Here’s the second timeline of March (first part here), covering the main cyber attacks occurred in the second half of this month (plus several additional events occurred in the previous fortnight, but published later). In this timeline I have collected a total of 69 events, so the overall level of activity continues to be pretty sustained.
A big part of this thanks to LockerGoga, a new destructive ransomware that put Norsk Hydro on its knees (with a possible financial impact close to $40 million so far), along with two additional companies working in the chemical space and controlled by the same fund: Hexion and Momentive.
Another company that has been severely hit in this fortnight is Toyota, suffering the compromise of 3.1 million users, the second breach in one month, allegedly due to a state-sponsored actor, the Vietnam-linked APT32 AKA OceanLotus.
And if you were relieved since the attacks against cryptocurrency firms seemed to show a slowdown since the beginning of the year, I am sorry but you will be largely disappointed: this fortnight has seen multiple entities targeted with huge losses: CoinBene ($45 million worth stolen), Bithumb (second time in less than a year, $21 million worth gone), and DragonEx (“only” $1 million worth gone).
Unfortunately the list is still long (yes and it also includes a Chinese lady trying to enter the exclusive Mar-a-Lago resort with a thumb drive infected by Malware (who has never been in vacation with some malware samples?), so I encourage you to browse it, share it, and spread the verb of security awareness throughout the community. Last but not least do not forget to follow @paulsparrows on Twitter for the latest updates
wdt_ID
ID
Date
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
1
1
11/03/2019
?
The Piccadilly
Cybercriminals block the computer system of The Piccadilly, a five-star hotel in Lucknow.
Malware
I Accommodation and food service activities
CC
IN
The Piccadilly, Lucknow
2
2
12/03/2019
?
Hexion
Hexion, a chemical company is hit by the LockerGoga ransomware.
Malware
C Manufacturing
CC
US
Hexion, LockerGoga, Ransomware
3
3
12/03/2019
?
Momentive
Momentive, a chemical company controlled by the same fund than Hexion, is also hit by the LockerGoga ransomware.
The Office 365 Threat Research team reveals that two ongoing phishing campaigns are actively targeting Netflix and American Express (AMEX) customers to steal credit card and social security information.
Account Hijacking
R Arts entertainment and recreation
CC
>1
Office 365 Threat Research, Netflix
6
6
17/03/2019
?
American Express users
The Office 365 Threat Research team reveals that two ongoing phishing campaigns are actively targeting Netflix and American Express (AMEX) customers to steal credit card and social security information.
Account Hijacking
K Financial and insurance activities
CC
>1
Office 365 Threat Research, Netflix
7
7
17/03/2019
?
Single Users
A new sextortion email campaign is discovered during the weekend that pretends to be from the CIA and states that the victim is involved in an investigation into the distribution and storage or child pornography.
Spam
X Individual
CC
>1
Sextortion, CIA
8
8
18/03/2019
?
Vulnerable IoT devices
Researchers from Palo Alto Networks Unit 42 discover a new Mirai variant equipped with eleven new exploits, the enterprise WePresent WiPG-1000 Wireless Presentation system and the LG Supersign TV being the most notable new devices being targeted.
Multiple Vulnerabilities
Y Multiple Industries
CC
>1
Palo Alto Networks, Unit 42, Mirai, WePresent WiPG-1000, LG Supersign TV
9
9
18/03/2019
?
Single Users
Researchers from 360 Threat Intelligence Center discover JNEC.a, the first ransomware delivered through the CVE-2018-20250 WinRAR vulnerability.
Malware
X Individual
CC
>1
360 Threat Intelligence Center, JNEC.a, CVE-2018-20250, WinRAR
10
10
18/03/2019
?
Orange County
The Orange County is knocked offline by a ransomware attack.
Malware
O Public administration and defence, compulsory social security
