The first timeline of September is finally here! In this fortnight I have collected 63 events (including 3 occurred at the end of August), so apparently the level of activity is decreasing compared to the first and second half of August (respectively 77 and 79 events). We’ll see if this is an isolated occurrence or the beginning of a new trend.
With regards to the recorded events, Business Email Compromise attacks are becoming a real problem, and a source of very high revenues for the attackers: a European subsidiary of Toyota Boshoku Corporation has lost $37 million after suffering a BEC scam, and the same fate has occurred to Oklahoma Law Enforcement Retirement System (in this case “only” $4.2 million stolen), and the city of Unalaska (that has been able to recover $2.3 million from the nearly $3 million stolen).
And if the BEC is the new kid on the block, ransomware continues to be the plague of this 2019, with new victims (primarily schools) joining the list.
But as usual the list is too long to summarize and includes also a list of 220 million Facebook users possibly compromised thanks to an unsecured database (an event increasingly common in these cloud-native times), and several DDoS attacks against Wikipedia, World of Warcraft and two institutions in Hong Kong (where the political situation is rather unstable).
At this point you have no choice but browse the timeline, and also share it to spread the concept of risk awareness across the community. Of course feel free to contribute, suggesting noticeable cyber events, and do not forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.
wdt_ID
ID
Date
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
1
1
31/08/2019
?
CircleCI
Software testing and delivery company CircleCI notifies a security incident involving the company and a third-party analytics vendor. An attacker was able to improperly access some user data in the vendor account.
Unknown
M Professional scientific and technical activities
CC
US
CircleCI
2
2
31/08/2019
?
Single Individuals
A new campaign distributes the Nemty Ransomware via the RIG Exploit Kit.
Malware
X Individual
CC
>1
Nemty, RIG Exploit Kit
3
3
31/08/2019
?
LIHKG
LIHKG, an online forum used by activists behind the ongoing Hong Kong protests suffers a DDoS attack forcing its servers to go offline for a short period of time.
DDoS
S Other service activities
CC
HK
LIHKG
4
4
01/09/2019
?
XKCD Forums
The forums of the XKCD webcomic are currently offline after being impacted by a data breach which exposed the information of 561,991 users on July 1.
Unknown
R Arts entertainment and recreation
CC
US
XKCD Forums
5
5
01/09/2019
?
Souderton Area School District
The Souderton Area School District is hit by a ransomware attack.
Malware
P Education
CC
US
Souderton Area School District, ransomware
6
6
02/09/2019
?
BleachBit user
Criminals create a fake BleachBit website to distribute the AZORult information stealer.
Malware
X Individual
CC
>1
BleachBit, AZORult
7
7
02/09/2019
?
Single Individuals
Researchers from Check Point discover a new malicious campaign actively distributing a new Astaroth variant by abusing the Cloudflare Workers serverless computing platform to evade detection.
Malware
X Individual
CC
>1
Check Point, Astaroth, Cloudflare
8
8
02/09/2019
?
Single Individuals
A new campaign distributes the Sodinokibi Ransomware hacking into WordPress sites and injecting JavaScript that displays a fake Q & A forum with links to the ransomware installer.
Malware
X Individual
CC
>1
Sodinokibi, Ransomware, WordPress
9
9
03/09/2019
?
Android users
Security researcher Aleksejs Kuprins from CSIS Security Group discovers a new malware campaign able to infiltrate the official Google Play store to deploy the Joker Trojan to Android devices.
Malware
X Individual
CC
>1
Aleksejs Kuprins, CSIS Security Group, Google Play, Joker, Android
10
10
03/09/2019
?
Targets in the banking sector
Researchers from Cofense discover a new phishing campaign using compromised SharePoint sites and OneNote documents to redirect potential victims from the banking sector to their landing pages and evade email security gateways.
