The second cyber attacks timeline of November 2021 is finally out (you can find the first one here or in the link below)! In the second half of this month I have collected 96 events, with a daily average slightly decreasing to 6.4 events/day from 6,67 events/day. Ransomware continues to dominate the threat landscape but the percentage of events directly or indirectly characterized dropped to 22% from 30.6% of the previous timeline (but despite the decrease, the criminals are still asking for massive ransoms.) I wonder if this is an effect of the increasing pressure of the law enforcement agencies against the ransomware syndicates.
Another common trend of this period is the impact of vulnerabilities: in this timeline they characterized the 12% of events including several ransomware attacks. We have, among the others, a new 0-day for Android (CVE-2021-1048), the Tortilla threat actor exploiting ProxyShell to deploy the Babuk ransomware, and several widespread operations exploiting Zoho’s ManageEngine ADSelfService Plus CVE-2021-4053 (and yes, threat actors continue to exploit SolarWinds’ Serv-U CVE-2021-35211.
Welcome to the last cyber attacks timeline of 2022! A timeline that marks a sharp decline in the number of recorded events after four consecutive increases…
This blog post lists the main cloud-native threats, that is those cyber events exploiting the cloud in one or more stage of the kill chain. I have collected…
Similarly to what I have done in 2021, I am collecting all the mega breaches (with more than 1 million records leaked). The information is derived from the cyber attacks timelines…
The second cyber attacks timeline of October 2021 is out and brings us a sharp increase in the number of events (111) after the apparent break in the first half of October when I collected 86 events. And let me say that…
Robinhood had the information of approximately 7 million customers compromised, and another decentralized finance (DeFi) platform has bitten the dust, suffering the theft of $55 million worth of crypto assets by a suspected North Korean threat actor.
As usual, the cyber espionage front is quite crowded, a threat actor dubbed DEV-0322 has been very busy to exploit the ManageEngine vulnerability, the Lazarus Group never misses a timeline, along with other well known threat actors such as Lyceum and Kimsuky. Another important cyber espionage campaign characterizing this timeline is the PhoneSpy spyware targeting Android users in South Korea.
Expand for details
Enjoy the interactive timeline, and thanks for sharing it, and supporting my work in spreading the risk awareness across the community. Also, don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.
ID
Date Reported
Date Occurred
Date Discovered
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
1
01/11/2021
-
-
?
Undisclosed third-party contractor
Researchers from Kaspersky reveal that a legitimate Amazon Simple Email Service (SES) token issued to a third-party contractor was recently used by threat actors behind a spear-phishing campaign targeting Office 365 users.
Account Takeover
Unknown
CC
N/A
Kaspersky, Amazon Simple Email Service, SES, Microsoft 365
2
01/11/2021
-
-
?
Undisclosed target(s)
Google releases the Android November 2021 security updates, which address 18 vulnerabilities including CVE-2021-1048, under limited, targeted exploitation.
CVE-2021-1048 Vulnerability
Unknown
N/A
N/A
Google, Android, CVE-2021-1048
3
01/11/2021
During January 2020
During January 2020
Foreign intelligence agency
Several Chinese airlines
Chinese officials say that a foreign intelligence agency hacked several of its airlines in 2020 and stole passenger travel records.
Unknown
Transportation and storage
CE
CN
China
4
01/11/2021
-
Government of Nicaragua and the Sandinista National Liberation Front (FSLN) party.
Facebook users
Facebook announces that it shut down a "troll farm" allegedly run by the government of Nicaragua and the Sandinista National Liberation Front (FSLN) party.
Fake Social Accounts
Individual
H
>1
Facebook, Nicaragua, Sandinista National Liberation Front, FSLN
5
01/11/2021
1/11/2021
1/11/2021
?
Toledo Lucas County Public Library
A cyber attack temporarily shuts down the computer system and website of the Toledo Lucas County Public Library
Unknown
Public admin and defence, social security
CC
US
Toledo Lucas County Public Library
6
01/11/2021
1/11/2021
1/11/2021
netsaosa and g0retrance
Massachusetts Interscholastic Athletic Association (MIAA)
The Massachusetts Interscholastic Athletic Association is defaced.
Defacement
Education
CC
US
netsaosa, g0retrance, MIAA, Massachusetts Interscholastic Athletic Association
7
01/11/2021
5/9/2021
7/9/2021
Pysa
Las Vegas Cancer Center
Las Vegas Cancer Center is hit with a Pysa ransomware attack.
Malware
Human health and social work
CC
US
Las Vegas Cancer Center, Pysa, ransomware
8
01/11/2021
20/5/2020
23/7/2020
?
Urban Resource Institute
Urban Resource Institute discloses a phishing attack.
Account Takeover
Human health and social work
CC
US
Urban Resource Institute
9
01/11/2021
-
-
?
University of Singapore Society (NUSS)
The personal data of 1,355 National University of Singapore Society (NUSS) members are stolen after the society's website is hacked.
Unknown
Education
CC
US
University of Singapore Society, NUSS
10
02/11/2021
-
-
?
Steam gamers
Researchers from Malwarebytes discover an active phishing campaign promoting via Discord and targeting Steam gamers.
Account Takeover
Arts entertainment, recreation
CC
>1
Malwarebytes, Discord, Steam
11
02/11/2021
29/10/2021
29/10/2021
?
National Bank of Pakistan
The National Bank of Pakistan suffers a destructive data-wiping attack.
Malware
Finance and insurance
CC
PK
National Bank of Pakistan
12
02/11/2021
9/3/2021
-
?
Viverant PT
Viverant PT reveals that the personally identifiable information (PII) of current and former patients and employees was affected in a breach after the email of an employee was compromised.
Account Takeover
Human health and social work
CC
US
Viverant PT
13
03/11/2021
Between June 2020 and March 2021
-
Lockean
At least eight French companies
Researchers from France’s Computer Emergency Response Team (CERT) reveal the details of Lockean, a ransomware affiliate group targeting French companies.
Malware
Multiple Industries
CC
FR
Lockean, ransomware
14
03/11/2021
-
-
?
Undisclosed supplier
The UK Labour Party notifies members that some of their information was impacted in a data breach after a ransomware attack hit a supplier managing the party's data.
Malware
Unknown
CC
UK
UK Labour Party, ransomware
15
03/11/2021
During the recent weeks
-
Mekotio
Banking users in South America
Researchers from Check Point discover a new campaign of the Mekotio banking trojan targeting multiple countries in South America
Malware
Finance and insurance
CC
>1
Check Point, Mekotio
16
03/11/2021
Since October 2021
-
Tortilla
Multiple organizations
Researchers from Cisco Talos reveal the details of Tortilla, a new threat actor hacking Microsoft Exchange servers and breaching corporate networks using the ProxyShell vulnerability to deploy the Babuk Ransomware.
ProxyShell vulnerability
Multiple Industries
CC
>1
Cisco Talos, Tortilla, Microsoft Exchange, ProxyShell, Babuk, Ransomware
17
03/11/2021
-
-
MasterFred
Android users from Poland and Turkey
A new Android malware known as MasterFred uses fake login overlays to steal the credit card information of Netflix, Instagram, and Twitter users.
Researchers from Malwarebytes discover a new Magecart group that uses a browser script to evade detection and the execution in virtualized environments.
Malicious Script Injection
Wholesale and retail
CC
>1
Malwarebytes, Magecart
19
03/11/2021
Between 03/07/2021 and 13/09/2021
13/9/2021
?
Desert Pain Institute (DPI)
Desert Pain Institute reveals a data security incident that may have resulted in unauthorized access to the sensitive personal information of some former and current patients and employees.
Unknown
Human health and social work
CC
US
Desert Pain Institute, DPI
20
03/11/2021
-
-
?
Danaos Management Consultants
Danaos Management Consultants is hit with a ransomware attack that impacts multiple Greek shipping companies.
Malware
Professional, scientific and technical
CC
GR
Danaos Management Consultants
21
03/11/2021
Between 30/04/2021 and 14/06/2021
-
?
JEV Plastic Surgery & Medical Aesthetics
JEV Plastic Surgery & Medical Aesthetics discloses a malware incident.
Malware
Human health and social work
CC
US
JEV Plastic Surgery & Medical Aesthetics
22
03/11/2021
-
-
?
Domaining.com
Domaining.com is compromised.
Unknown
Professional, scientific and technical
CC
US
Domaining.com
23
03/11/2021
6/10/2021
-
?
Prairie Lakes Healthcare System
Prairie Lakes Healthcare System notifies patients that unauthorized activity disrupted its network.
Unknown
Human health and social work
CC
US
Prairie Lakes Healthcare System
24
03/11/2021
-
3/8/2021
?
Family of Woodstock (FOW)
Family of Woodstock discloses to have suffered a cyber attack compromising the protected health information of 8,214 individuals.
Unknown
Human health and social work
CC
US
Family of Woodstock, FOW
25
03/11/2021
-
-
?
Lakeside School breach
Lakeside School breach reveals a data security incident.
Unknown
Education
CC
US
Lakeside School breach
26
03/11/2021
-
-
Avos Locker
Beaverhead County High School
Beaverhead County High School is hit by an Avos Locker ransomware attack.
Malware
Education
CC
US
Beaverhead County High School. Avos Locker, ransomware
27
04/11/2021
-
-
?
Multiple targets
Threat actors are exploiting a security flaw in GitLab self-hosted servers (CVE-2021-22205) to assemble botnets and launch gigantic distributed denial of service (DDoS) attacks, with some in excess of 1 terabit per second.
DDoS
Multiple Industries
CC
>1
GitLab, CVE-2021-22205
28
04/11/2021
2/8/2021
-
?
Electronic Warfare Associates (EWA)
US defense contractor Electronic Warfare Associates (EWA) discloses a data breach after threat actors hacked their email system and stole files containing personal information.
Account Takeover
Manufacturing
CC
US
Electronic Warfare Associates, EWA
29
04/11/2021
Between 30/10/2021 and 31/11/2021
-
?
Crypto currency users
Researchers from Check Point discover a campaign using advertisements in Google Search to promote fake cryptocurrency wallets and DEX platforms to steal user's cryptocurrency and able to steal $500,000 worth in few days.
Account Takeover
Fintech
CC
>1
Check Point, Crypto
30
04/11/2021
4/11/2021
4/11/2021
?
Multiple organizations
The popular npm library 'coa' is hijacked with malicious code injected into it.
Malware
Multiple Industries
CC
>1
npm, coa
31
04/11/2021
4/11/2021
4/11/2021
?
Multiple organizations
Even the npm library 'rc configuration loader' is hijacked with malicious code injected into it.
Malware
Multiple Industries
CC
>1
npm, 'rc configuration loader
32
04/11/2021
Early November 2021
Early November 2021
MirCop
Multiple organizations
Researchers from Cofense discover a new phishing campaign pretending to come from a supplier and infecting the users with the MirCop ransomware.
Malware
Multiple Industries
CC
>1
Cofense, MirCop, ransomware
33
04/11/2021
2/11/2021
2/11/2021
?
mySA Gov
South Australia's Department for Infrastructure and Transport confirms that mySA Gov accounts were compromised through a cyber attack.
Unknown
Administration and support service
CC
AU
mySA Gov
34
04/11/2021
21/10/2021
21/10/2021
?
Global communications company
Researchers from Armorblox discover a phishing campaign impersonating the cybersecurity firm Proofpoint to trick victims into providing Microsoft Office 365 and Gmail credentials.
Account Takeover
Information and communication
CC
N/A
Armorblox, Proofpoint, Microsoft 365, Gmail
35
04/11/2021
Since October 2021
-
?
Individual victims
Researchers from Avanan discover a new campaign spoofing a typical Amazon order confirmation.
Account Takeover
Individual
CC
>1
Avanan, Amazon
36
04/11/2021
Between 01/10/2020 and 04/12/2020
4/12/2020
?
Maxim Healthcare
Maxim Healthcare discloses a phishing attack.
Account Takeover
Human health and social work
CC
US
Maxim Healthcare
37
04/11/2021
-
-
?
Jukin Media
Jukin Media is hacked and has its data dumped.
Unknown
Arts entertainment, recreation
CC
US
Jukin Media
38
05/11/2021
"Recently"
-
?
Costco Wholesale Corporation
Costco Wholesale Corporation warns customers that their payment card information might have been stolen while recently shopping at one of its stores after a credit card skimmer was discovered.
Malicious Script Injection
Wholesale and retail
CC
US
Costco Wholesale Corporation
39
05/11/2021
5/11/2021
5/11/2021
Iranian Threat Actor
bZx
BlueNoroff, a North Korean threat actor steaks an estimated $55 million worth of cryptocurrency assets from bZx, a decentralized finance (DeFi) platform that allows users to borrow, loan, and speculate on cryptocurrency price variations.
Account Takeover
Fintech
CC
N/A
BlueNoroff, bZx
40
05/11/2021
Over the last year
-
RootAyyıldız
Several tribal-owned casinos
The FBI's Cyber Division reveals that ransomware gangs have hit several tribal-owned casinos, taking down their systems and disabling connected systems.
Malware
Arts entertainment, recreation
CC
US
FBI, ransomware
41
05/11/2021
Since 13/10/2021
-
?
Organizations in Australia
The Australian Cyber Security Center (ACSC) alerts web admins of the active exploitation of CVE-2021-42237, a remote code execution flaw in the Sitecore Experience Platform (Sitecore XP).
CVE-2021-42237 Vulnerability
Professional, scientific and technical
CC
AU
Australian Cyber Security Center, ACSC, CVE-2021-42237, Sitecore Experience Platform, Sitecore XP
42
05/11/2021
-
-
Zebra2104
A number of companies in Australia and Turkey
A report from BlackBerry uncover an initial access broker called "Zebra2104" that has connections to three malicious cybercriminal groups (MountLocker, Phobos and the StrongPity APT) cybercriminal groups.
Multiple techniques
Multiple Industries
CC
AU
TR
Zebra2104, Blackberry
43
05/11/2021
Between 07/09/2021 and 08/09/2021
8/9/2021
?
Urology Center of Colorado (TUCC)
The Urology Center of Colorado (“TUCC”) announces a data incident that may have impacted individuals’ information.
Unknown
Human health and social work
CC
US
Urology Center of Colorado, TUCC
44
05/11/2021
-
26/8/2021
Snatch
QRS
QRS suffers a Snatch a ransomware attack.
Malware
Professional, scientific and technical
CC
US
QRS, Snatch, ransomware
45
05/11/2021
-
11/9/2021
?
New York Psychotherapy and Counseling Center (NYPCC)
New York Psychotherapy and Counseling Center reveals that a computer server in their offices had been accessed by an unauthorized third-party.
Unknown
Human health and social work
CC
US
New York Psychotherapy and Counseling Center, NYPCC
46
05/11/2021
Since April 2021
-
Cl0p AKA TA505 and FIN11, Evil Corp
Banking users in Mexico
Researchers from Metabase Q discover three campaigns distributing the Dridex malware in Mexico.
Malware
Finance and insurance
CC
MX
Cl0p, TA505, FIN11, Evil Corp, Dridex
47
06/11/2021
-
23/9/2021
?
Victory Health Partners
Victory Health Partners discloses to have been hit by a ransomware attack.
Malware
Human health and social work
CC
US
Victory Health Partners, ransomware
48
07/11/2021
From mid-September to early October
-
DEV-0322
Multiple organizations
Researchers from Palo Alto discover a widespread campaign resulting in the compromise of at least nine organizations worldwide from critical sectors, including defense, healthcare, energy, technology, and education, exploiting Zoho's ManageEngine ADSelfService Plus.
Stock trading platform Robinhood discloses a data breach after their systems were hacked and a threat actor gained access to the personal information of approximately 7 million customers.
Unknown
Finance and insurance
CC
US
Robinhood
50
08/11/2021
8/11/2021
8/11/2021
Hive
MediaMarkt
Electronics retail giant MediaMarkt suffers a Hive ransomware attack with an initial ransom demand of $240 million, causing IT systems to shut down and store operations to be disrupted in Netherlands and Germany.
Malware
Wholesale and retail
CC
DE
MediaMarkt, Hive, ransomware
51
08/11/2021
-
-
Cl0p AKA TA505 and FIN11, Evil Corp
Multiple organizations
Researchers from NCC Group reveal that the Cl0p ransomware gang is exploiting CVE-2021-35211, a SolarWinds Serv-U vulnerability, to breach corporate networks and ultimately encrypt its devices.
Microsoft warns to immediately patch CVE-2021-42321, a high severity Exchange Server vulnerability that may allow authenticated attackers to execute code remotely on vulnerable servers.
CVE-2021-42321 Vulnerability
Unknown
N/A
>1
Microsoft, CVE-2021-42321, Exchange Server
53
08/11/2021
Between July and October 2021
-
Lyceum AKA Hexane, Siamesekitten, or Spirlin
ISPs and telecommunication operators in Israel, Morocco, Tunisia, and Saudi Arabia as well as a ministry of foreign affairs (MFA) in Africa.
Researchers from Accenture and Prevailion reveal the details of the latest campaign of the Iranian Lyceum APT, using two distinct malware families, dubbed Shark and Milan.
Members of Frontline Defenders discover the NSO’s Pegasus spyware on the devices of six Palestinian activists.
Targeted Attack
Individual
CE
PS
Frontline Defenders, NSO, Pegasus
55
08/11/2021
Since September 2021
-
DEV-0322
US defence industrial base, higher education, consulting services, and IT sectors.
Even the Microsoft Threat Intelligence Center (MSTIC) detects a campaign from Chinese attackers targeting Zoho's ManageEngine ADSelfService Plus.
CVE-2021-40539 Vulnerability
Multiple Industries
CE
US
Microsoft Threat Intelligence Center, MSTIC, DEV-0322, Zoho, ManageEngine ADSelfService Plus, CVE-2021-40539
56
08/11/2021
-
-
Belarus Cyber-Partisans
Unknown government entity in Belarus
The Belarus Cyber-Partisans claim they have accessed full database of those crossing the country’s borders over the past 15 years.
Unknown
Public admin and defence, social security
H
BY
Belarus Cyber-Partisans
57
08/11/2021
5/11/2021
5/11/2021
MASTER
Angling Direct
An attacker hijacks the systems of Angling Direct, diverting traffic from its websites to Pornhub and threatening to wipe its internal data. The Twitter account is also hijacked.
Account Takeover
Wholesale and retail
CC
UK
Angling Direct, Master
58
09/11/2021
Early November 2021
Early November 2021
?
Medatixx
Medatixx, a German medical software vendor, urges customers to change their application passwords following a ransomware attack that has severely impaired its entire operations.
Malware
Professional, scientific and technical
CC
DE
Medatixx, ransomware
59
09/11/2021
Since October 2021
-
TeamTNT
Misconfigured Docker Containers
Researchers from Trend Micro discover a new campaign of TeamTNT targeting poorly configured Docker servers to mine cryptocurrency.
Misconfiguration
Multiple Industries
CC
>1
Trend Micro, TeamTNT, Docker
60
09/11/2021
-
-
?
Multiple organizations
Microsoft patches CVE-2021-42292, an Excel zero-day vulnerability exploited in the wild by threat actors.
CVE-2021-42292 Vulnerability
Multiple Industries
N/A
N/A
Microsoft, CVE-2021-42292, Excel
61
09/11/2021
Since July 2021
During July 2021
Shatak AKA TA551 and ITG23 AKA TrickBot and Wizard Spider
Multiple organizations
Researchers from Cybereason reveal the details of a new wave of attacks carried out by a threat actor tracked as Shatak (TA551) in partnership with the ITG23 gang (aka TrickBot and Wizard Spider) to deploy Conti ransomware on targeted systems.
Researchers from Qihoo 360’s Netlab security discover a new botnet, tracked as Abcbot, that targets Linux systems to launch distributed denial-of-service (DDoS) attacks.
Malware
Multiple Industries
CC
>1
Qihoo 360, Netlab, Abcbot
63
09/11/2021
16/8/2021
16/8/2021
?
Surecare Specialty
Surecare Specialty discloses a ransomware attack.
Malware
Human health and social work
CC
US
Surecare Specialty, ransomware
64
09/11/2021
-
14/9/2021
?
Mowery Clinic
Mowery Clinic notifies certain patients about a cyberattack detected on September 2021.
Unknown
Human health and social work
CC
US
Mowery Clinic
65
09/11/2021
-
12/07/2021
?
Retinal Consultants Medical Group
Retinal Consultants Medical Group, says it was the victim of a sophisticated cyberattack.
Unknown
Human health and social work
CC
US
Retinal Consultants Medical Group
66
10/11/2021
-
-
Lazarus Group AKA HIDDEN COBRA
Security Researchers worldwide
Researchers from ESET discover a new campaign by the North Korean threat Actor Lazarus Group, targeting security researchers with a trojanized pirated version of the popular IDA Pro reverse engineering application.
Targeted Attack
Individual
CE
>1
ESET, North Korea, Lazarus Group, HIDDEN COBRA, IDA Pro
67
10/11/2021
"Recently"
-
PhoneSpy
Android users in South Korea
Researchers from Zimperium discover an ongoing spyware campaign dubbed 'PhoneSpy' targeting South Korean users.
Malware
Individual
CE
KR
Zimperium, PhoneSpy
68
10/11/2021
Between 09/10/2021 and 27/10/2021
27/10/2021
?
Hewlett Packard Enterprise (HPE)
HPE discloses that data repositories for their Aruba Central network monitoring platform were compromised, allowing a threat actor to access collected data about monitored devices and their locations.
Unknown
Professional, scientific and technical
CC
US
Hewlett Packard Enterprise, HPE, Aruba
69
10/11/2021
10/11/2021
10/11/2021
?
Telnyx
Telnyx is the latest VoIP telephony provider targeted with distributed denial-of-service (DDoS)
DDoS
Information and communication
CC
US
Telnyx
70
10/11/2021
-
-
Iranian Threat Actor
Multiple organizations
The Federal Bureau of Investigation (FBI) warns private industry partners of attempts by an Iranian threat actor to buy stolen information regarding US and worldwide organizations.
Account Takeover
Multiple Industries
CE
>1
FBI, Iran
71
10/11/2021
Since at least 2015
-
Void Balaur AKA RocketHack
Multiple organizations
Researchers from Trend Micro reveal the details of Void Balaur, a hacker-for-hire group that has been stealing emails and highly-sensitive information for more than five years, selling it to customers with both financial and espionage goals.
Account Takeover
Multiple Industries
CC/CE
>1
Trend Micro, Void Balaur, RocketHack
72
10/11/2021
Early November 2021
-
?
Android users
Researchers from Kaspersky discover 'Smart TV remote' and 'Halloween Coloring', two new malicious Android apps available in Google Play and hiding the Joker malware.
Malware
Individual
CC
>1
Kaspersky, Smart TV remote, Halloween Coloring, Android, Google Play, Joker
73
10/11/2021
"Recently"
-
Magniber
Targets in Asia
Researchers from Tencent Security reveal that the Magniber ransomware gang is now using CVE-2021-26411 and CVE-2021-40444, two Internet Explorer vulnerabilities to infect users and encrypt their devices.
Malware
Multiple Industries
CC
>1
Tencent Security, Magniber, ransomware, CVE-2021-26411, CVE-2021-40444, Internet Explorer
74
10/11/2021
7/11/2021
7/11/2021
?
Diamond Comic Distributors
Major comic book company Diamond Comic Distributors is hit with a ransomware attack.
Malware
Information and communication
CC
US
Diamond Comic Distributors
75
10/11/2021
-
-
?
Multiple organizations
Researchers from Kaspersky discover multiple phishing campaigns exploiting LinkedIn.
Account Takeover
Multiple Industries
CC
>1
Kaspersky, LinkedIn
76
10/11/2021
During August 2021
-
Cl0p AKA TA505 and FIN11, Evil Corp
Stor-a-File
Stor-a-File, a British data capture and storage company, suffered a ransomware attack in August that exploited an unpatched instance of SolarWinds' Serv-U FTP software.
American law enforcement agencies in Texas and Georgia
19 TB of a video apparently stolen from American law enforcement agencies in Texas and Georgia is leaked online.
Unknown
Public admin and defence, social security
H
US
Distributed Denial of Secrets, DDoSecrets
78
10/11/2021
Between 06/10/2021 and 08/10/2021
-
?
Individuals in Nicaragua
A research by Nisos reveals that hundreds of fake Twitter accounts targeted opposition candidates and urged citizens not to vote in the November 28 Honduran presidential election.
Fake Social Accounts
Individual
H
NI
Nisos
79
11/11/2021
During 2016
-
Andrew
Booking.com
An investigation reveals that Booking.com was illegally accessed by an American attacker in 2016. The attacker, said to have connections with a US intelligence agency, is believed to have stolen "details of thousands of hotel reservations in countries in the Middle East.
Misconfiguration
Accommodation and food service
CC
NL
Andrew, Booking.com
80
11/11/2021
Between August 2020 and May 2021
-
?
SunWater
A report reveals that hackers stayed hidden for nine months on a server holding customer information for SunWater a Queensland water supplier.
Unknown
Water supply, waste mgmt, remediation
CC
AU
SunWater
81
11/11/2021
-
-
BotenaGo
Millions of routers and IoT devices.
Researchers at AT&T Alien Labs discover BotenaGo, a malware botnet using over thirty exploits to attack millions of routers and IoT devices with more than 30 exploits.
Multiple vulnerabilities
Multiple Industries
CC
>1
Researchers at AT&T Alien Labs, BotenaGo, IoT
82
11/11/2021
Early November 2021
Early November 2021
?
Multiple targets
Researchers from Sophos discover a new campaign abusing the Windows 10 App Installer to deploy the BazarLoader malware.
Malware
Multiple Industries
CC
>1
Sophos, Windows 10, BazarLoader
83
11/11/2021
-
-
?
Multiple organizations
Researchers from Microsoft warn about a surge in malware campaigns using HTML smuggling to distribute banking malware and remote access trojans (RAT).
HTML smuggling
Multiple Industries
CC
>1
Microsoft, HTML smuggling
84
11/11/2021
-
-
?
Android users
Researchers from Cyble discover a new campaign delivering the GravityRAT remote access trojan in disguise of an end-to-end encrypted chat application called SoSafe Chat.
Malware
Individual
CC
>1
Cyble, GravityRAT, SoSafe Chat
85
11/11/2021
Since late October 2021
Since late October 2021
SharkBot
Android users
Researchers from Cleafy and ThreatFabric reveal the details of SharkBot, a new Android banking trojan capable of hijacking users’ smartphones and emptying out e-banking and cryptocurrency accounts.
Malware
Finance and insurance
CC
>1
Cleafy, ThreatFabric, SharkBot, Android
86
11/11/2021
Since at least August 2021
During August 2021
?
macOS users in Hong Kong
Researchers from Google reveal that a suspected state-sponsored threat actor has used Hong Kong pro-democracy news sites to deploy a macOS zero-day (CVE-2021-30869), installing a malware strain named MACMA or OSX.CDDS
Targeted Attack
Individual
CE
HK
Google, macOS, MACMA, OSX.CDDS, CVE-2021-30869
87
11/11/2021
Since June 2021
-
Kimsuky
Think tanks in South Korea
Researchers from Cisco Talos reveal the details of the latest campaign of the Kimsuky APT targeting think tanks in the South through malware-laden blog posts.
Targeted Attack
Other service activities
CE
KR
Cisco Talos. Kimsuky APT
88
11/11/2021
11/10/2021
11/10/2021
?
Autonomous University of Barcelona
Autonomous University of Barcelona servers are still down a month after suffering a ransomware attack.
Malware
Education
CC
ES
Autonomous University of Barcelona, ransomware
89
11/11/2021
Since at least September 2021
During September 2021
?
Multiple organizations
Researchers rom Avanan discover a new Business Email Compromise Campaign using a tiny font size (One Font) to evade detection.
Account Takeover
Multiple Industries
CC
>1
Avanan, Business Email Compromise, One Font
90
11/11/2021
11/11/2021
11/11/2021
?
Southern Ohio Medical Center
The Southern Ohio Medical Center is hit with a cyber attack.
Unknown
Human health and social work
CC
US
Southern Ohio Medical Center
91
11/11/2021
-
-
?
Utah Imaging Associates
Utah Imaging Associates has started notifying 583,643 patients about a cyberattack
Unknown
Professional, scientific and technical
CC
US
Utah Imaging Associates
92
12/11/2021
Since the end of September 2021
End of September 2021
QBot
Banking users
Researchers from Trend Micro discover a new campaign distributing the Qbot banking malware using the Squirrelwaffle loader.
Malware
Finance and insurance
CC
>1
Trend Micro, Qbot , Squirrelwaffle
93
12/11/2021
9/11/2021
9/11/2021
?
Sociedad Anónima Damm
Sociedad Anónima Damm, Spain’s second-biggest brewery, is paralyzed by a cyber attack.
Unknown
Accommodation and food service
CC
ES
Sociedad Anónima Damm
94
12/11/2021
10/11/2021
10/11/2021
Conti
Kisters AG
Kisters AG is hit with a ransomware attack.
Malware
Manufacturing
CC
DE
Kisters AG, Conti, Ransomware
95
13/11/2021
13/11/2021
13/11/2021
?
Federal Bureau of Investigation (FBI)
The Federal Bureau of Investigation (FBI) email servers are hacked to distribute spam email impersonating FBI warnings that the recipients' network was breached and data was stolen.
Misconfiguration
Public admin and defence, social security
CC
US
Federal Bureau of Investigation, FBI
96
13/11/2021
Earlier in the same week
Earlier in the same week
-
Undisclosed target
Cloudflare reveals to have detected and mitigated a DDoS attack that peaked just below 2 Tbps — the largest seen to date.
DDoS
Unknown
CC
N/A
Cloudflare
97
14/11/2021
-
-
?
Rideau Valley Health Centre
Rideau Valley Health Centre is hit with a ransomware attack.
Malware
Human health and social work
CC
CA
Rideau Valley Health Centre, ransomware
98
15/11/2021
Since September 2021
-
MosesStaff
Multiple organizations in Israel
Researchers from Check Point reveal the details of Moses, a new group that has recently claimed responsibility for numerous attacks against Israeli entities, which appear politically motivated.
Multiple vulnerabilities
Multiple Industries
H
IL
Check Point, MosesStaff
99
15/11/2021
-
-
Multiple threat actors
Misconfigured Alibaba Elastic Computing Service (ECS) instances
Researchers from Trend Micro reveal that threat actors are hijacking Alibaba Elastic Computing Service (ECS) instances to install cryptominer malware and harness the available server resources for their own profit.
Attackers from the Iranian state-sponsored actor Phosphorus compromise an undisclosed organization via the ProxyShell vulnerabilities (CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207) to deploy ransomware.
California Pizza Kitchen (CPK) reveals a data breach that exposed the Social Security numbers of more than 100,000 current and former employees after a 'disruption' detected on its systems.
Account Takeover
Multiple Industries
CC
>1
California Pizza Kitchen, CPK
104
15/11/2021
15/11/2021
15/11/2021
Wealth Squad Chris
New Hanover Regional Medical Center
The Twitter account of New Hanover Regional Medical Center is hacked.
Account Takeover
Human health and social work
CC
US
New Hanover Regional Medical Center, Twitter, Wealth Squad Chris
105
15/11/2021
22/05/2021
13/09/2021
?
Community Eye Clinic
Community Eye Clinic reveals that an unauthorized individual from outside the United States gained access to the network of an affiliated eye clinic and stole information contained in the clinic’s database.
Unknown
Human health and social work
CC
US
Community Eye Clinic
ID
Date Reported
Date Occurred
Date Discovered
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
SUPPORT MY WORK!
BREACHOMETER
The “Breachometer” compares the current number of events/day with the max and min values recorded in the previous 12 months.
The third quarter of 2023 saw a 6.5% increase in cyber attacks with 1,108 events. Cybercrime led the charts with 79.7% of motives, mostly using malware techniques. Exploitation of vulnerabilities ranked second, majorly affecting multiple industries and healthcare and financial sectors.
In September 2023, cyber crime continued to lead with 77.1% of total events, but showed a decrease. Cyber Espionage grew to 11.6%, while Hacktivism significantly dropped. Malware remains the leading attack technique and multiple organizations are the top targets.
As promised, I have pulled together some statistics from the data collected in 2020. The master table is available at the end of the post after the charts.