Diary of Cyberattacks

Ryuk Ransomware infects IT services provider Virtual Care Provider Inc.'s network and rendering 110 nursing homes' operations such as email services, patient records, client billings, and phone systems unusable or inaccessible.

Links:

Suprema's Biostar falls victim to a data leak amounting to a total of 27.8 million records consisting of fingerprints, images and facial recognition data.

Links: 

A hacker breaks into Bulgarian National Revenue Agency's tax database, stealing the social security number, salary info and other financial information of 5 million taxpaying citizens of the total 7 million.

Links:

An unsecured server was found with 264 GB of personal and financial data of customers including names, email addresses, plain text passwords, invoices, card company, card holder name and expiry dates.

Links:

Hacker 'GnosticPlayers' of notorious fame, rips off 139 million user-provided data such as username, email, real name etc; and 61 million highly secure user passwords of Canva's profile database.

Links:

A few hundred Git repos were seemingly erased by an unknown actor in exchange for 0.1 BTC ransom. The repos were untouched, and it was found that the attacker had discovered cached access tokens and credentials on a remote server.

Links:

An intruder gained brief access to Docker's server that contained usernames, hashed passwords and associated Github and Bitbucket tokens, potentially affecting 190,000 accounts. Docker recommended changing login credentials and relinking Github and Bitbucket.

Links:

Paige "Erratic" Thomas executes a Server Side Request Forgery and exploits a misconfigured Firewall on AWS to collect confidential financial and private information of a 100 million people.

Links:

Exploiting the "View As" feature, hackers have exfiltrated personal information of millions of Facebook users. Facebook's shares drop by 3% on disclosure.

Links:

Marriott's Starwood brands were victim to a massive data breach with hundreds of millions of passports and credit card numbers stolen. Marriott incurred breach costs of $28 million that was mostly covered by insurance and was charged a fine of $120 million by UK's Information Commissioner's Office for privacy rights violations.

Links:

500,000 passengers' card details were stolen, alongwith passengers' names, travel plans, email address, billing address and the card verification value. British Airways faced a fine of £183 million.

Links:

Over 300 institutions, including 144 US universities fell prey to a series of spear-phishing campaigns. The hackers were able to steal 31 TB of intellectual property that is estimated to be worth $3 billion. The US Department of Justince has accused nine Iranian hackers of the cybercrime. 

Links:

Roughly 150 million contacts including usernames, passwords, emails and IP addresses were stolen from the app "MyFitnessPal". While no financial data was leaked, the stolen data can be crosschecked on other platforms, and can affect users that reuse passwords.

Links:

Over a 100 outdoor surveillance police cameras of Washington D.C were hacked by what are suspected to be two Romanian hackers. Additionally, they used the hacked systems that controlled the cameras to also spread ransomware by sending 179,000 phishing emails.

Links:

123 million household details were exposed putting American families at the risk of an identity theft. Each household had a staggering 248 fields of data, from financial history to mortguage details to pet ownership, making it possible for identity thieves to piece together and identify households despite the repository not containing names.

Links:

In an elaborate cyber attack on Equifax, 143 million customers' personal information such as their names, social security numbers, birthdates, addresses and 209,000 consumers' credit card numbers were stolen. The cyberattack costed Equifax $1.38 billion in breach costs and 1.4 billion in legal costs.

Links:

NotPetya feigns to be a ransomware, but isn't with no intentions to collect ransom. NotPetya used exploits like EternalBlue, EternalRomance, and an accounting software pacakage by the name M.E.Doc prevalent in Ukraine to spread over the network and infect unpatched systems. NotPetya encrypted everything in such a way so as to destroy stored information and render it unretrievable. It has been estimated to have caused damage to the tune of atleast $10 billion.

Links:

WannaCry, a ransomware that used an exploit developed by United States' National Security Agency called Eternal Blue that allowed for running arbitrary code on Windows, infected and locked up over 200,000 systems demanding payment via bitcoin for reverting the encryption of the victims' systems.

Links: