Last Updated on October 28, 2019

And after the first one, I can finally publish the second timeline of September covering the main cyber attacks occurred in the second fortnight. In this timeline I have collected a total of 77 events (including 3 that happened in the first part of the month but were included in this timeline because of the time of publication.

What do we want to start from, mega breaches or ransomware? Unfortunately in both cases the timeline is rich of noticeable examples. Ransomware continues to target government organizations, healthcare (in case of Wood Ranch Medical, the company was forced out of business), schools and large manufacturers such as Demant, one of the world’s largest manufacturers of hearing aids that expects to incur losses of up to $95 million as a consequence of the attack, but also Rheinmetall Automotive and Defence Construction Canada.

In terms of mega breaches, the main event of this timeline is the breach suffered by Zynga with more than 218 million records allegedly compromised by an old acquaintance like Gnosticplayers. Other massive breaches include a trove of Brazilian citizens leaked on underground forums (92 million), Lumin PDF (24.3 million), and DoorDash (4.9 million).

The list of cyber espionage campaigns include events carried out by APT10, APT28, Poison Carp, the Tortoiseshell Group against 11 IT providers primarily based in Saudi Arabia (a supply chain attack), and the discovery of on operation targeting Airbus, even in this case via the supply chain.

For the complete list, feel free to browse the entire timeline, and share it to spread the concept of risk awareness across the community. Of course feel free to contribute, suggesting noticeable cyber events, and do not forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.

wdt_IDIDDateAuthorTargetDescriptionAttackTarget ClassAttack ClassCountryLinkTags
1111/09/2019?Travis Central AppraisalThe Travis Central Appraisal District is hit by a ransomware attack.MalwareL Real estate activitiesCCUSTravis Central Appraisal
2212/09/2019?Sarrell DentalSarrell Dental notifies almost 400,000 patients after a ransomware attack.MalwareQ Human health and social work activitiesCCUSSarrell Dental, ransomware
3312/09/2019?Italian companiesA new campaign distributing SLoad (TH-163) is discovered targeting Italian companies.MalwareY Multiple IndustriesCCITSload, TH-163
4416/09/2019?Lumin PDFThe details of over 24.3 million Lumin PDF users have been shared today on a hacking forumExposed MongoDBM Professional scientific and technical activitiesCCNZLumin PDF
5516/09/2019?Users in multiple countriesA new Emotet campaign is detected, targeting Germany, the United Kingdom, Poland, and Italy. The spam campaign also hit the USA, targeting both individuals, business, and government entities.MalwareX IndividualCC>1Emotet
6616/09/2019?Nicole Scherzinger Instagram accountThe Instagram account of singer-songwriter Nicole Scherzinger is hacked.Account HijackingX IndividualCCUSInstagram, Nicole Scherzinger
7716/09/2019?Yanet García Instagram accountThe Instagram account of Yanet García is hacked.Account HijackingX IndividualCCUSInstagram, Yanet García
8816/09/2019?Taxpayers in the U.S.Researchers from Cofense discover a phishing campaign delivering the Amadey botnet malware to taxpayers in the U.S. through fake income tax refund emails.MalwareX IndividualCCUSCofense, Amadey
9916/09/2019?Linux serversResearchers from Trend Micro discover a new Linux cryptocurrency miner, dubbed Skidmap, that leverages kernel-mode rootkits to evade the detection.MalwareY Multiple IndustriesCC>1Trend Micro, Linux, Skidmap, Crypto
101016/09/2019?Facebook users in IraqFacebook takes down hundreds of Facebook and Instagram pages and accounts after a campaign was discovered attempting to influence user behavior in Iraq.Fake Social Network AccountsO Public administration and defence, compulsory social securityCWIQFacebook, Instagram
IDDateAuthorTargetDescriptionAttackTarget ClassAttack ClassCountryLinkTags

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.