Welcome to this new timeline covering the main cyber attacks occurred in the first fortnight of July, where I have collected a total of 64 events.
Once again a reach timeline unfortunately, and I really do not know where to start from… Maybe from ransomware, where the list of the victims continues to grow.
In fact ransomware is the real plague of this 2019: just the time to celebrate the shutdown of the GandCrab operations, and here we are with new attacks against US municipalities. In this fortnight it has happened to Georgia Court System, La Porte County, Gila County, Onondaga County Library, and also some school like Syracuse City School, Northwest Indian College. But the US Municipalities were not the only victims, even the Chilean Ministry of Agricolture had the same destiny.
Of course the list of the events related to Cyber Crime, is quite long as usual, but should I mention some events in particular, I would undoubtedly quote the attack against the Bitpoint cryptocurrency exchange, about 3.5 billion yen ($32 million) worth stolen in cryptocurrency, and the attack against MyDashWallet.org.
And obviously the campaign of the Silence group against Banks in India, Sri Lanka, and Kyrgyzstan. There are also some interesting events in terms of Cyber Espionage (APT32, APT33 and Turla), but I would say at this point that the summary ends here, so you have no choice than to browse the timeline. Of course, feel free to share it and spread the verb of security awareness throughout the community.
Most importantly, do not forget to follow @paulsparrows on Twitter for the latest updates.
wdt_ID
ID
Date
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
1
1
01/07/2019
?
Single Individuals
Security researchers from Netlab discover Godlua, the first ever malware abusing the DNS over HTTPS (DoH) protocol.
Malware
X Individual
CC
>1
Godlua, Netlab, DoH
2
2
01/07/2019
?
Targets in Libya
Facebook shuts down more than 30 accounts associated with 'Operation Tripoli' an ongoing campaign discovered by Check Point researchers, found to be spreading Remote Access Trojans (RATs) through malicious links.
Targeted Attack
X Individual
CE
LY
Facebook, Operation Tripoli, Check Point
3
3
01/07/2019
?
Georgia Court System
The Georgia Court System is hit by a ransomware attack. The attackers demand around $2 million in Bitcoin to restore access.
Malware
O Public administration and defence, compulsory social security
CC
US
Georgia Court System, System
4
4
01/07/2019
?
US Virgin Islands Water and Power Authority
The Water and Power Authority of the US Virgin Islands is the victim of a Business Email Compromise scam, costing $2.3 million.
Account Hijacking
E Water supply, sewerage waste management, and remediation activities
CC
US
US Virgin Islands Water and Power Authority
5
5
01/07/2019
?
Linux Servers
A new form of malware, called Golang, is spotted in the wild by cybersecurity companies which say the code's main focus is the fraudulent mining of the Monero (XMR) cryptocurrency.
Malware
Y Multiple Industries
CC
>1
Golang, Monero, Crypto
6
6
01/07/2019
?
Chilean Ministry of Agriculture
The Chilean Ministry of Agriculture is hit by the DoppelPaymer ransomware.
Malware
O Public administration and defence, compulsory social security
CC
CL
Chilean Ministry of Agriculture, DoppelPaymer, Ransomware
7
7
01/07/2019
?
Single Individuals
An extortion scam is being distributed that claims a Remote Access Trojan, or RAT, was installed on the victim's computer via EternalBlue.
Spam
X Individual
CC
>1
Remote Access Trojan, RAT, EternalBlue
8
8
01/07/2019
?
Android Users
Researchers from AVAST discover WannaHydra, a new version of WannaLocker, enhanced with spyware, remote access trojan and banking trojan capabilities.
Malware
X Individual
CC
>1
AVAST, WannaHydra, WannaLocker
9
9
01/07/2019
OceanLotus (aka APT32, CobaltKitty)
Multiple Targets
Researchers from Cylance detect a new wave of attacks carried out by the OceanLotus APT group, involving the new Ratsnif Trojan.
Targeted Attack
Y Multiple Industries
CE
>1
OceanLotus, APT32, CobaltKitty, Cylance, Ratsnif
10
10
02/07/2019
TA505
Bank and financial services employees in the US, the United Arab Emirates and Singapore
Researchers from ProofPoint discover a new campaign carried out by TA505 targeting bank and financial services employees in the US, the United Arab Emirates and Singapore.
Targeted Attack
K Financial and insurance activities
CC
>1
ProofPoint, TA505, US, United Arab Emirates, Singapore
11
11
02/07/2019
?
Canonical Ltd.
The GitHub account of Canonical Ltd., the company behind the Ubuntu Linux distribution, is hacked.
Account Hijacking
M Professional scientific and technical activities
CC
UK
GitHub, Canonical Ltd., Ubuntu
12
12
02/07/2019
?
7-Eleven Japan
Approximately 900 customers of 7-Eleven Japan have lost a collective of ¥55 million ($510,000) after hackers hijacked their 7pay app accounts and made illegal charges in their names.
App Vulnerability
G Wholesale and retail trade
CC
JP
7-Eleven
13
13
02/07/2019
?
St John Ambulance
A ransomware attack temporarily blocks St John Ambulance staff from accessing its systems. The attack was detected and was resolved within half an hour.
Malware
Q Human health and social work activities
CC
UK
St John Ambulance, ransomware
14
14
02/07/2019
Iran-linked APT33
US Government Networks
The US Cyber Command issues an alert about threat actors abusing the CVE-2017-11774 Outlook vulnerability to plant malware on government networks.
Targeted Attack
O Public administration and defence, compulsory social security
CC
US
CVE-2017-11774, Iran, APT33
15
15
03/07/2019
?
Android Users
Researchers at Fortinet uncover a new version of the BianLian Android Malware, suggesting that the actors behind it are still providing regular updates to the malware in order to make it more potent and provide even better returns.
Malware
X Individual
CC
>1
Fortinet, BianLian, Android
16
16
03/07/2019
?
PGP Users
A new wave of spamming attacks on a core component of PGP’s ecosystem has highlighted a fundamental weakness in the whole ecosystem.
Spam
X Individual
CC
>1
PGP
17
17
03/07/2019
Silence
Banks in India, Sri Lanka, and Kyrgyzstan
Group-IB reveals that the Silence group has hit banks in India, Sri Lanka, and Kyrgyzstan.
Targeted Attack
K Financial and insurance activities
CC
>1
Group-IB, Silence, India, Sri Lanka, Kyrgyzstan.
18
18
03/07/2019
?
American Land Title Association (ALTA)
American Land Title Association (ALTA) publishes a warning about hundreds of title company records having been supposedly stolen as part of a phishing campaign targeting ALTA members.
Account Hijacking
K Financial and insurance activities
CC
US
American Land Title Association, ALTA
19
19
03/07/2019
?
City of Griffin
Over $800,000 are stolen from the City of Griffin, Georgia, by scammers in a BEC (Business Email Compromise) attack by redirecting two transactions to their own bank accounts.
Account Hijacking
O Public administration and defence, compulsory social security
CC
US
City of Griffin
20
20
03/07/2019
?
US Teenagers
The Federal Bureau of Investigation (FBI) issues a warning regarding a sextortion campaign targeting teenagers in the United States.
Spam
X Individual
CC
US
FBI, sextortion
21
21
04/07/2019
?
Android Users
Over ten million users are duped in installing a fake Samsung app named "Updates for Samsung" that promises firmware updates, but, in reality, redirects users to an ad-filled website and charges for firmware downloads.
Malware
X Individual
CC
>1
Samsung, Updates for Samsung, Android
22
22
05/07/2019
?
Maryland Department of Labor
The Maryland Department of Labor (Maryland DoL) publishes a press release explaining that sensitive information of roughly 78,000 customers including names and social security numbers was accessed by an unauthorized party.
Unknown
O Public administration and defence, compulsory social security
CC
US
Maryland Department of Labor
23
23
05/07/2019
?
Croatian Government
A new report reveals that Croatian government employees have been targeted by a state-sponsored actor between February and April this year, via the Empire and SilentTrinity backdoors.
Targeted Attack
O Public administration and defence, compulsory social security
CE
HR
Empire, SilentTrinity
24
24
05/07/2019
?
962 e-commerce stores
Researchers from Sanguine Security discover a large-scale Magecart payment card skimming campaign that successfully breached 962 e-commerce stores.
Malicious Script Injection
G Wholesale and retail trade
CC
>1
Magecart, Sanguine Security
25
25
06/07/2019
?
La Porte County
La Porte County is hit by a ransomware attack and pays $130,000 to recover data.
Malware
O Public administration and defence, compulsory social security
Looks like the table is from back end of June
Looks like you are right and I posted the wrong article. I fixed it. Apologies for any inconvenience.