Here’s the first timeline of April covering the main cyber-attaks occurred in the first half of the same month. A timeline telling us that April has been quite an active month (so far), since I have collected a total of 80 events, including 3 that occurred at the end of March.
Bayer is the most important organization that you will find in this list: the pharmaceutical giant has been hit (and was able to contain) by a targeted attack carried out by the Wicked Panda group. But also the IT outsourcing and consulting giant Wipro, is among the high-profile targets of this fortnight, along with Georgia Tech where a vulnerability in a web application allow an attacker to gain access to the personal information of up to 1.3 million students.
Targeted ransomware is another trend characterizing this timeline. There are a dozen of events of this kind, and Arizona Beverages is probably the most remarkable victims.
A couple of additional remarkable events of this timeline include a successful attack against a Microsoft support agent, whose credentials were compromised, and enabled the attackers to access information within Microsoft customers’ email accounts between January 1 and March 28; and also the comeback of the infamous Triton ICS malware.
And since this timeline is particularly long, feel free to browse it all, share it, and spread the verb of security awareness throughout the community. Last but not least do not forget to follow @paulsparrows on Twitter for the latest updates
wdt_ID
ID
Date
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
1
1
29/03/2019
?
Palmetto Health
Palmetto Health reports that a phishing attack sometime in November 2018, hit 23,811 patients.
Account Hijacking
Q Human health and social work activities
CC
US
Palmetto Health
2
2
29/03/2019
?
Womens’ Health USA
Womens’ Health USA notifies 17,531 patients, after disclosing that its employees were hit by a phishing attack that began in April, 2018 and also occurred in August.
Account Hijacking
Q Human health and social work activities
CC
US
Womens’ Health USA
3
3
30/03/2019
?
Multiple Targets using Magento
A recently patched SQL injection flaw affecting the popular open-source e-commerce platform Magento is actively exploited by attackers.
Magento Vulnerability (PRODSECBUG-2198)
Y Multiple Industries
CC
>1
Magento, SQL Injection, PRODSECBUG-2198
4
4
02/04/2019
?
Georgia Tech
Georgia Tech announces that a vulnerability in a web application allowed an attacker to gain access to the personal information of up to 1.3 million students, college applications, staff, and faculty members. The breach was discovered on March 21.
Undisclosed Vulnerability
P Education
CC
US
Georgia Tech
5
5
02/04/2019
?
Arizona Beverages
Arizona Beverages, one of the largest beverage suppliers in the U.S., is hit by a ransomware attack.
Malware
I Accommodation and food service activities
CC
US
Arizona Beverages, ransomware
6
6
02/04/2019
?
Genesee County
Genesee County is hit with a ransomware attack and the county has been working non-stop to get their systems back online.
Malware
O Public administration and defence, compulsory social security
CC
US
Genesee County, ransomware
7
7
02/04/2019
?
Multiple Targets
Research from AT&T Alien Labs discover Xwo, a Python-based bot scanner working in conjunction with the malware families Xbash and MongoLock.
Malware
Y Multiple Industries
CC
>1
AT&T Alien Labs, Xwo, Xbash, MongoLock
8
8
02/04/2019
?
Verizon Customers
Researchers at Lookout mobile security reveal a new wave of mobile-focused phishing attacks against Verizon customers.
Account Hijacking
X Individual
CC
>1
Lookout, Verizon
9
9
02/04/2019
?
Android Users
Researchers from Trend Micro discover a new variant of the XLoader Trojan that is targeting Android devices by posing as a security application and using Twitter as a Command and Control.
Malware
X Individual
CC
>1
Trend Micro, Xloader, Android, Twitter
10
10
02/04/2019
?
Single Individuals
Researchers from Bromium uncover over a dozen servers, unusually registered in the United States, which are hosting ten different malware families spread through phishing campaigns potentially tied to the Necurs botnet.
Malware
X Individual
CC
US
Bromium, Necurs
11
11
03/04/2019
?
Single Individuals
Researchers from ProofPoint reveal a rise in tax-related campaigns both in the US and internationally, distributing RATs, downloaders, banking Trojans, and phishing emails.
Malware
X Individual
CC
>1
ProofPoint, tax, IRS
12
12
03/04/2019
?
Single Individuals
A new variant of the CIA porn investigation emails are now putting the extortion payment instructions in password protected PDF attachments.
Spam
X Individual
CC
>1
CIA
13
13
03/04/2019
Roaming Mantis
Victims in Russia, Japan, India, Bangladesh, Kazakhstan, Azerbaijan, Iran, and Vietnam.
Researchers from Kaspersky reveal the details of a new campaign carried out by the Roaming Mantis Gang and aimed to distribute malware (sagawa AKA MoqHao, AKA XLoader) via SMS.
Researchers from Trend Micro discover an update of the Bashlite IoT malware, now targeting Belkin WeMo home automation switches.
Malware
Y Multiple Industries
CC
>1
Trend Micro, Bashlite, Belkin WeMo
15
15
03/04/2019
?
City of Tallahassee
Almost half a million dollars is diverted out of the city of Tallahassee’s employee payroll after a suspected foreign cyber-attack of its human resources management application.
Account Hijacking
O Public administration and defence, compulsory social security
CC
US
City of Tallahassee
16
16
04/04/2019
Wicked Panda’
Bayer
Bayer reveals to have contained a cyber attack carried out by the Wicked Panda Group via the WINNTI malware.
Targeted Attack
M Professional scientific and technical activities
CE
DE
Bayer, Wicked Panda, WINNTI
17
17
04/04/2019
London Blue
Employees in Asia working for companies based mostly in the United States, Australia or Europe
A report from Agari reveals that the London Blue cybercriminal group has been running business email compromise (BEC) scams against employees in Asia working for companies based mostly in the United States, Australia or Europe.
Account Hijacking
Y Multiple Industries
CC
>1
Agari, London Blue
18
18
04/04/2019
?
Single Individuals
Researchers from Trustwave SpiderLabs discover a new variant of the CIA extortion scam, selling alleged proof on Satoshi Box for $500 that the victim is part of the CIA investigation.
Spam
X Individual
CC
>1
Trustwave SpiderLabs, CIA, Satoshi Box
19
19
04/04/2019
?
Brazilian Banking Users
Researchers from Kaspersky reveal the details of BasBanke, a new Android malware family targeting Brazilian users.
Malware
K Financial and insurance activities
CC
BR
Kaspersky, BasBanke
20
20
05/04/2019
FIN6
Entity within the engineering industry
Researchers from FireEye reveal the details of an intrusion of the infamous FIN6 group showing that the group is now using the Ryuk and LockerGoga ransomware against its victims.
Malware
C Manufacturing
CC
N/A
FIN6, FireEye, Ryuk, LockerGoga
21
21
05/04/2019
?
Single Individuals
Researchers from Cisco Talos discover an online black market offering cybercrime goods and services on Facebook, spreading over 74 groups and totaling around 385,000 members.
Cybercrime Facebook Group
X Individual
CC
>1
Cisco Talos, Facebook
22
22
05/04/2019
?
AeroGrow International
AeroGrow says in a letter to customers that its website had credit card scraping malware for more than four months. Anyone who bought something through its website between October 29, 2018 and March 4, 2019 could have been affected.
Malicious Javascript Injection
C Manufacturing
CC
US
AeroGrow International
23
23
05/04/2019
?
Users of popular online services, including Gmail, Netflix, and PayPal
Researchers at Bad Packets uncover a DNS hijacking campaign, targeting the users of popular online services, including Gmail, Netflix, and PayPal.
DNS Hijacking
X Individual
CC
>1
Bad Packets, Gmail, Netflix, PayPal
24
24
05/04/2019
?
Single Individuals
Researchers from Trustwave SpiderLabs discover a spam campaign pushing the info-stealing LokiBot trojan, hiding the payload inside .PNG Images to avoid detection.
Malware
X Individual
CC
>1
Trustwave, Spiderlabs, LokiBot
25
25
05/04/2019
?
Klaussner Furniture
Klaussner Furniture notifies more than 9,000 employees and their dependents of a data security incident when an unauthorized third party gained access to two computers on its network in February 2019.