1-15 August 2019 Cyber Attacks Timeline

Here’s the first timeline of August, covering the main cyber attacks occurred in the first half of the eighth month of this troubled 2019. Even if we haven’t achieved the same level of July, the temperature of the infosec thermometer continues to be quite high, since in this timeline I have collected 77 events.

So, where do we start from? Probably from the mega breaches that have characterized this timeline, for example CafePress (a staggering number of 23 million accounts compromised), or StockX (6.8 million records stolen), or even the discovery of one million card details put on sale online in South Korea.

And if the mega breaches are the unwelcome novelty of this fortnight, ransomware continues to be on a roll, as a matter of fact it’s really impossible to enumerate the list of the victims in the public administration and healthcare space, and if that’s not enough, a new variant of the MegaCortex ransomware has been discovered with ransom demands as high as $5.8 million.

And while an attempt was detected to implant malware inside the AT&T network, social media continue to be the playground for misinformation campaigns, and this fortnight is no exception as two campaigns engaging in coordinated inauthentic behavior have been taken down by Facebook.

Last but not least this timeline also sports some remarkable cyber espionage events: maybe the most remarkable is the one targeting three US utilities in the US, but also APT28 is always on the spot with an original campaign abusing IoT devices. Other noticeable entries include Hexane (focused in the oil and gas industry in the Middle East), Machete (targeting the Venezuelan Army), and a new wave of attacks from Cloud Atlas.

As usual the list is too long to summarize in few lines, and I don’t want to take too much of your time that you could better spend in reading the timeline, so you have no choice but browse it all, and also share it to spread the concept of risk awareness across the community. Of course feel free to contribute, suggesting noticeable cyber events, and do not forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.

wdt_ID ID Date Author Target Description Attack Target Class Attack Class Country Link Tags
1 1 01/08/2019 ? Three US companies in the utilities industry Researchers from Proofpoint discover a new campaign, possibly developed by a nation, targeting three US utilities via a malware called LookBack, The emails purporting came from the National Council of Examiners for Engineering and Surveying (NCEES). Targeted Attack D Electricity gas steam and air conditioning supply CE US Proofpoint, LookBack, National Council of Examiners for Engineering and Surveying, NCEES
2 2 01/08/2019 Hexane Group Companies in the Middle East (especially in Kuwait) Researchers from Dragos discover a threat group dubbed Hexane focused on organizations in the oil and gas industry and targeting telco companies to hit its final targets. Targeted Attack D Electricity gas steam and air conditioning supply CE >1 Dragos, Hexane, Middle East, Kuwait
3 3 01/08/2019 ? Individuals in South Korea One million card details are put up for sale online in South Korea. Unknown K Financial and insurance activities CC KR South Korea
4 4 01/08/2019 UAE Egypt Countries, primarily in the Middle East and in North and East Africa, including Libya, Sudan, Comoros, Qatar, Turkey, Lebanon, Syria, Jordan and Morocco Facebook removes 259 Facebook accounts, 102 Pages, 5 Groups, 4 Events and 17 Instagram accounts for engaging in coordinated inauthentic behavior that originated in the UAE and Egypt and focused on a number of countries in Middle East and Africa. Fake Social Network Groups/Pages O Public administration and defence, compulsory social security CW >1 Facebook, Libya, Sudan, Comoros, Qatar, Turkey, Lebanon, Syria, Jordan, Morocco
5 5 01/08/2019 Saudi Arabia Countries in Middle East and Northern Africa, including Qatar, Saudi Arabia, UAE, Bahrain, Egypt, Morocco, Palestine, Lebanon and Jordan Facebook removes 217 Facebook accounts, 144 Pages, 5 Groups and 31 Instagram accounts involved in coordinated inauthentic behavior originating from Saudi Arabia that focused primarily on the Middle East and Northern Africa. Fake Social Network Groups/Pages O Public administration and defence, compulsory social security CW >1 Facebook, Middle East, Northern Africa, Qatar, Saudi Arabia, UAE, Bahrain, Egypt, Morocco, Palestine, Lebanon, Jordan
6 6 01/08/2019 ? StockX StockX, a popular site for buying and selling sneakers and other apparel, resets customer passwords after it is hacked back in May. More than 6.8 million records were stolen. Unknown G Wholesale and retail trade CC US StockX
7 7 01/08/2019 ? Poshmark Poshmark, an online marketplace where North American users can buy and sell new or used clothes, shoes, and accessories, discloses a data breach: an unauthorized party gained access to its servers from where it stole personal information. Unknown G Wholesale and retail trade CC US Poshmark
8 8 01/08/2019 ? Single Individuals Researchers from enSilo reveal the details of DealPly, an adware able to abuse the Microsoft and McAfee reputation services to avoid detection. Malware X Individual CC >1 enSilo, DealPly, Microsoft, McAfee
9 9 01/08/2019 ? Single Individuals Researchers from Proofpoint reveal the details of SystemBC, a malware able to install a proxy on infected computers. Malware X Individual CC >1 Proofpoint, SystemBC,
10 10 01/08/2019 ? Single Individuals A new Exploit Kit dubbed Lord emerges, able to push the njRAT and ERIS Ransomware. Malware X Individual CC >1 Lord, njRAT, ERIS, Ransomware
ID Date Attack Target Class Attack Class Country Tags

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: