Last Updated on May 7, 2019

Here’s the first timeline of April covering the main cyber-attaks occurred in the first half of the same month. A timeline telling us that April has been quite an active month (so far), since I have collected a total of 80 events, including 3 that occurred at the end of March.

Bayer is the most important organization that you will find in this list: the pharmaceutical giant has been hit (and was able to contain) by a targeted attack carried out by the Wicked Panda group. But also the IT outsourcing and consulting giant Wipro, is among the high-profile targets of this fortnight, along with Georgia Tech where a vulnerability in a web application allow an attacker to gain access to the personal information of up to 1.3 million students.

Targeted ransomware is another trend characterizing this timeline. There are a dozen of events of this kind, and Arizona Beverages is probably the most remarkable victims.

A couple of additional remarkable events of this timeline include a successful attack against a Microsoft support agent, whose credentials were compromised, and enabled the attackers to access information within Microsoft customers’ email accounts between January 1 and March 28; and also the comeback of the infamous Triton ICS malware.

And since this timeline is particularly long, feel free to browse it all, share it, and spread the verb of security awareness throughout the community. Last but not least do not forget to follow @paulsparrows on Twitter for the latest updates

wdt_IDIDDateAuthorTargetDescriptionAttackTarget ClassAttack ClassCountryLinkTags
1129/03/2019?Palmetto HealthPalmetto Health reports that a phishing attack sometime in November 2018, hit 23,811 patients.Account HijackingQ Human health and social work activitiesCCUSPalmetto Health
2229/03/2019?Womens’ Health USAWomens’ Health USA notifies 17,531 patients, after disclosing that its employees were hit by a phishing attack that began in April, 2018 and also occurred in August.Account HijackingQ Human health and social work activitiesCCUSWomens’ Health USA
3330/03/2019?Multiple Targets using MagentoA recently patched SQL injection flaw affecting the popular open-source e-commerce platform Magento is actively exploited by attackers.Magento Vulnerability (PRODSECBUG-2198)Y Multiple IndustriesCC>1Magento, SQL Injection, PRODSECBUG-2198
4402/04/2019?Georgia TechGeorgia Tech announces that a vulnerability in a web application allowed an attacker to gain access to the personal information of up to 1.3 million students, college applications, staff, and faculty members. The breach was discovered on March 21.Undisclosed VulnerabilityP EducationCCUSGeorgia Tech
5502/04/2019?Arizona BeveragesArizona Beverages, one of the largest beverage suppliers in the U.S., is hit by a ransomware attack.MalwareI Accommodation and food service activitiesCCUSArizona Beverages, ransomware
6602/04/2019?Genesee CountyGenesee County is hit with a ransomware attack and the county has been working non-stop to get their systems back online.MalwareO Public administration and defence, compulsory social securityCCUSGenesee County, ransomware
7702/04/2019?Multiple TargetsResearch from AT&T Alien Labs discover Xwo, a Python-based bot scanner working in conjunction with the malware families Xbash and MongoLock.MalwareY Multiple IndustriesCC>1AT&T Alien Labs, Xwo, Xbash, MongoLock
8802/04/2019?Verizon CustomersResearchers at Lookout mobile security reveal a new wave of mobile-focused phishing attacks against Verizon customers.Account HijackingX IndividualCC>1Lookout, Verizon
9902/04/2019?Android UsersResearchers from Trend Micro discover a new variant of the XLoader Trojan that is targeting Android devices by posing as a security application and using Twitter as a Command and Control.MalwareX IndividualCC>1Trend Micro, Xloader, Android, Twitter
101002/04/2019?Single IndividualsResearchers from Bromium uncover over a dozen servers, unusually registered in the United States, which are hosting ten different malware families spread through phishing campaigns potentially tied to the Necurs botnet.MalwareX IndividualCCUSBromium, Necurs
111103/04/2019?Single IndividualsResearchers from ProofPoint reveal a rise in tax-related campaigns both in the US and internationally, distributing RATs, downloaders, banking Trojans, and phishing emails.MalwareX IndividualCC>1ProofPoint, tax, IRS
121203/04/2019?Single IndividualsA new variant of the CIA porn investigation emails are now putting the extortion payment instructions in password protected PDF attachments.SpamX IndividualCC>1CIA
131303/04/2019Roaming MantisVictims in Russia, Japan, India, Bangladesh, Kazakhstan, Azerbaijan, Iran, and Vietnam.Researchers from Kaspersky reveal the details of a new campaign carried out by the Roaming Mantis Gang and aimed to distribute malware (sagawa AKA MoqHao, AKA XLoader) via SMS.MalwareX IndividualCC>1Roaming Mantis, sagawa, MoqHao, Xloader, Kaspersky, Russia, Japan, India, Bangladesh, Kazakhstan, Azerbaijan, Iran, Vietnam
141403/04/2019?Vulnerable Belkin WeMo home automation switchesResearchers from Trend Micro discover an update of the Bashlite IoT malware, now targeting Belkin WeMo home automation switches.MalwareY Multiple IndustriesCC>1Trend Micro, Bashlite, Belkin WeMo
151503/04/2019?City of TallahasseeAlmost half a million dollars is diverted out of the city of Tallahassee’s employee payroll after a suspected foreign cyber-attack of its human resources management application.Account HijackingO Public administration and defence, compulsory social securityCCUSCity of Tallahassee
161604/04/2019Wicked Panda’BayerBayer reveals to have contained a cyber attack carried out by the Wicked Panda Group via the WINNTI malware.Targeted AttackM Professional scientific and technical activitiesCEDEBayer, Wicked Panda, WINNTI
171704/04/2019London BlueEmployees in Asia working for companies based mostly in the United States, Australia or EuropeA report from Agari reveals that the London Blue cybercriminal group has been running business email compromise (BEC) scams against employees in Asia working for companies based mostly in the United States, Australia or Europe.Account HijackingY Multiple IndustriesCC>1Agari, London Blue
181804/04/2019?Single IndividualsResearchers from Trustwave SpiderLabs discover a new variant of the CIA extortion scam, selling alleged proof on Satoshi Box for $500 that the victim is part of the CIA investigation.SpamX IndividualCC>1Trustwave SpiderLabs, CIA, Satoshi Box
191904/04/2019?Brazilian Banking UsersResearchers from Kaspersky reveal the details of BasBanke, a new Android malware family targeting Brazilian users.MalwareK Financial and insurance activitiesCCBRKaspersky, BasBanke
202005/04/2019FIN6Entity within the engineering industryResearchers from FireEye reveal the details of an intrusion of the infamous FIN6 group showing that the group is now using the Ryuk and LockerGoga ransomware against its victims.MalwareC ManufacturingCCN/AFIN6, FireEye, Ryuk, LockerGoga
212105/04/2019?Single IndividualsResearchers from Cisco Talos discover an online black market offering cybercrime goods and services on Facebook, spreading over 74 groups and totaling around 385,000 members.Cybercrime Facebook GroupX IndividualCC>1Cisco Talos, Facebook
222205/04/2019?AeroGrow InternationalAeroGrow says in a letter to customers that its website had credit card scraping malware for more than four months. Anyone who bought something through its website between October 29, 2018 and March 4, 2019 could have been affected.Malicious Javascript InjectionC ManufacturingCCUSAeroGrow International
232305/04/2019?Users of popular online services, including Gmail, Netflix, and PayPalResearchers at Bad Packets uncover a DNS hijacking campaign, targeting the users of popular online services, including Gmail, Netflix, and PayPal.DNS HijackingX IndividualCC>1Bad Packets, Gmail, Netflix, PayPal
242405/04/2019?Single IndividualsResearchers from Trustwave SpiderLabs discover a spam campaign pushing the info-stealing LokiBot trojan, hiding the payload inside .PNG Images to avoid detection.MalwareX IndividualCC>1Trustwave, Spiderlabs, LokiBot
252505/04/2019?Klaussner FurnitureKlaussner Furniture notifies more than 9,000 employees and their dependents of a data security incident when an unauthorized third party gained access to two computers on its network in February 2019.UnknownG Wholesale and retail tradeCCUSKlaussner Furniture
IDDateAuthorTargetDescriptionAttackTarget ClassAttack ClassCountryLinkTags

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.