Here we are, the first cyber attacks timeline of October is here! This list contains 100 events (including 7 occurred before), a number very close to the one recorded in the previous month (100). Needless to say, ransomware continues to characterize the landscape with 29 out of 100 events. The list of the high-profile victims continue to grow, and within ransomware events, an important role is still played by the Blackbaud breach: every week new educational or no-profit organizations join the list of the affected entities.
But cyber criminals were active also in other fronts: for example the card details of more than three million customers of Dickey’s Barbecue Pit have been posted in the dark web, Facebook has revealed the details of SilentFade, a sophisticated malware campaign defrauding Facebook users of more than $4 million, and a series of 240+ Android apps engaging in deceptive behavior, dubbed RAINBOWMIX, hqw netted cyber criminals a $150,000 daily profit.
In the crypto space, the most noticeable event is the theft of more than $22 million in funds from users of the Electrum wallet app. The chronicles also report of a $500,000 scam against the City of Franklin.
On the cyber espionage front threat groups as MuddyWater have been busy to exploit the ZeroLogon CVE-2020-1472 vulnerability. Similarly Silent Librarian is back to business, and busy to target educational institutions worldwide.
Last but not least, the proximity of US Elections has obviously influenced the cyber warfare landscape, which saw two disinformation campaigns driven by fake news sites and social network profiles.
Details in the timeline! Thanks for sharing it and supporting my work in spreading the risk awareness across the community. Also, don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.
ID
Date
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
1
08/12/2020
?
Latin School of Chicago
The Latin School of Chicago is among the victims of the Blackbaud ransomware attack.
Malware
P Education
CC
US
Latin School of Chicago, Blackbaud, ransomware
2
09/05/2020
?
Perez Art Museum of Miami (PAMM)
Perez Art Museum of Miami (PAMM) reveals to be among the victims of the Blackbaud ransomware attack.
Malware
R Arts entertainment and recreation
CC
US
Perez Art Museum of Miami, PAMM, ransomware, Blackbaud
3
01/01/1970
?
St. Bonaventure University
The St. Bonaventure University is also hit by the Blackbaud ransomware attack.
Malware
P Education
CC
US
St. Bonaventure University, Blackbaud, ransomware
4
01/01/1970
?
Ball State University
The Ball State University is also hit by the Blackbaud ransomware attack.
Malware
P Education
CC
US
Ball State University, Blackbaud, ransomware
5
01/01/1970
?
Lexington City
Some current and former Lexington City employees’ personal information is compromised after a contractor, Metaformers Inc., suffered a phishing attack in July.
Account hijacking
O Public administration and defence, compulsory social security
CC
US
Lexington City, Metaformers Inc.
6
01/01/1970
?
ADRA International
ADRA International reveals to be among the victims of the Blackbaud ransomware attack.
Malware
Q Human health and social work activities
CC
US
ADRA International, Blackbaud, Ransomware
7
01/01/1970
?
Oswego Health
Oswego Health notifies an unspecified number of patients about a potential leak of personal information via an employee email account hacked between June 11 and June 15.
Account hijacking
Q Human health and social work activities
CC
US
Oswego Health
8
10/01/2020
TA542
Multiple targets
Researchers from Proofpoint discover a new spam campaign pretending to be from the Democratic National Convention's Team Blue initiative, but distributing the Emotet malware.
Malware
Y Multiple Industries
CC
>1
Proofpoint, Democratic National Convention's Team Blue, Emotet, TA542
9
10/01/2020
?
Multiple targets
Researchers from Trustwave discover a new malicious campaign distributing the LokiBot malware through URL obfuscation.
Malware
Y Multiple Industries
CC
>1
Trustwave, LokiBot
10
10/01/2020
?
Single individuals
An investigation into the top 10,000 Alexa sites carried out by researchers from Palo Alto Networks reveals that many of these popular are infected with cryptocurrency miners and credit card skimming scripts.
Malicious Script Injection
X Individual
CC
>1
Alexa, Palo Alto Networks
11
10/01/2020
Iran
Twitter users in the US
Twitter says that it removed around 130 Iranian accounts for attempting to disrupt the public conversation during the first Presidential Debate for the US 2020 Presidential Election.
Fake Social Networks Accounts
X Individual
CW
US
Twitter, US 2020 Presidential Election, Iran
12
10/01/2020
?
Vulnerable IoT devices
Researchers from Barracuda reveal that IPStorm, a malware botnet first spotted last year targeting Windows systems, has evolved to infect other types of platforms, such as Android, Linux, and Mac devices.
Misconfigurations
Y Multiple Industries
CC
>1
Barracuda, IPStorm, Android, Linux, Mac, IoT
13
10/01/2020
SilentFade
Facebook users
Researchers from Facebook reveal the details of SilentFade, a sophisticated malware campaign, defrauding Facebook users of more than $4 million.
Malware
Y Multiple Industries
CC
>1
Facebook, SilentFade, Facebook
14
10/01/2020
?
Vulnerable Tenda routers
Researchers from Qihoo 360 Netlab reveal that for almost a year, a threat actor has been using zero-day vulnerabilities to install malware on Tenda routers and build an IoT botnet called Ttint.
The U.S. Department of Defense’s Cyber National Mission Force (CNMF) and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) publish a malware analysis report about a new dropper tracked as SLOTHFULMEDIA.
Targeted Attack
Y Multiple Industries
CE
US
Department of Defense’s Cyber National Mission Force, CNMF, Department of Homeland Security, Cybersecurity and Infrastructure Security Agency, SLOTHFULMEDIA
16
10/02/2020
?
United Nations International Maritime Organization (UN IMO)
The United Nations International Maritime Organization (UN IMO) discloses a security breach categorized as a "sophisticated cyber-attack" against its IT systems.
Unknown
U Activities of extraterritorial organizations and bodies
N/A
N/A
United Nations International Maritime Organization, UN IMO
17
10/02/2020
?
Wisepay
Wisepay has its website hacked, and an attacker is able to harvest payment details between 2 and 5 October via a spoof page. Attempted payments to about 300 schools are affected.
Account hijacking
K Financial and insurance activities
CC
UK
Wisepay
18
10/02/2020
Priority
IoT devices
Researchers from Juniper discover a campaign using a variant of Mirai malware to target IoT devices using the Demonbot variant of Mirai together with a second variant developed by Scarface.
Misconfigurations
Y Multiple Industries
CC
>1
Juniper, Mirai, Demonbot, Scarface, Demonbot
19
10/02/2020
?
Trickbot botnet
Over the past 10 days, someone has been launching a series of coordinated attacks designed to disrupt the Trickbot botnet.
Malware
S Other service activities
H
N/A
TrickBot
20
10/02/2020
?
Single individuals
Researchers from KnowBe4 reveal the details of a phishing campaign that tell recipients that their voter’s registration applications are incomplete – but instead steal their social security numbers, license data and more.
Account hijacking
X Individual
CC
US
KnowBe4
21
10/02/2020
?
City of Odessa
The City of Odessa suffers a second data breach involving the online payment web portal Click2Gov.
Malicious Script Injection
O Public administration and defence, compulsory social security
CC
US
City of Odessa, Click2Gov
22
10/02/2020
?
Jonah Williams Twitter account
Unknown hackers appear to have hijacked verified the Twitter account of Cincinnati Bengals player to promote a bitcoin scam, this time impersonating Elon Musk.
Account hijacking
X Individual
CC
US
Twitter, Cincinnati Bengals, Elon Musk
23
10/02/2020
?
Nicole Sifuentes Twitter account
Hackers also appear to have hijacked the Canadian Olympic runner Nicole Sifuentes to promote an additional bitcoin scam impersonating Elon Musk.
Account hijacking
X Individual
CC
CA
Nicole Sifuentes, Elon Musk
24
10/03/2020
Clop
Software AG
The Clop ransomware gang hits the network of German enterprise software giant Software AG last, asking for a ransom of $23 million after stealing employee information and company documents.
Malware
M Professional scientific and technical activities
CC
DE
Software AG, Clop, ransomware
25
10/03/2020
Ryuk
eResearch Technology (ERT)
eResearch Technology (ERT) reveals to have been hit by a ransomware attack.
Malware
M Professional scientific and technical activities
CC
US
eResearch Technology, ERT, ransomware, Ryuk
26
10/03/2020
?
Bay Shore School District
The Bay Shore School District is hit with a DDoS attack.
DDoS
P Education
CC
US
Bay Shore School District
27
10/04/2020
?
Three Swiss universities, including the University of Basel
Threat actors hack at least three Swiss universities, including the University of Basel and manage to drain employee salary transfers.
Unknown
P Education
CC
CH
University of Basel
Split
28
10/05/2020
?
Chowbus
A threat actor hacks into the Chowbus food delivery service and emailed links to the stolen data to all customers.
Unknown
I Accommodation and food service activities
CC
US
Chowbus
29
10/05/2020
Fullz House
Boom! Mobile
Credit card skimming group Fullz House has compromised and injected the website of US mobile virtual network operator (MVNO) Boom! Mobile with a credit card stealer script.
Malicious Script Injection
J Information and communication
CC
US
Fullz House, Boom! Mobile
30
10/05/2020
MuddyWater AKA SeedWorm, Mercury
Multiple targets
Microsoft warns that the Iranian-backed MuddyWater cyber-espionage group was observed using ZeroLogon exploits in multiple attacks during the last two weeks.
Researchers from Palo Alto Networks discover a new malware variant dubbed Black-T developed by the hacker group TeamTnT targeting exposed Docker daemon APIs to perform scanning and cryptojacking operations.
Cloud Misconfiguration
Y Multiple Industries
CC
>1
Palo Alto Networks, Black-T, TeamTnT, Docker
32
10/05/2020
Chinese-speaker threat actors.
Two undisclosed NGOs
While investigating an attack against two NGOs, researchers from Kaspersky discover the second-ever UEFI rootkit used in the wild, dubbed MosaicRegressor.
Malware
U Activities of extraterritorial organizations and bodies
CE
N/A
Kaspersky, UEFI, MosaicRegressor
Split
33
10/05/2020
?
Multiple targets
Researchers from Juniper discover new malware campaigns abusing a pastebin-like service called paste.nrecom.net, to distribute multiple malicious payloads including Agent Tesla.
Malware
Y Multiple Industries
CC
>1
Juniper, paste.nrecom.net, Agent Tesla.
34
10/05/2020
?
WhatsApp account of Minister of South Africa Communications and Digital Technologies, Stella Ndabeni-Abrahams
The WhatsApp account of Minister of Communications and Digital Technologies, Stella Ndabeni-Abrahams is hacked, resulting in private and confidential information being in the hands of a third party.
Account hijacking
O Public administration and defence, compulsory social security
CE
ZA
WhatsApp, Minister of Communications and Digital Technologies, Stella Ndabeni-Abrahams
35
10/05/2020
rootkit
104 Job Bank
Chinese hackers allegedly steal the data of nearly six million Taiwanese individuals from 104 Job Bank and post it in the dark web.
Unknown
N Administrative and support service activities
CC
TW
China, Taiwan, 104 Job Bank
36
10/06/2020
?
US Census Bureau
The US Department of Homeland Security reveals that unknown threat actors have targeted the US Census network during the last year.
Targeted Attack
O Public administration and defence, compulsory social security
CE
US
US Department of Homeland Security, DHS, US Census Bureau
37
10/06/2020
?
Ardonagh Group
Insurance company Ardonagh Group suffers a potential ransomware infection.
Malware
K Financial and insurance activities
CC
UK
Ardonagh Group, ransomware
38
10/06/2020
?
Undisclosed target
Researchers from Malwarebytes reveal the details of a new attack called Kraken that injects its payload into the Windows Error Reporting (WER) service as a defense evasion mechanism.
Malware
Z Unknown
CC
N/A
Malwarebytes, Kraken, Windows Error Reporting, WER
39
10/06/2020
?
About 20 cryptocurrency executives in Israel
About 20 cryptocurrency executives in Israel have their phones hacked and their online identity stolen in a SS7 attack.
Account hijacking
V Fintech
CC
IL
SS7
40
10/06/2020
?
Multiple state and local governments in the U.S.
The Cybersecurity and Infrastructure Security Agency (CISA) publishes an alert warning about Emotet attacks, targeting multiple state and local governments in the U.S. as part of potentially targeted campaigns.
Malware
O Public administration and defence, compulsory social security
CC
US
Cybersecurity and Infrastructure Security Agency, CISA, Emotet
41
10/06/2020
?
Misconfigured IoT devices
Researchers from Qihoo 360 Netlab reveal the details of HEH, a newly discovered botnet contains code that can wipe all data from infected systems, such as routers, servers, and IoT devices.
Misconfigurations
Y Multiple Industries
CC
>1
Qihoo 360, HEH, IoT
42
10/06/2020
?
Single individuals
Researchers from Area 1 Security reveal the details of a phishing campaign targeting the supporters of President Trump to deliver the Emotet malware.
Malware
X Individual
CC
US
Area 1 Security, Donald Trump, Emotet
43
10/06/2020
?
Public sector and other key organizations in Azerbaijan
Researchers from Cisco Talos discover a new variant of the PoetRAT active in Azerbaijan, targeting the public sector and other key organizations.
Targeted Attack
O Public administration and defence, compulsory social security
CE
AZ
Cisco Talos, PoetRAT, Azerbaijan, Armenia
44
10/06/2020
?
Institute of Distance and Open Learning (IDOL)
The Institute of Distance and Open Learning (IDOL) of the University of Mumbai postpones the exams after a cyber attack.
Unknown
P Education
CC
IN
Institute of Distance and Open Learning, IDOL, University of Mumbai
45
10/06/2020
?
Heartland Community College
Heartland Community College is hit with a cyber attack.
Unknown
P Education
CC
US
Heartland Community College
46
10/07/2020
?
Multiple targets
Researchers from Microsoft warn that cybercriminals from TA505 (AKA Chimborazo) have started to incorporate exploit code for the ZeroLogon vulnerability in their attacks.
Researchers from ProofPoint discover a phishing campaign pushing a network-compromising backdoor, pretending to have the inside scoop on President Trump's health after being infected with COVID-19.
Account hijacking
Y Multiple Industries
CC
US
ProofPoint, Trump, COVID-19, BazarLoader
48
10/07/2020
?
Multiple targets
The U.S. Financial Industry Regulatory Authority (FINRA) issues a notice warning member brokerage firms of widespread phishing attacks using surveys to harvest information.
Account hijacking
K Financial and insurance activities
CC
US
Financial Industry Regulatory Authority, FINRA
49
10/07/2020
?
Multiple targets
Researchers from Armorblox describe a credential phishing campaign in disguise of an important update on the recipient's COVID-19 relief funds.
Account hijacking
Y Multiple Industries
CC
>1
Armorblox, COVID-19
50
10/07/2020
DoppelPaymer
Hall County
Hall County is hit with a DoppelPaymer ransomware attack.
Malware
O Public administration and defence, compulsory social security
CC
US
Hall County, DoppelPaymer, ransomware
51
10/07/2020
?
Lake George Land Conservancy
Lake George Land Conservancy discloses to have been hit with a ransomware attack on September 23.
Malware
Q Human health and social work activities
CC
US
Lake George Land Conservancy, ransomware
52
10/07/2020
?
AAA Ambulance Service
AAA Ambulance Service reveals to have been hit with a ransomware attack on July 1.
Malware
Q Human health and social work activities
CC
US
AAA Ambulance Service, ransomware
53
10/07/2020
?
MacDowell
MacDowell joins the list of the victims of the Blackbaud ransomware attack.
Malware
Q Human health and social work activities
CC
US
MacDowell, Blackbaud, ransomware
54
10/07/2020
?
Shady Hill School
Shady Hill School joins the list of the victims of the Blackbaud ransomware attack.
Malware
P Education
CC
US
Shady Hill School, Blackbaud, ransomware
55
10/07/2020
?
Scholarship America
Scholarship America joins the list of the victims of the Blackbaud ransomware attack.
Malware
Q Human health and social work activities
CC
US
Scholarship America, Blackbaud, ransomware
56
10/08/2020
?
Sam's Club
Sam's Club sends automated password reset emails and security notifications to customers were hacked in credential stuffing attacks.
Credential Stuffing
G Wholesale and retail trade
CC
US
Sam's Club
57
10/08/2020
?
Springfield Public Schools district
The Springfield Public Schools district in Massachusetts is the victim of a ransomware attack that has causes the closure of schools.
Malware
P Education
CC
US
Springfield Public Schools district, ransomware
58
10/08/2020
?
Android Users
Researchers from White Ops discover RAINBOWMIX, a series of 240+ Android apps, engaging in deceptive behavior by using out of context (OOC) ads, with more than 14 million downloads and $150,000 daily profit.
Malware
X Individual
CC
>1
White Ops, RAINBOWMIX, Android
59
10/08/2020
BlackTech?
Taiwanese government agencies
Researchers from CyCraft discover a fresh Waterbear campaign targeting Taiwanese government agencies.
Targeted Attack
O Public administration and defence, compulsory social security
CE
TW
CyCraft, Waterbear, BlackTech
60
10/08/2020
Bahamut
Multiple targets
Researchers from Blackberry reveal the details of Bahamut, a mercenary hacking group responsible for extensive operations against targets around the world.
Targeted Attack
Y Multiple Industries
CE
>1
Blackberry, Bahamut
61
10/08/2020
KelvinSecTeam
Airlink International UAE
Cybersecurity researchers from Cyble discover a threat actor sharing leaked data of Airlink International UAE for free on two different platforms.
Unknown
H Transportation and storage
CC
UAE
Cyble, Airlink International UAE
62
10/08/2020
MontysThree
Multiple targets in Russia
Kaspersky Lab researchers spot a new threat actor, tracked as MontysThree, composed of Russian speaking members targeting Russian industrial organizations.
Targeted Attack
Y Multiple Industries
CE
RU
Kaspersky Lab, MontysThree
63
10/08/2020
Iran's Islamic Revolutionary Guard
Public opinion in the US
The US seizes 92 domain names used by Iran's Islamic Revolutionary Guard Corps to spread a worldwide disinformation campaign.
Fake News
O Public administration and defence, compulsory social security
CW
US
Iran, Islamic Revolutionary Guard Corps
64
10/08/2020
?
Sandwich Public Schools
Sandwich Public Schools are hit by a DDoS attacks.
DDoS
P Education
CC
US
Sandwich Public Schools
65
10/08/2020
?
City of Franklin
Town officials from the City of Franklin announce to have been victimized by a "spearphishing" attack that resulted in $522,000 being "misdirected to a third party."
Account hijacking
O Public administration and defence, compulsory social security
CC
US
City of Franklin
66
10/09/2020
Government-backed attackers
US elections support systems
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns that Government-backed hackers have compromised and gained access to US elections support systems by chaining together multiple vulnerabilities.
O Public administration and defence, compulsory social security
CE
US
U.S. Cybersecurity and Infrastructure Security Agency, CISA, CVE-2018-13379, CVE-2020-15505, CVE-2020-1472
67
10/09/2020
?
Docsketch
Electronic document-signing service Docsketch notifies customers about a security breach that took place over the past summer, When an unauthorized third-party gained access to a copy of its database in early August this year.
Unknown
M Professional scientific and technical activities
CC
US
Docsketch
68
10/09/2020
?
Android Users
Researchers from Microsoft wart about AndroidOS/MalLocker.B, a mobile ransomware activating when pressing the Home button.
The Georgia Department of Human Services (DHS) reveals that information for children and parents was accessed by hackers over the summer, between May 3 and May 15, 2020.
Unknown
O Public administration and defence, compulsory social security
CC
US
Georgia Department of Human Services, DHS
70
10/09/2020
?
eSewa
eSewa, a digital wallet in Nepal, suffers a massive data breach, exposing email addresses, phone numbers and passwords and other details of an undetermined number of its users.
Unknown
V Fintech
CC
NP
eSewa
71
10/09/2020
?
Multiple targets
Researchers from Malwarebytes reveal that Cybercriminals have planted a payment card skimmer on the websites of several organizations using the PlayBack Now conference platform.
Malicious Script Injection
G Wholesale and retail trade
CC
>1
Malwarebytes, PlayBack Now
72
10/09/2020
?
NextLight
NextLight, a fiber optic broadband internet service is hit with a DDoS attack.
DDoS
J Information and communication
CC
US
NextLight
73
10/09/2020
?
Tyngsborough School District
The Tyngsborough School District is hit with a cyber attack.
Unknown
P Education
CC
US
Tyngsborough School District
74
10/12/2020
TrickBot
Multiple targets
The TrickBot gang operators are increasingly targeting high-value targets with the new stealthy BazarLoader trojan before deploying the Ryuk ransomware.
Malware
Y Multiple Industries
CC
>1
TrickBot, BazarLoader, Ryuk, ransomware
75
10/12/2020
?
Multiple targets
A new campaign distributing Qbot, uses a new template with a fake Windows Defender Antivirus theme to trick the user into enabling Excel macros.
Malware
Y Multiple Industries
CC
>1
Qbot, Windows Defender
76
10/12/2020
?
Users of the Electrum wallet app
A simple technique has helped cybercrime gangs steal more than $22 million in user funds from users of the Electrum wallet app.
Malware
V Fintech
CC
>1
Electrum
77
10/12/2020
?
50,000 home security cameras
A group of hackers claims to have compromised over 50,000 home security cameras and published their private footage online (3TB).
Misconfigurations
X Individual
CC
SG
Camera
78
10/12/2020
Spectre123
NATO
Researchers from Cyble discover a post shared by an unknown threat actor that goes online with the moniker Spectre123, where he has allegedly leaked the sensitive documents of NATO.
Unknown
U Activities of extraterritorial organizations and bodies
Unknown
N/A
Cyble, Spectre123, NATO
79
10/12/2020
Spectre123
Havelsan
Researchers from Cyble discover a post shared by an unknown threat actor that goes online with the moniker Spectre123, where he has allegedly leaked the sensitive documents of Havelsan, a Turkish Military/defence manufacturer.
Unknown
C Manufacturing
Unknown
N/A
Cyble, Spectre123, Havelsan
80
10/12/2020
?
Spotless Group
Spotless Group, a facilities services provider, falls victim to a ransomware attack.
Malware
N Administrative and support service activities
CC
AU
Spotless Group, ransomware
81
10/12/2020
?
City of Mt. Pleasant
The City of Mt. Pleasant falls victim to a ransomware attack.
Malware
O Public administration and defence, compulsory social security
CC
US
City of Mt. Pleasant, ransomware
82
10/12/2020
?
Walled Lake Consolidated School District
Walled Lake Consolidated School District is hit by a cyber attack.
Unknown
P Education
CC
US
Walled Lake Consolidated School District
83
01/01/1970
?
Seyfarth Shaw
International law firm Seyfarth Shaw announces that it was the victim of a ransomware attack over the weekend.
Malware
M Professional scientific and technical activities
CC
US
Seyfarth Shaw, ransomware
84
01/01/1970
?
London's Hackney Council
London's Hackney Council says it has been hit by "a serious cyber-attack" (probably ransomware) which is affecting its IT systems.
Malware
O Public administration and defence, compulsory social security
CC
UK
London, Hackney Council, ransomware
85
01/01/1970
?
Verificient
The online proctoring service ProctorTrack disables access to their service after its parent company Verificient is hacked.
Unknown
M Professional scientific and technical activities
CC
US
ProctorTrack, Verificient
86
01/01/1970
?
Governmental department in Iran
Iran ’s cybersecurity authority reveals that two governmental departments were hit by cyberattacks this week.
Unknown
O Public administration and defence, compulsory social security
N/A
IR
Iran
87
01/01/1970
?
Intcomex
After a ransomware attack, Intcomex suffers a major data breach, with nearly 1 TB of its users’ data leaked. The leaked data includes credit cards, passport and license scans, personal data, payroll, financial documents, customer databases, employee information and more.
Malware
M Professional scientific and technical activities
CC
US
Ransomware, Intcomex
88
01/01/1970
?
Single individuals
Researchers from Cisco Talos warn of a recent dramatic uptick in the activity of the Lemon Duck cryptocurrency-mining botnet, which targets victims’ computer resources to mine the Monero virtual currency.
Malware
X Individual
CC
>1
Cisco Talos, Lemon Duck, Monero, Crypto
89
01/01/1970
FIN11
Multiple targets in North America and Europe
Researchers from FireEye reveal that the threat actors behind FIN11 are now deploying the Clop ransomware against multiple targets in North America and Europe
Malware
Y Multiple Industries
CC
>1
FireEye, FIN11, Clop, ransomware
90
01/01/1970
?
Barnes & Noble
U.S. Bookstore giant Barnes & Noble discloses that they were victims of a cyberattack that may have exposed customers' data.
Malware
G Wholesale and retail trade
CC
US
Barnes & Noble, ransomware
91
01/01/1970
?
Multiple targets
Researchers from Cofense discover a new campaign abusing the graphic design Canva to distribute phishing pages.
Account hijacking
Y Multiple Industries
CC
>1
Cofense, Canva
92
01/01/1970
Silent Librarian AKA TA407, COBALT DICKENS
Multiple universities
Researchers from Malwarebytes reveal that the Iranian APT Silent Librarian/TA407/COBALT DICKENS has been actively targeting universities via spear phishing campaigns since schools and universities went back.
Account hijacking
P Education
CE
>1
Malwarebytes, Librarian, TA40, /COBALT DICKENS
93
01/01/1970
?
Puerto Rico’s firefighting department
Puerto Rico’s firefighting department says that its database was hacked by unknown people demanding $600,000 in an act of alleged extortion.
Malware
O Public administration and defence, compulsory social security
CC
PR
Puerto Rico, ransomware
94
01/01/1970
?
Governmental department in Iran
Iran ’s cybersecurity authority reveals that two governmental departments were hit by cyberattacks this week.
Unknown
O Public administration and defence, compulsory social security
N/A
IR
Iran
95
01/01/1970
?
Haldiram’s
Snacks manufacturer Haldiram’s reveals to have been hit with a ransomware attack occurred on July 17.
Malware
I Accommodation and food service activities
CC
IN
Haldiram’s, ransomware
96
01/01/1970
?
Multiple targets including Travelex
Researchers from Radware reveal the details of a new DDoS/Extortion campaign targeting multiple organizations worldwide.
DDoS
Y Multiple Industries
CC
>1
Radware, Travelex
97
01/01/1970
?
Dickey's Barbecue Pit
The card details of more than three million customers of Dickey's Barbecue Pit, the largest barbecue restaurant chain in the US, are posted on Joker's Stash. The company suffered a POS breach between July 2019 and August 2020.
PoS Malware
I Accommodation and food service activities
CC
US
Dickey's Barbecue Pit, Joker's Stash
98
01/01/1970
Egregor
Crytek
The Egregor ransomware gang hits game developer Crytek in a confirmed ransomware attack and leak what they claim are files stolen from Ubisoft's network.
Malware
R Arts entertainment and recreation
CC
DE
Egregor, ransomware, Crytek, Ubisoft
99
01/01/1970
?
Multiple targets
A new malicious campaign carried out via the Emotet botnet uses a new malicious attachment that pretends to be a message from Windows Update telling to upgrade Microsoft Word.
Malware
Y Multiple Industries
CC
>1
Emotet, Windows Update
100
01/01/1970
MuddyWater AKA SeedWorm, Mercury
Multiple targets
Security researchers from ClearSky and Profero link multiple intrusions injecting the Thanos ransomware to MuddyWater.