1-15 September 2019 Cyber Attacks Timeline

The first timeline of September is finally here! In this fortnight I have collected 63 events (including 3 occurred at the end of August), so apparently the level of activity is decreasing compared to the first and second half of August (respectively 77 and 79 events). We’ll see if this is an isolated occurrence or the beginning of a new trend.

With regards to the recorded events, Business Email Compromise attacks are becoming a real problem, and a source of very high revenues for the attackers: a European subsidiary of Toyota Boshoku Corporation has lost $37 million after suffering a BEC scam, and the same fate has occurred to Oklahoma Law Enforcement Retirement System (in this case “only” $4.2 million stolen), and the city of Unalaska (that has been able to recover $2.3 million from the nearly $3 million stolen).

And if the BEC is the new kid on the block, ransomware continues to be the plague of this 2019, with new victims (primarily schools) joining the list.

But as usual the list is too long to summarize and includes also a list of 220 million Facebook users possibly compromised thanks to an unsecured database (an event increasingly common in these cloud-native times), and several DDoS attacks against Wikipedia, World of Warcraft and two institutions in Hong Kong (where the political situation is rather unstable).

At this point you have no choice but browse the timeline, and also share it to spread the concept of risk awareness across the community. Of course feel free to contribute, suggesting noticeable cyber events, and do not forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.

wdt_ID ID Date Author Target Description Attack Target Class Attack Class Country Link Tags
1 1 31/08/2019 ? CircleCI Software testing and delivery company CircleCI notifies a security incident involving the company and a third-party analytics vendor. An attacker was able to improperly access some user data in the vendor account. Unknown M Professional scientific and technical activities CC US CircleCI
2 2 31/08/2019 ? Single Individuals A new campaign distributes the Nemty Ransomware via the RIG Exploit Kit. Malware X Individual CC >1 Nemty, RIG Exploit Kit
3 3 31/08/2019 ? LIHKG LIHKG, an online forum used by activists behind the ongoing Hong Kong protests suffers a DDoS attack forcing its servers to go offline for a short period of time. DDoS S Other service activities CC HK LIHKG
4 4 01/09/2019 ? XKCD Forums The forums of the XKCD webcomic are currently offline after being impacted by a data breach which exposed the information of 561,991 users on July 1. Unknown R Arts entertainment and recreation CC US XKCD Forums
5 5 01/09/2019 ? Souderton Area School District The Souderton Area School District is hit by a ransomware attack. Malware P Education CC US Souderton Area School District, ransomware
6 6 02/09/2019 ? BleachBit user Criminals create a fake BleachBit website to distribute the AZORult information stealer. Malware X Individual CC >1 BleachBit, AZORult
7 7 02/09/2019 ? Single Individuals Researchers from Check Point discover a new malicious campaign actively distributing a new Astaroth variant by abusing the Cloudflare Workers serverless computing platform to evade detection. Malware X Individual CC >1 Check Point, Astaroth, Cloudflare
8 8 02/09/2019 ? Single Individuals A new campaign distributes the Sodinokibi Ransomware hacking into WordPress sites and injecting JavaScript that displays a fake Q & A forum with links to the ransomware installer. Malware X Individual CC >1 Sodinokibi, Ransomware, WordPress
9 9 03/09/2019 ? Android users Security researcher Aleksejs Kuprins from CSIS Security Group discovers a new malware campaign able to infiltrate the official Google Play store to deploy the Joker Trojan to Android devices. Malware X Individual CC >1 Aleksejs Kuprins, CSIS Security Group, Google Play, Joker, Android
10 10 03/09/2019 ? Targets in the banking sector Researchers from Cofense discover a new phishing campaign using compromised SharePoint sites and OneNote documents to redirect potential victims from the banking sector to their landing pages and evade email security gateways. Account Hijacking K Financial and insurance activities CC >1 Cofense, SharePoint, OneNote
ID Date Author Target Attack Target Class Attack Class Country Tags

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: