1-15 February 2019 Cyber Attacks Timeline

The first timeline of February is finally here… Bringing us a trove of megabreaches and millions of accounts leaked and published in the dark web.

All this thanks (??) to a malicious actor with the moniker of Gnosticplayers has (or have) put on sale on the dark web a couple of leaks of respectively 617 and 126 million records stolen from dozens of websites (spoiler alert: the leak does not end here…) including: MyFitnessPal, MyHeritage, ShareThis, Houzz, Ixigo, etc.

The crypto landscape continues to be quite troubled with two novelties this fortnight: the first example of a clipboard hijacker found in the Google Play Store in disguise of MetaMask, a legitimate app, and also the first example of miners found in the Microsoft Store (this is really democracy!).

Other interesting events include another breach to Dunkin’ Donuts, the compromise of North Country Business Products, a PoS solution provider (leading to the exposure of payment information for clients at 137 restaurants).

But at this point I bet you are more interested in browsing the timeline rather than reading my comments, so feel free to read it all, share it, and spread the verb of security awareness throughout the community. And obviously and don’t forget to follow @paulsparrows on Twitter for the latest updates.

wdt_ID ID Date Author Target Description Attack Target Class Attack Class Country Link Tags
1 1 29/01/2019 ? Vulnerable Ubiquiti Networks devices Jim Troutman, consultant and director of the Northern New England Neutral Internet Exchange (NNENIX), reveals that threat actors are targeting nearly 500,000 Ubiquiti devices exposed online via a discovery service accessible on UDP port 10001. Ubiquiti Networks devices vulnerability Y Multiple Industries CC >1 Jim Troutman, Northern New England Neutral Internet Exchange, NNENIX), UDP, 10001
2 2 31/01/2019 ? Metro Bank Metro Bank falls victim of an SS7 attack. SS7 Attack K Financial and insurance activities CC UK Metro Bank, SS7
3 3 31/01/2019 ? Multiple Industries Researchers from GreatHorn discover a widespread phishing campaign, targeting executives across a number of industries with messages pretending to be from the CEO, and asking to reschedule a board meeting. Account Hijacking Y Multiple Industries CC >1 GreatHorn
4 4 31/01/2019 ? Centinela Valley Union High School District Centinela Valley Union High School District notifies employees of a W-2 phishing incident. Account Hijacking P Education CC US Centinela Valley Union High School District
5 5 01/02/2019 ? Huddle House Fast food restaurant chain Huddle House discloses that they were affected by a data breach in the point of sale system at some locations that allowed attackers to steal payment information. PoS Malware I Accommodation and food service activities CC US Huddle House
6 6 01/02/2019 OceanLotus Targets in Vietnam Researchers from Palo Alto Networks' Unit 42 discover a new campaign carried out by the Vietnamese APT OceanLotus using a new Kerrdown downloader. Targeted Attack Y Multiple Industries CE VN Palo Alto Networks, Unit 42 discover a new, Kerrdown
7 7 01/02/2019 ? Reproductive Medicine and Infertility Associates Reproductive Medicine and Infertility Associates announces that it was the target of a malware attack in December that may have exposed the personal information of its clients. Malware Q Human health and social work activities CC US Reproductive Medicine and Infertility Associates
8 8 02/02/2019 ? Olympia Financial Group Inc. Olympia Financial Group Inc. announces that it was subject to a ransomware cyber attack on its information technology systems. Malware K Financial and insurance activities CC US Olympia Financial Group Inc., ransomware
9 9 02/02/2019 ? Single Individuals A new sextortion scam emerges, stating that the popular adult site Xvideos.com was hacked and recorded a visitor through their webcam. The scam emails states that this script was able to connect back to the visitors computer to steal their data. Spam X Individual CC >1 Xvideos.com
10 10 04/02/2019 ? Eskom Group South African energy supplier Eskom Group is hit with a double security breach consisting of an unsecured database containing customer information and a corporate computer infected with the Azorult information-stealing Trojan. Malware D Electricity gas steam and air conditioning supply CC ZA Eskom Group, Azolrut
ID Date Author Target Description Attack Target Class Attack Class Country Link Tags

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: