Here’s the
first timeline of August, covering the main cyber attacks occurred in the first
half of the eighth month of this troubled 2019. Even if we haven’t achieved the
same level of July, the temperature of the infosec thermometer continues to be
quite high, since in this timeline I have collected 77 events.
So, where do we start from? Probably from the mega breaches that have characterized this timeline, for example CafePress (a staggering number of 23 million accounts compromised), or StockX (6.8 million records stolen), or even the discovery of one million card details put on sale online in South Korea.
And if the
mega breaches are the unwelcome novelty of this fortnight, ransomware continues
to be on a roll, as a matter of fact it’s really impossible to enumerate the
list of the victims in the public administration and healthcare space, and if
that’s not enough, a new variant of the MegaCortex ransomware has been
discovered with ransom demands as high as $5.8 million.
And while an attempt was detected to implant malware inside the AT&T network, social media continue to be the playground for misinformation campaigns, and this fortnight is no exception as two campaigns engaging in coordinated inauthentic behavior have been taken down by Facebook.
Last but
not least this timeline also sports some remarkable cyber espionage events:
maybe the most remarkable is the one targeting three US utilities in the US,
but also APT28 is always on the spot with an original campaign abusing IoT
devices. Other noticeable entries include Hexane (focused in the oil and gas
industry in the Middle East), Machete (targeting the Venezuelan Army), and a
new wave of attacks from Cloud Atlas.
As usual the list is too long to summarize in few lines, and I don’t want to take too much of your time that you could better spend in reading the timeline, so you have no choice but browse it all, and also share it to spread the concept of risk awareness across the community. Of course feel free to contribute, suggesting noticeable cyber events, and do not forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.
wdt_ID
ID
Date
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
1
1
01/08/2019
?
Three US companies in the utilities industry
Researchers from Proofpoint discover a new campaign, possibly developed by a nation, targeting three US utilities via a malware called LookBack, The emails purporting came from the National Council of Examiners for Engineering and Surveying (NCEES).
Targeted Attack
D Electricity gas steam and air conditioning supply
CE
US
Proofpoint, LookBack, National Council of Examiners for Engineering and Surveying, NCEES
2
2
01/08/2019
Hexane Group
Companies in the Middle East (especially in Kuwait)
Researchers from Dragos discover a threat group dubbed Hexane focused on organizations in the oil and gas industry and targeting telco companies to hit its final targets.
Targeted Attack
D Electricity gas steam and air conditioning supply
CE
>1
Dragos, Hexane, Middle East, Kuwait
3
3
01/08/2019
?
Individuals in South Korea
One million card details are put up for sale online in South Korea.
Unknown
K Financial and insurance activities
CC
KR
South Korea
4
4
01/08/2019
UAE
Egypt
Countries, primarily in the Middle East and in North and East Africa, including Libya, Sudan, Comoros, Qatar, Turkey, Lebanon, Syria, Jordan and Morocco
Facebook removes 259 Facebook accounts, 102 Pages, 5 Groups, 4 Events and 17 Instagram accounts for engaging in coordinated inauthentic behavior that originated in the UAE and Egypt and focused on a number of countries in Middle East and Africa.
Fake Social Network Groups/Pages
O Public administration and defence, compulsory social security
Countries in Middle East and Northern Africa, including Qatar, Saudi Arabia, UAE, Bahrain, Egypt, Morocco, Palestine, Lebanon and Jordan
Facebook removes 217 Facebook accounts, 144 Pages, 5 Groups and 31 Instagram accounts involved in coordinated inauthentic behavior originating from Saudi Arabia that focused primarily on the Middle East and Northern Africa.
Fake Social Network Groups/Pages
O Public administration and defence, compulsory social security
CW
>1
Facebook, Middle East, Northern Africa, Qatar, Saudi Arabia, UAE, Bahrain, Egypt, Morocco, Palestine, Lebanon, Jordan
6
6
01/08/2019
?
StockX
StockX, a popular site for buying and selling sneakers and other apparel, resets customer passwords after it is hacked back in May. More than 6.8 million records were stolen.
Unknown
G Wholesale and retail trade
CC
US
StockX
7
7
01/08/2019
?
Poshmark
Poshmark, an online marketplace where North American users can buy and sell new or used clothes, shoes, and accessories, discloses a data breach: an unauthorized party gained access to its servers from where it stole personal information.
Unknown
G Wholesale and retail trade
CC
US
Poshmark
8
8
01/08/2019
?
Single Individuals
Researchers from enSilo reveal the details of DealPly, an adware able to abuse the Microsoft and McAfee reputation services to avoid detection.
Malware
X Individual
CC
>1
enSilo, DealPly, Microsoft, McAfee
9
9
01/08/2019
?
Single Individuals
Researchers from Proofpoint reveal the details of SystemBC, a malware able to install a proxy on infected computers.
Malware
X Individual
CC
>1
Proofpoint, SystemBC,
10
10
01/08/2019
?
Single Individuals
A new Exploit Kit dubbed Lord emerges, able to push the njRAT and ERIS Ransomware.
