16-31 March 2019 Cyber Attacks Timeline

Here’s the second timeline of March (first part here), covering the main cyber attacks occurred in the second half of this month (plus several additional events occurred in the previous fortnight, but published later). In this timeline I have collected a total of 69 events, so the overall level of activity continues to be pretty sustained.

A big part of this thanks to LockerGoga, a new destructive ransomware that put Norsk Hydro on its knees (with a possible financial impact close to $40 million so far), along with two additional companies working in the chemical space and controlled by the same fund: Hexion and Momentive.

Another company that has been severely hit in this fortnight is Toyota, suffering the compromise of 3.1 million users, the second breach in one month, allegedly due to a state-sponsored actor, the Vietnam-linked APT32 AKA OceanLotus.

And if you were relieved since the attacks against cryptocurrency firms seemed to show a slowdown since the beginning of the year, I am sorry but you will be largely disappointed: this fortnight has seen multiple entities targeted with huge losses: CoinBene ($45 million worth stolen), Bithumb (second time in less than a year, $21 million worth gone), and DragonEx (“only” $1 million worth gone).

Unfortunately the list is still long (yes and it also includes a Chinese lady trying to enter the exclusive Mar-a-Lago resort with a thumb drive infected by Malware (who has never been in vacation with some malware samples?), so I encourage you to browse it, share it, and spread the verb of security awareness throughout the community. Last but not least do not forget to follow @paulsparrows on Twitter for the latest updates

wdt_ID ID Date Author Target Description Attack Target Class Attack Class Country Link Tags
1 1 11/03/2019 ? The Piccadilly Cybercriminals block the computer system of The Piccadilly, a five-star hotel in Lucknow. Malware I Accommodation and food service activities CC IN The Piccadilly, Lucknow
2 2 12/03/2019 ? Hexion Hexion, a chemical company is hit by the LockerGoga ransomware. Malware C Manufacturing CC US Hexion, LockerGoga, Ransomware
3 3 12/03/2019 ? Momentive Momentive, a chemical company controlled by the same fund than Hexion, is also hit by the LockerGoga ransomware. Malware C Manufacturing CC US Hexion, LockerGoga, Ransomware, Momentive
4 4 17/03/2019 Gnosticplayers Youthmanual, GameSalad, Bukalapak, Lifebear, EstanteVirtual, Coubic Gnosticplayers releases the fourth round of leaks containing nearly 27 million new users' records originating from 6 other websites. Unknown Y Multiple Industries CC >1 Gnosticplayers, Youthmanual, GameSalad, Bukalapak, Lifebear, EstanteVirtual, Coubic
5 5 17/03/2019 ? Netflix users The Office 365 Threat Research team reveals that two ongoing phishing campaigns are actively targeting Netflix and American Express (AMEX) customers to steal credit card and social security information. Account Hijacking R Arts entertainment and recreation CC >1 Office 365 Threat Research, Netflix
6 6 17/03/2019 ? American Express users The Office 365 Threat Research team reveals that two ongoing phishing campaigns are actively targeting Netflix and American Express (AMEX) customers to steal credit card and social security information. Account Hijacking K Financial and insurance activities CC >1 Office 365 Threat Research, Netflix
7 7 17/03/2019 ? Single Users A new sextortion email campaign is discovered during the weekend that pretends to be from the CIA and states that the victim is involved in an investigation into the distribution and storage or child pornography. Spam X Individual CC >1 Sextortion, CIA
8 8 18/03/2019 ? Vulnerable IoT devices Researchers from Palo Alto Networks Unit 42 discover a new Mirai variant equipped with eleven new exploits, the enterprise WePresent WiPG-1000 Wireless Presentation system and the LG Supersign TV being the most notable new devices being targeted. Multiple Vulnerabilities Y Multiple Industries CC >1 Palo Alto Networks, Unit 42, Mirai, WePresent WiPG-1000, LG Supersign TV
9 9 18/03/2019 ? Single Users Researchers from 360 Threat Intelligence Center discover JNEC.a, the first ransomware delivered through the CVE-2018-20250 WinRAR vulnerability. Malware X Individual CC >1 360 Threat Intelligence Center, JNEC.a, CVE-2018-20250, WinRAR
10 10 18/03/2019 ? Orange County The Orange County is knocked offline by a ransomware attack. Malware O Public administration and defence, compulsory social security CC US Orange County, ransomware
ID Date Author Target Description Attack Target Class Attack Class Country Link Tags

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: