Last Updated on May 7, 2019

Here’s the first timeline of April covering the main cyber-attaks occurred in the first half of the same month. A timeline telling us that April has been quite an active month (so far), since I have collected a total of 80 events, including 3 that occurred at the end of March.

Bayer is the most important organization that you will find in this list: the pharmaceutical giant has been hit (and was able to contain) by a targeted attack carried out by the Wicked Panda group. But also the IT outsourcing and consulting giant Wipro, is among the high-profile targets of this fortnight, along with Georgia Tech where a vulnerability in a web application allow an attacker to gain access to the personal information of up to 1.3 million students.

Targeted ransomware is another trend characterizing this timeline. There are a dozen of events of this kind, and Arizona Beverages is probably the most remarkable victims.

A couple of additional remarkable events of this timeline include a successful attack against a Microsoft support agent, whose credentials were compromised, and enabled the attackers to access information within Microsoft customers’ email accounts between January 1 and March 28; and also the comeback of the infamous Triton ICS malware.

And since this timeline is particularly long, feel free to browse it all, share it, and spread the verb of security awareness throughout the community. Last but not least do not forget to follow @paulsparrows on Twitter for the latest updates

wdt_IDIDDateAuthorTargetDescriptionAttackTarget ClassAttack ClassCountryLinkTags
1129/03/2019?Palmetto HealthPalmetto Health reports that a phishing attack sometime in November 2018, hit 23,811 patients.Account HijackingQ Human health and social work activitiesCCUSPalmetto Health
2229/03/2019?Womens’ Health USAWomens’ Health USA notifies 17,531 patients, after disclosing that its employees were hit by a phishing attack that began in April, 2018 and also occurred in August.Account HijackingQ Human health and social work activitiesCCUSWomens’ Health USA
3330/03/2019?Multiple Targets using MagentoA recently patched SQL injection flaw affecting the popular open-source e-commerce platform Magento is actively exploited by attackers.Magento Vulnerability (PRODSECBUG-2198)Y Multiple IndustriesCC>1Magento, SQL Injection, PRODSECBUG-2198
4402/04/2019?Georgia TechGeorgia Tech announces that a vulnerability in a web application allowed an attacker to gain access to the personal information of up to 1.3 million students, college applications, staff, and faculty members. The breach was discovered on March 21.Undisclosed VulnerabilityP EducationCCUSGeorgia Tech
5502/04/2019?Arizona BeveragesArizona Beverages, one of the largest beverage suppliers in the U.S., is hit by a ransomware attack.MalwareI Accommodation and food service activitiesCCUSArizona Beverages, ransomware
6602/04/2019?Genesee CountyGenesee County is hit with a ransomware attack and the county has been working non-stop to get their systems back online.MalwareO Public administration and defence, compulsory social securityCCUSGenesee County, ransomware
7702/04/2019?Multiple TargetsResearch from AT&T Alien Labs discover Xwo, a Python-based bot scanner working in conjunction with the malware families Xbash and MongoLock.MalwareY Multiple IndustriesCC>1AT&T Alien Labs, Xwo, Xbash, MongoLock
8802/04/2019?Verizon CustomersResearchers at Lookout mobile security reveal a new wave of mobile-focused phishing attacks against Verizon customers.Account HijackingX IndividualCC>1Lookout, Verizon
9902/04/2019?Android UsersResearchers from Trend Micro discover a new variant of the XLoader Trojan that is targeting Android devices by posing as a security application and using Twitter as a Command and Control.MalwareX IndividualCC>1Trend Micro, Xloader, Android, Twitter
101002/04/2019?Single IndividualsResearchers from Bromium uncover over a dozen servers, unusually registered in the United States, which are hosting ten different malware families spread through phishing campaigns potentially tied to the Necurs botnet.MalwareX IndividualCCUSBromium, Necurs
IDDateAuthorTargetDescriptionAttackTarget ClassAttack ClassCountryLinkTags

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.