16-31 October 2018 Cyber Attacks Timeline

It’s time to publish the second timeline of October, covering the main events occurred between October 16 and October 31 (the first timeline is here). The total number of collected events is 58, showing a light increase compared with the 54 events of the previous fortnight.

Many events to pinpoint these days, starting from the massive breach to Cathay Pacific, potentially affecting 9.4 million users, and not exactly an example of how breaches should be handled in the GDPR era.

Attacks against crypto exchanges play also an important role in this timeline: Trade.io has suffered an illegitimate withdrawn of $7.5 Million worth in token, while MapleChange has suffered $6 Million worth losses, despite there are many doubts this could be an exit scam.

Interesting timeline also from a cyberwarfare and hacktivism perspective: Ukraine (and Poland) were hit by GreyEnergy, yet another long-lasting operation, direct successor of the infamous BlackEnergy, whose origin dates back to 2015: while Italian hacktivists affiliated to Anonymous kicked off Op #FifthOfNovember against Universities, Trade Unions, and other websites.

Again, 58 events are too many to summarize in few lines, so feel free to read carefully the whole timeline to have a complete view of the threat landscape (and also share it!). The timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014, 2015, 2016, 2017 and now 2018 are also available, and do not forget the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Finally, you may always ask for the raw data, but please do not forget to include a short presentation and the purpose of the project. I will not accept requests without any details.

wdt_ID ID Date Author Target Description Attack Target Class Attack Class Country Link Tags
1 1 05/10/2018 ? National Ambulatory Hernia Institute National Ambulatory Hernia Institute notifies almost 16,000 patients of Gamma ransomware attack occurred on October 5. Malware Q Human health and social work activities CC US National Ambulatory Hernia Institute, Ransomware
2 2 16/10/2018 ? New Share Counts Researchers from Sucuri reveal that New Share Counts, a discontinued Tweet counter is hijacked, redirecting the users to scam pages. Malicious Script X Individual CC >1 New Share Counts, Sucuri
3 3 16/10/2018 Attackers linked to Hezbollah Multiple Targets The Czech Security Intelligence Service (BIS) reveals to have taken down the infrastructure used by Hezbollah operatives to target and infect users around the globe with mobile malware. Malware Y Multiple Industries CW >1 Hezbollah, BIS
4 4 16/10/2018 ? City of West Haven The City of West Haven pays $2,000 after having 23 of its servers encrypted from a ransomware attack. Malware O Public administration and defence, compulsory social security CC US West Haven, Ransomware
5 5 17/10/2018 GreyEnergy Energy companies and other high-value targets in Ukraine and Poland Researchers from ESET uncover details of the successor of the BlackEnergy APT group, named GreyEnergy. Since December 2015, the group attacked energy companies and other high-value targets in Ukraine and Poland for the past three years. Targeted Attack D Electricity gas steam and air conditioning supply CW >1 GreyEnergy, ESET, Ukraine, Poland
6 6 17/10/2018 ? A primary company in the Italian Naval Industry Researchers from Yoroi discover a new targeted campaign against one of the most important companies in the Italian Naval Industry. The malware is dubbed MartyMcFly. Targeted Attack H Transportation and storage CE IT Yoroi, MartyMcFly
7 7 17/10/2018 ? Vesta Control Panel (VestaCP) Vesta Control Panel, the provider of an open-source hosting panel software reveals a security breach during which an unknown hacker contaminated the project's source code with malware. The malicious code was added on May 31, this year, and later removed t Malware J Information and communication CC >1 Vesta Control Panel, VestaCP
8 8 17/10/2018 ? Single Individuals Researchers from Zscaler uncover a new SEO poisoning campaign, targeting keywords associated with the U.S. midterm elections. Attackers have hacked over 10,000 web sites in order to promote 15,000 different keywords SEO Poisoning X Individual CC >1 Zscaler
9 9 17/10/2018 ? City of Muscatine The City of Muscatine is hit with a ransomware attack on October 17. Financial and other servers are affected. Malware O Public administration and defence, compulsory social security CC US Muscatine, Ransomware
10 10 17/10/2018 ? Facepunch As reported by Troy Hunt's Have I Been Pwned breach notification service, the Facepunch game studio was the victim of a data breach in June 2016 which led to sensitive information of 396,650 users being exposed. Unknown R Arts entertainment and recreation CC UK Troy Hunt, Have I Been Pwned, Facepunch
ID Date Author Target Description Attack Target Class Attack Class Country Link Tags

Leave a Reply

%d bloggers like this: