous kicked off Op #FifthOfNovember against Universities, Trade Unions, and other websites.
Again, 58 events are too many to summarize in few lines, so feel free to read carefully the whole timeline to have a complete view of the threat landscape (and also share it!). The timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014, 2015, 2016, 2017 and now 2018 are also available, and do not forget the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.
Finally, you may always ask for the raw data, but please do not forget to include a short presentation and the purpose of the project. I will not accept requests without any details.
wdt_ID
ID
Date
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
1
1
05/10/2018
?
National Ambulatory Hernia Institute
National Ambulatory Hernia Institute notifies almost 16,000 patients of Gamma ransomware attack occurred on October 5.
Malware
Q Human health and social work activities
CC
US
National Ambulatory Hernia Institute, Ransomware
2
2
16/10/2018
?
New Share Counts
Researchers from Sucuri reveal that New Share Counts, a discontinued Tweet counter is hijacked, redirecting the users to scam pages.
Malicious Script
X Individual
CC
>1
New Share Counts, Sucuri
3
3
16/10/2018
Attackers linked to Hezbollah
Multiple Targets
The Czech Security Intelligence Service (BIS) reveals to have taken down the infrastructure used by Hezbollah operatives to target and infect users around the globe with mobile malware.
Malware
Y Multiple Industries
CW
>1
Hezbollah, BIS
4
4
16/10/2018
?
City of West Haven
The City of West Haven pays $2,000 after having 23 of its servers encrypted from a ransomware attack.
Malware
O Public administration and defence, compulsory social security
CC
US
West Haven, Ransomware
5
5
17/10/2018
GreyEnergy
Energy companies and other high-value targets in Ukraine and Poland
Researchers from ESET uncover details of the successor of the BlackEnergy APT group, named GreyEnergy. Since December 2015, the group attacked energy companies and other high-value targets in Ukraine and Poland for the past three years.
Targeted Attack
D Electricity gas steam and air conditioning supply
CW
>1
GreyEnergy, ESET, Ukraine, Poland
6
6
17/10/2018
?
A primary company in the Italian Naval Industry
Researchers from Yoroi discover a new targeted campaign against one of the most important companies in the Italian Naval Industry. The malware is dubbed MartyMcFly.
Targeted Attack
H Transportation and storage
CE
IT
Yoroi, MartyMcFly
7
7
17/10/2018
?
Vesta Control Panel (VestaCP)
Vesta Control Panel, the provider of an open-source hosting panel software reveals a security breach during which an unknown hacker contaminated the project's source code with malware. The malicious code was added on May 31, this year, and later removed t
Malware
J Information and communication
CC
>1
Vesta Control Panel, VestaCP
8
8
17/10/2018
?
Single Individuals
Researchers from Zscaler uncover a new SEO poisoning campaign, targeting keywords associated with the U.S. midterm elections. Attackers have hacked over 10,000 web sites in order to promote 15,000 different keywords
SEO Poisoning
X Individual
CC
>1
Zscaler
9
9
17/10/2018
?
City of Muscatine
The City of Muscatine is hit with a ransomware attack on October 17. Financial and other servers are affected.
Malware
O Public administration and defence, compulsory social security
CC
US
Muscatine, Ransomware
10
10
17/10/2018
?
Facepunch
As reported by Troy Hunt's Have I Been Pwned breach notification service, the Facepunch game studio was the victim of a data breach in June 2016 which led to sensitive information of 396,650 users being exposed.
