Last Updated on April 15, 2019

Here’s the second timeline of March (first part here), covering the main cyber attacks occurred in the second half of this month (plus several additional events occurred in the previous fortnight, but published later). In this timeline I have collected a total of 69 events, so the overall level of activity continues to be pretty sustained.

A big part of this thanks to LockerGoga, a new destructive ransomware that put Norsk Hydro on its knees (with a possible financial impact close to $40 million so far), along with two additional companies working in the chemical space and controlled by the same fund: Hexion and Momentive.

Another company that has been severely hit in this fortnight is Toyota, suffering the compromise of 3.1 million users, the second breach in one month, allegedly due to a state-sponsored actor, the Vietnam-linked APT32 AKA OceanLotus.

And if you were relieved since the attacks against cryptocurrency firms seemed to show a slowdown since the beginning of the year, I am sorry but you will be largely disappointed: this fortnight has seen multiple entities targeted with huge losses: CoinBene ($45 million worth stolen), Bithumb (second time in less than a year, $21 million worth gone), and DragonEx (“only” $1 million worth gone).

Unfortunately the list is still long (yes and it also includes a Chinese lady trying to enter the exclusive Mar-a-Lago resort with a thumb drive infected by Malware (who has never been in vacation with some malware samples?), so I encourage you to browse it, share it, and spread the verb of security awareness throughout the community. Last but not least do not forget to follow @paulsparrows on Twitter for the latest updates

wdt_IDIDDateAuthorTargetDescriptionAttackTarget ClassAttack ClassCountryLinkTags
1111/03/2019?The PiccadillyCybercriminals block the computer system of The Piccadilly, a five-star hotel in Lucknow.MalwareI Accommodation and food service activitiesCCINThe Piccadilly, Lucknow
2212/03/2019?HexionHexion, a chemical company is hit by the LockerGoga ransomware.MalwareC ManufacturingCCUSHexion, LockerGoga, Ransomware
3312/03/2019?MomentiveMomentive, a chemical company controlled by the same fund than Hexion, is also hit by the LockerGoga ransomware.MalwareC ManufacturingCCUSHexion, LockerGoga, Ransomware, Momentive
4417/03/2019GnosticplayersYouthmanual, GameSalad, Bukalapak, Lifebear, EstanteVirtual, CoubicGnosticplayers releases the fourth round of leaks containing nearly 27 million new users' records originating from 6 other websites.UnknownY Multiple IndustriesCC>1Gnosticplayers, Youthmanual, GameSalad, Bukalapak, Lifebear, EstanteVirtual, Coubic
5517/03/2019?Netflix usersThe Office 365 Threat Research team reveals that two ongoing phishing campaigns are actively targeting Netflix and American Express (AMEX) customers to steal credit card and social security information.Account HijackingR Arts entertainment and recreationCC>1Office 365 Threat Research, Netflix
6617/03/2019?American Express usersThe Office 365 Threat Research team reveals that two ongoing phishing campaigns are actively targeting Netflix and American Express (AMEX) customers to steal credit card and social security information.Account HijackingK Financial and insurance activitiesCC>1Office 365 Threat Research, Netflix
7717/03/2019?Single UsersA new sextortion email campaign is discovered during the weekend that pretends to be from the CIA and states that the victim is involved in an investigation into the distribution and storage or child pornography.SpamX IndividualCC>1Sextortion, CIA
8818/03/2019?Vulnerable IoT devicesResearchers from Palo Alto Networks Unit 42 discover a new Mirai variant equipped with eleven new exploits, the enterprise WePresent WiPG-1000 Wireless Presentation system and the LG Supersign TV being the most notable new devices being targeted.Multiple VulnerabilitiesY Multiple IndustriesCC>1Palo Alto Networks, Unit 42, Mirai, WePresent WiPG-1000, LG Supersign TV
9918/03/2019?Single UsersResearchers from 360 Threat Intelligence Center discover JNEC.a, the first ransomware delivered through the CVE-2018-20250 WinRAR vulnerability.MalwareX IndividualCC>1360 Threat Intelligence Center, JNEC.a, CVE-2018-20250, WinRAR
101018/03/2019?Orange CountyThe Orange County is knocked offline by a ransomware attack.MalwareO Public administration and defence, compulsory social securityCCUSOrange County, ransomware
IDDateAuthorTargetDescriptionAttackTarget ClassAttack ClassCountryLinkTags

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.