The first cyber attacks timeline of October 2021 is here and let me say that, at least in terms of numbers, I have recorded a new low for this year: 77 events in comparison with 108 of the previous timeline. Nonetheless, ransomware continues to dominate the threat landscape, characterizing, directly or indirectly, 28.6% of events (it was 26.8% in the previous timeline) with more high-profile victims, especially in the healthcare sector, joining the list of the targets.
Vulnerabilities continue to be one of the preferred inital access vectors for attackers for opportunistic and state-sponsored attackers: a Chinese threat actor dubbed IronHusky, was discovered targeting IT companies, military/defense contractors, and diplomatic entities since 2012 using a new 0-day tracked as CVE-2021-40449, the Atom Silo ransomware gang started to target Confluence servers vulnerable to CVE-2021-26084, and even the Apache Software Foundation had to patch its Web Server to address three vulnerabilites, one of which, CVE-2021-41773, was actively exploited by attackers.
But even the mobile operating systems are under attack: Apple released iOS 15.0.2 and iPadOS 15.0.2 to fix CVE-2021-30883, a zero-day vulnerability actively exploited in the wild.
As always the cyber espionage front is rich of events. APT28 is always very active, and Google had to send out email notifications to more than 14,000 Gmail users, victims of a spear-phishing attack orchestrated by the same actor… But they are not the only ones. Besides the above quoted IronHusky, the timeline includes fresh new campaigns by APT35, APT41, the Donot Team, and also a new actor dubbed DEV-0343 targeting the Office 365 tenants of US and Israeli defense technology companies in extensive password spraying attacks.
Expand for details
ID
Date Reported
Date Occurred
Date Discovered
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
1
01/10/2021
Since late 2020
During September 2021
Flubot
Android users in New Zealand
New Zealand's computer emergency response team (CERT NZ) warns of a new Flubot Android malware campaign spreading via fake security updates.
Malware
Finance and insurance
CC
NZ
New Zealand, CERT NZ, Flubot, Android
2
01/10/2021
-
8/6/2021
?
Epilepsy Foundation of Texas
The Epilepsy Foundation of Texas discloses a phishing incident that may have compromised the personal or medical information of certain individuals.
Account Takeover
Human health and social work
CC
US
Epilepsy Foundation of Texas
3
01/10/2021
-
-
Desorden Group
Skynet.com.my
Desorden Group claims to have breached Skynet.com.my, a carrier company in Malaysia that provides domestic and international carrier services.
Skynet.com.my
Professional, scientific and technical
CC
MY
Desorden Group, Skynet.com.my
4
02/10/2021
1/10/2021
1/10/2021
Conti
Sandhills Global
Industry publication giant Sandhills Global suffers a ransomware attack, causing hosted websites to become inaccessible and disrupting their business operations.
Malware
Information and communication
CC
US
Sandhills Global, ransomware, Conti
5
03/10/2021
-
-
?
Barclays customers
Customers of Barclays fall victims of a series of coordinated cyberattacks by a fraudster using a Monzo account and a payments initiation service provider (PISP).
Account Takeover
Finance and insurance
CC
UK
Barclays, Monzo
6
04/10/2021
4/10/2021
4/10/2021
?
Meliá Hotels International
A ransomware incident cripples activities at Meliá Hotels International, one of the largest hotel chains in the world.
Malware
Accommodation and food service
CC
ES
Meliá Hotels International, ransomware
7
04/10/2021
-
-
Atom Silo
Multiple organizations
Researchers from Sophos reveal a new campaign by the Atom Silo ransomware gang targeting vulnerable Confluence Server via CVE-2021-26084.
Malware
Multiple Industries
CC
>1
Atom Silo, ransomware, Sophos, Confluence Server, CVE-2021-26084
8
04/10/2021
-
-
LockBit 2.0
E.M.I.T. Aviation Consulting Ltd.
Israeli Aerospace & Defense firm E.M.I.T. Aviation Consulting Ltd. is hit by the LockBit 2.0 ransomware.
Johnson Memorial Health operates under electronic health record downtime procedures, after a cyberattack hits its computer network.
Unknown
Human health and social work
CC
US
Johnson Memorial Health
10
04/10/2021
-
-
?
Lodi Unified School District
The Lodi Unified School District has its internet connection cut off after a "cyber security incident".
Unknown
Education
CC
US
Lodi Unified School District
11
04/10/2021
-
1/10/2021
Alkhal
Organizations in India
The Data Security Council of India issues an advisory on Alkhal, a ransomware spread via spam emails, phishing and malicious URLs.
Malware
Multiple Industries
CC
IN
Data Security Council of India, DSCI, Alkhal
12
04/10/2021
2/10/2021
2/10/2021
?
CVC
A ransomware attack knocks down pages and services of the company of tourism CVC.
Malware
Accommodation and food service
CC
BR
CVC, ransomware
13
05/10/2021
Since at least September 2020
-
APT41
Victims in India
Researchers from Blackberry release a new report linking disparate malware campaigns to Chinese cyberespionage group APT41, using COVID-19 phishing lures to target victims in India.
Account Takeover
Individual
CE
IN
Blackberry, APT41, COVID-19
14
05/10/2021
Since 2012
-
Unknown Chinese-speaking threat actor
Multiple organizations
Researchers from ESET discover ESPecter, a previously undocumented real-world UEFI bootkit.
Malware
Multiple Industries
CE
>1
ESET, ESPecter, UEFI
15
05/10/2021
"Recently"
-
?
Undisclosed organization
Researcher from Sophos discover a ransomware gang using a Python script to encrypt virtual machines hosted on VMware ESXi servers.
Malware
Unknown
CC
N/A
Sophos, ransomware, Python, VMware ESXi
16
05/10/2021
-
-
Multiple threat actors
Vulnerable Apache Servers
The Apache Software Foundation releases version 2.4.50 of the HTTP Web Server to address two vulnerabilities, one of which is an actively exploited.
CVE-2021-41773 Vulnerability
Multiple Industries
CC
>1
Apache Software Foundation, CVE-2021-41773
17
05/10/2021
5/10/2021
5/10/2021
REvil AKA Sodinokibi
Fimmick
Hong Kong marketing firm Fimmick is hit with a REvil ransomware attack.
Malware
Professional, scientific and technical
CC
HK
Fimmick, REvil, Sodinokibi, ransomware
18
05/10/2021
From mid-May to mid-August 2021
During August 2021
?
Chase Bank customers
Researchers from Cyren detect a notable increase in phishing kits designed to mimic the Chase banking portal.
Account Takeover
Finance and insurance
CC
US
Cyren, Chase Bank
19
05/10/2021
Between 17/02/2021 and 28/04/2021
-
?
Next Level Apparel
Next Level Apparel, a US clothing manufacturer and e-commerce operator alerts customers to a data breach connected to the compromise of employee mailboxes.
Account Takeover
Manufacturing
CC
US
Next Level Apparel
20
05/10/2021
From 02/04/2021 to 03/04/2021
5/4/2021
?
Coughlin & Cerhart, LLP
Coughlin & Cerhart, LLP notifies to have suffered a data breach.
Unknown
Professional, scientific and technical
CC
US
Coughlin & Cerhart, LLP
21
06/10/2021
During September 2021
During September 2021
APT28 AKA Fancy Bear
Gmail users in multiple organizations
Google sends out email notifications to more than 14,000 Gmail users that they’ve been the target of a spear-phishing attack orchestrated by the state-sponsored hacking group APT28
Account Takeover
Multiple Industries
CE
>1
APT28, Google, Gmail
22
06/10/2021
-
-
?
Twitch
Twitch source code and streamers' and users' sensitive information are allegedly leaked online by an anonymous user on the 4chan imageboard. The leaker shares a torrent link leading to a 125GB archive containing data allegedly stolen from roughly 6,000 internal Twitch Git repositories.
Misconfiguration
Information and communication
CC
>1
Twitch
23
06/10/2021
During July 2021
Since November 2018
MalKamak (Linked to Iran?)
Aerospace and Telecommunications industries in the Middle East, the U.S., Russia and Europe.
Researchers from Cybereason reveal the details of Operation GhostShell, a highly-targeted cyber espionage campaign targeting the Aerospace and Telecommunications industries mainly in the Middle East, with additional victims in the U.S., Russia and Europe.
Targeted Attack
Multiple Industries
CE
>1
MalKamak, Cybereason, Operation GhostShell, Iran
24
07/10/2021
Since at least October 2018
-
FIN12
Healthcare sector in the US
A report from Mandiant reveals the details of FIN12, an aggressive, financially motivated Russian-speaking threat actor group that deploying the Ryuk ransomware via Trickbot initial access brokers, targeting the healthcare sector.
Malware
Human health and social work
CC
US
Mandiant, FIN12, Ryuk, ransomware, Trickbot
25
07/10/2021
Since at least October 2018
"Recently"
Vidar
Multiple organizations
Researchers at Cyberint discover a new Vidar stealer campaign abusing the Mastodon social media network to get C2 configuration without raising alarms.
Malware
Multiple Industries
CC
>1
Cyberint, Mastodon, Vidar
26
07/10/2021
During the second half of September 2021
During the second half of September 2021
?
Weir Group
Scottish multinational engineering firm Weir Group discloses an "attempted ransomware attack" that led to "significant temporary disruption" in September.
Malware
Professional, scientific and technical
CC
UK
Weir Group, ransomware
27
07/10/2021
Between December 2019 and January 2020
-
Donot Team (AKA APT-C-35)
Prominent activists in Togo
Researchers from Amnesty International reveal the details of a cyber espionage campaign targeting activists in Togo via an Android spyware.
ESET researchers discover FontOnLake, a previously unknown malware family that utilizes custom and well-designed modules, targeting systems running Linux.
Malware
Multiple Industries
CC
>1
ESET, FontOnLake, Linux
29
07/10/2021
Since at least 2016
-
?
TP-Link routers
Since at least 2016, a threat actor has hijacked TP-Link routers as part of a botnet that abused a built-in SMS capability to run an underground Messaging-as-a-Service operation
Vulnerability
Multiple Industries
CC
>1
TP-Link
30
07/10/2021
Mid-September 2021
-
LockBit
Unknown organization
French transportation giant Transdev denies that any of its information was stolen by a ransomware group after cybercriminals claimed to have 200GB of data and threatened to leak it. Instead the company believes the data referenced by the criminal group likely belongs to a client attacked on mid-September.
Malware
Unknown
CC
N/A
Transdev, LockBit, ransomware
31
07/10/2021
-
-
Xgroup
Victims in the EU
Researchers from DarkOwl uncover a new COVID-19 vaccination scam involving hackers tricking victims into providing their personal information under the assumption that cybercriminals can hack into European Union hospitals and falsify vaccination records.
Account Takeover
Individual
CC
EU
Xgroup, DarkOwl, COVID-19
32
07/10/2021
"Recently"
-
TeamTNT
Multiple targets
The Uptycs Threat Research Team identifies a campaign in which the TeamTNT threat actors deployed a malicious container image (hosted on Docker Hub) with an embedded script to download Zgrab scanner and masscanner.
Fantasy Football Hub, a start-up specializing in Premier League fantasy football, admits it suffered a data breach after a hacker gained access to their WordPress administrator dashboard and downloaded the Hub's usernames, emails, site financial reports, and affiliate payment records.
Unknown
Arts entertainment, recreation
CC
UK
Fantasy Football Hub
34
07/10/2021
7/10/2021
7/10/2021
?
Official Facebook page of a destroyer-class Navy warship, the USS Kidd
The official Facebook page of a destroyer-class Navy warship, the USS Kidd is taken over to stream Age of Empires play.
Account Takeover
Public admin and defence, social security
CC
US
Facebook, USS Kidd, Age of Empires
35
07/10/2021
14/9/2021
14/9/2021
Vice Society
Manhasset Union Free School District
Manhasset Union Free School District is hit with a ransomware attack.
Malware
Education
CC
US
Manhasset Union Free School District, ransomware, Vice Society
36
07/10/2021
5/4/2021
-
Pysa
Consolidated High School District 230
Consolidated High School District 230 joins the list of the PYSA ransomware gang.
Malware
Education
CC
US
Consolidated High School District 230, Pysa, ransomware
37
08/10/2021
Between 27/07/2021 and 16/08/2021
9/8/2021
?
JDC Healthcare Management
JDC Healthcare Management discloses a ransomware attack occurred between July and August 2021.
Malware
Human health and social work
CC
US
JDC Healthcare Management, ransomware
38
08/10/2021
8/10/2021
8/10/2021
?
Twitch
Unknown hackers manage to deface Twitch for a few hours replacing a number of background game images with photos of former Amazon CEO Jeff Bezos.
Defacement
Information and communication
CC
US
Twitch, Amazon, Jeff Bezos.
39
08/10/2021
-
-
?
QuickBooks customers
Intuit warns QuickBooks customers that they are targeted by an ongoing phishing campaign impersonating the company and trying to lure potential victims with fake renewal charges.
Account Takeover
Finance and insurance
CC
>1
Intuit, QuickBooks
40
08/10/2021
-
-
?
Intuit Customers
Intuit is also being impersonated by other threat actors in a fake copyright phishing scam, delivering the Hancitor (aka Chanitor) malware downloader or Cobalt Strike beacons.
Malware
Finance and insurance
CC
>1
Intuit, Hancitor, Chanitor, Cobalt Strike
41
08/10/2021
"Recently"
"Recently"
?
Resources on Huawei Cloud
Researchers from Trend Micro discover a new version of a Linux crypto-mining malware previously used to target Docker containers in 2020 now focusing on Huawei Cloud.
Malware
Multiple Industries
CC
>1
Trend Micro, Linux, Docker, Huawei Cloud
42
08/10/2021
8/8/2021
10/8/2021
?
ReproSource
Quest Diagnostics discloses a ransomware attack occurred in August that hit ReproSource, a fertility clinic owned by the company. The ransomware attack led to a data breach, exposing a significant amount of health and financial information for about 350,000 ReproSource patients.
Malware
Human health and social work
CC
US
Quest Diagnostics, ReproSource, ransomware
43
08/10/2021
Between 29/06/2021 and 31/08/2021
10/8/2021
?
Oregon Eye Specialists
Oregon Eye Specialists disclose a data breach related to unauthorized activity on internal email accounts.
Account Takeover
Human health and social work
CC
US
Oregon Eye Specialists
44
08/10/2021
Between 19/05/2021 and 24/05/2021
24/5/2021
?
Plumsted Township
Plumsted Township discloses a phishing attack occurred in May.
Account Takeover
Public admin and defence, social security
CC
US
Plumsted Township
45
09/10/2021
-
-
?
Verizon subscribers
Verizon subscribers start to receive malicious messages from unidentified senders. The phishing scam involves sending texts to a recipient through a suspicious phone number.
Account Takeover
Individual
CC
US
Verizon
46
09/10/2021
-
-
?
Harvard-Westlake Private School
Students’ confidential academic files are exposed after a malicious actor obtains the username and password of Naviance, the school's counseling platform.
Account Takeover
Education
CC
US
Harvard-Westlake Private School
47
11/10/2021
Since late July 2921
-
DEV-0343
US and Israeli defense technology companies
Researchers from Microsoft reveal that Iran-linked threat actors are targeting the Office 365 tenants of US and Israeli defense technology companies in extensive password spraying attacks.
Password-spraying
Professional, scientific and technical
CE
US
IL
DEV-0343, Microsoft, Microsoft 365, Iran
48
11/10/2021
-
-
?
Undisclosed targets
Apple releases iOS 15.0.2 and iPadOS 15.0.2 to fix a zero-day vulnerability actively exploited in the wild in attacks targeting Phones and iPads.
Olympus reveals to be currently investigating a potential cybersecurity incident detected October 10, 2021 that is affecting its Americas (U.S., Canada and Latin America) IT systems.
Unknown
Manufacturing
CC
>1
Olympus
53
12/10/2021
9/10/2021
9/10/2021
?
Banco Pichincha
Ecuador's largest private bank Banco Pichincha suffers a cyberattack that disrupts operations and takes the ATM and online banking portal offline
Unknown
Finance and insurance
CC
EC
Banco Pichincha
54
12/10/2021
Since 2012
During late August and early September 2021,
IronHusky
IT companies, military/defense contractors, and diplomatic entities
Researchers from Kaspersky reveal the details of MysterySnail, a cluster of activities carried out by the Chinese threat actor IronHusky, targeting IT companies, military/defense contractors, and diplomatic entities since 2012 using a new 0-day tracked as CVE-2021-40449.
Researchers from INKY discover a phishing campaign spoofing Verizon and using mathematical symbols on impersonated company logos to evade detection.
Account Takeover
Multiple Industries
CC
US
INKY, Verizon, Microsoft 365
56
12/10/2021
Since at least 2016
-
MyKings (AKA Smominru or DarkCloud)
Multiple organizations using Microsoft 365
Researchers from Avast reveal that the MyKings botnet (aka Smominru or DarkCloud) is still actively spreading, making massive amounts of money in crypto, five years after it first appeared in the wild.
Malware
Multiple Industries
CC
>1
Avast, MyKings, Smominru, DarkCloud
57
13/10/2021
-
-
@AnibalLeaks
Argentinian RENAPER (Registro Nacional de las Personas, or National Registry of Persons)
A hacker claims to have breached the Argentinian government’s IT network and stolen ID card details for the country’s entire population, data that is now being sold in private circles.
Unknown
Public admin and defence, social security
CC
AR
RENAPER, Registro Nacional de las Personas, National Registry of Persons, @AnibalLeaks
58
13/10/2021
11/10/2021
11/10/2021
?
Visible
Visible, a US digital wireless carrier owned by Verizon, admits that some customer accounts were hacked after dealing with technical problems in the past couple of days.
Unknown
Information and communication
CC
US
Visible
59
13/10/2021
-
22/8/2021
?
Chrome users
Researchers from Imperva discover AllBlock, a Chromium ad blocking extension injecting hidden affiliate links that generate commissions for the developers.
Malicious Chrome Extension
Individual
CC
>1
Imperva, AllBlock, Chromium
60
13/10/2021
-
-
?
University of Sunderland
The University of Sunderland in the UK announces extensive operational issues that have taken most of its IT systems down, attributing the problem to a cyber-attack.
Unknown
Education
CC
UK
University of Sunderland
61
13/10/2021
Since at least May 2021
During May 2021
?
Victims in the US and EU using Tinder, Bumble, Grindr, Facebook Dating
Researchers from Sophos discover CryptoRom, a dating app scam that led to the theft of millions of dollars from people on Tinder, Bumble, Grindr, Facebook Dating and similar apps.
Crypto scam
Individual
CC
>1
Sophos, CryptoRom, Apple, Tinder, Bumble, Grindr, Facebook Dating
62
13/10/2021
13/10/2021
13/10/2021
?
Hillel Yaffe Medical Center
The Hillel Yaffe Medical Center is hit with a ransomware attack,
Malware
Human health and social work
CC
IL
Hillel Yaffe Medical Center, ransomware
63
13/10/2021
Since mid-2021
-
ITG23 AKA Wizard Spider
Multiple organizations
Researchers from IBM X-Force reveal that operators behind the infamous TrickBot (ITG23 and Wizard Spider) malware have resurfaced with new distribution channels to deliver malicious payloads, such as Conti ransomware.
Malware
Multiple Industries
CC
>1
IBM X-Force, TrickBot, ITG23, Wizard Spider, Conti, ransomware
64
13/10/2021
-
-
?
Among Us gamers
Researchers from Malwarebytes discover a campaign serving malicious content from TikTok via fake Among Us and Steam offerings.
Malware
Arts entertainment, recreation
CC
>1
Malwarebytes, TikTok, Among Us, Steam
65
13/10/2021
25/6/2020
1/6/2021
?
American Osteopathic Association (AOA)
The American Osteopathic Association discloses a breach affecting 27,485 individuals.
Unknown
Other service activities
CC
US
American Osteopathic Association, AOA
66
14/10/2021
-
-
?
Porto Seguro
One of Brazil's largest insurance groups, Porto Seguro, reports it suffered a cyberattack that resulted in instability to its service channels and some of its systems.
Unknown
Finance and insurance
CC
BR
Porto Seguro
67
14/10/2021
"Recently"
-
Desorden
Acer
Acer confirms that its after-sales service systems in India were recently breached in what the company called "an isolated attack." Shortly after a threat actor leaks what it claims to be more than 60GB of files and databases from Acer's servers.
Unknown
Manufacturing
CC
IN
Acer, Desorden
68
14/10/2021
-
"Recently"
Yanluowang
Multiple organizations
The Symantec Threat Hunter Team uncovers what appears to be a new ransomware threat called Yanluowang that is being used in targeted attacks.
Malware
Multiple Industries
CC
>1
Symantec Threat Hunter Team, Yanluowang
69
14/10/2021
During August 2021
-
?
California-based Water and Wastewater Systems (WWS) facility
The US government reveals that malicious cyber actors used Ghost variant ransomware against a California-based WWS facility.
Malware
Water supply, waste mgmt, remediation
CC
US
Ghost, ransomware
70
14/10/2021
During July 2021
-
?
Maine-based Water and Wastewater Systems (WWS) facility
The US government reveals that malicious cyber actors used the ZuCaNo ransomware against a Maine-based WWS facility.
Malware
Water supply, waste mgmt, remediation
CC
US
Zucano, ransomware
71
14/10/2021
During March 2021
-
?
Nevada-based Water and Wastewater Systems (WWS) facility
The US government reveals that malicious cyber actors used an unknown ransomware against a Nevada-based WWS facility.
Malware
Water supply, waste mgmt, remediation
CC
US
ransomware
72
14/10/2021
During September 2020
-
?
New Jersey-based Water and Wastewater Systems (WWS) facility
The US government reveals that malicious cyber actors used the Makop ransomware against a New Jersey-based WWS facility.
Malware
Water supply, waste mgmt, remediation
CC
US
Makop, ransomware
73
14/10/2021
Since early September 2021
-
TA505
Financial services organizations
Researchers from Morphisec reveal a new MirrorBlast campaign targeting financial services organizations.
Malware
Multiple Industries
CC
>1
Morphisec, MirrorBlast campaign, TA505
74
14/10/2021
During 2020
During 2020
APT35, AKA Charming Kitten
Multiple organizations
Researchers from Google Threat Analysis Group reveal that suspected attackers from Iran used an array of techniques, from password theft to uploading a fake app to Google Play Store, to try gathering intelligence from targets over the past year.
Multiple techniques
Multiple Industries
CE
>1
Google Threat Analysis Group, APT35, Charming Kitten
75
14/10/2021
-
-
?
Multiple organizations
Researchers from Armorblox discover a vishing campaign spoofing Microsoft to try to gain remote access.
Account Takeover
Multiple Industries
CC
>1
Armorblox, Microsoft
76
14/10/2021
11/9/2021
11/9/2021
?
Public School and Education Employee Retirement Systems of Missouri
The Public School and Education Employee Retirement Systems of Missouri notifies 349,246 employees and retirees of a phishing security incident that occurred on September 11.
Account Takeover
Education
CC
US
Public School and Education Employee Retirement Systems of Missouri
77
14/10/2021
-
14/10/2021
?
Centara Hotels & Resorts
Centara Hotels & Resorts reports a breach following a cyber attack.
Colleton County School District suffers a cyber incident.
Unknown
Education
CC
US
Colleton County School District
79
14/10/2021
-
-
?
Customers of OpenSea
An investigation is triggered after a number of cryptowallets belonging to customers of the largest NFT exchange OpenSea got mysteriously emptied.
Malware
Fintech
CC
>1
OpenSea, NFT
80
14/10/2021
Since March 2020
-
RedLine Stealer
Multiple organizations
Researchers from Recorded Future reveal the details of RedLine Stealer, a malware responsible for the vast majority of stolen credentials currently sold on two dark web underground markets.
Malware
Multiple Industries
CC
>1
Recorded Future, RedLine Stealer
81
15/10/2021
-
-
?
Single individuals
The FBI warns the US public that threat actors are actively using fake and spoofed unemployment benefit websites to harvest sensitive financial and personal information.
Account Takeover
Individual
CC
US
FBI
82
15/10/2021
Since January 2021
-
North Korean government threat actors
Security researchers
Twitter suspends two accounts (@lagal1990 and @shiftrows13) operated by North Korean government hackers and used as part of a plot to attract security researchers to malicious sites and infect their systems with malware.
Targeted Attack
Individual
CE
>1
Twitter, @lagal1990, @shiftrows13, North Korea, DPRK
83
15/10/2021
Between 05/05/2021 and 11/05/2021
-
?
Apollo Career Center
Apollo Career Center discover that an unauthorized person had obtained access to their systems between May 5, 2021 and May 11, 2021, and had transferred some files outside of their network.
Unknown
Education
CC
US
Apollo Career Center
84
15/10/2021
Between 17/04/2021 and 05/05/2021
01/05/2021
?
PracticeMax
PracticeMax, a provider of billing and IT solutions to healthcare organizations, experienced a ransomware attack.
Malware
Professional, scientific and technical
CC
US
PracticeMax, ransomware
85
15/10/2021
22/06/2021
22/06/2021
?
Centinela Valley Union High School District
Centinela Valley Union High School District discloses a ransomware incident
Malware
Education
CC
US
Centinela Valley Union High School District, ransomware
86
15/10/2021
"Recently"
"Recently"
BlackByte
Undisclosed organization
Researchers from Trustwave dicover BlackByte, a new ransomware allegedly created by Russian-speaking actors.
Malware
Multiple Industries
CC
N/A
Trustwave, BlackByte, ransomware
ID
Date Reported
Date Occurred
Date Discovered
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
Enjoy the interactive timeline, and thanks for sharing it, and supporting my work in spreading the risk awareness across the community. Also, don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.
SUPPORT MY WORK!
BREACHOMETER
The “Breachometer” compares the current number of events/day with the max and min values recorded in the previous 12 months.
As promised, I have pulled together some statistics from the data collected in 2020. The master table is available at the end of the post after the charts.
In the first timeline of August, I collected 169 events (corresponding to 11.27 events per day), a considerable decrease compared to the the second half of July...
I have aggregated the statistics created from the cyber attacks timelines published in the second quarter of 2023. In total I have collected 1040 events...
Welcome to the last cyber attacks timeline of 2022! A timeline that marks a sharp decline in the number of recorded events after four consecutive increases…
This blog post lists the main cloud-native threats, that is those cyber events exploiting the cloud in one or more stage of the kill chain. I have collected…
Similarly to what I have done in 2021, I am collecting all the mega breaches (with more than 1 million records leaked). The information is derived from the cyber attacks timelines…
Welcome to the last cyber attacks timeline of 2022! A timeline that marks a sharp decline in the number of recorded events after four consecutive increases…
This blog post lists the main cloud-native threats, that is those cyber events exploiting the cloud in one or more stage of the kill chain. I have collected…
Similarly to what I have done in 2021, I am collecting all the mega breaches (with more than 1 million records leaked). The information is derived from the cyber attacks timelines…
During August 2021, I have collected 170 events that I can finally aggregate into (hopefully useful) statistics. This number represents a 10% decrease in comparison to the