The second timeline of May is finally out confirming the decreasing trend (at least in terms of recorded events) that we have seen in the last few months. In fact, in this timeline I have collected 85 events, with an average rate of 5.32 events per day, which sets the minimum value for 2021. Unfortunately the “simple” number of breaches does not tell the whole story: the list of high-profile targets hit by ransomware especially continue to grow with disruptions that, unavoidably, cross the boundaries of cyber space.

Ransomware continues to dominate the threat landscape causing outages and disruptions worldwide (and yes, not even the pork meat is immune). In this timeline it has characterized, directly or indirectly one out of three events (precisely 34.12%). We are not at the same value of the previous timeline (around 45%), but the value remains high. And as I always point out, the real number could be even higher since too many organizations do not completely disclose the root cause of  unspecified outages or disruptions tracked as the outcome of a generic “cyber attack”.

The season of mega breaches continues with more and more records leaked. Omiai (Japan’s biggest dating app – 1.71 million users), DailyQuiz (13 million users) and most importantly, the Indonesian Social Security Administrator for Health (200 million records) are just few example.

Another trend that does not seem to slow down is the exploitation of vulnerabilities, which equally continues to characterize the threat landscape. And it does not matter whether the target is a remote access technology, or an application server or even a mobile phone: generic cyber criminals or state-sponsored actors continue to take the maximum advantage from this opportunity.

State-sponsored actors are always quite busy, they continue to exploit vulnerabilities, like UNC2630 or UNC2717, or even to shift their tactics, like Nobelium AKA APT29 or Cozy Bear. And curiously, even the Russian government revealed that foreign hackers had breached and stolen information from Russian federal executive bodies. Nobody is safe nowadays!

Expand for details

Enjoy the interactive timeline, and thanks for sharing it, and supporting my work in spreading the risk awareness across the community. Also, don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.


The “Breachometer” compares the current number of events/day with the max and min values recorded in the previous 12 months.

  • The Perfect Storm

    I have decided to create a new timeline tracking the high-impact vulnerabilities targeting both remote access and on-premise technologies exploited...

  • 1-15 August 2021 Cyber Attacks Timeline

    Let’s analyze the events occurred in the first half of August 2021, a Summer characterized by ransomware that, in this timeline, accounts for...

  • The Biggest Data Breaches of 2021

    With this new project I am going to track the biggest data breaches of 2021 extracted from my cyber attack timelines.

  • 2020 Cyber Attacks Statistics

    As promised, I have pulled together some statistics from the data collected in 2020. The master table is available at the end of the post after the charts.

  • July 2021 Cyber Attacks Statistics

    And after the corresponding timelines, I can finally publish the statics for the month of July 2021. In this month I have collected...


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.