Last Updated on May 7, 2019

Here’s the first timeline of April covering the main cyber-attaks occurred in the first half of the same month. A timeline telling us that April has been quite an active month (so far), since I have collected a total of 80 events, including 3 that occurred at the end of March.

Bayer is the most important organization that you will find in this list: the pharmaceutical giant has been hit (and was able to contain) by a targeted attack carried out by the Wicked Panda group. But also the IT outsourcing and consulting giant Wipro, is among the high-profile targets of this fortnight, along with Georgia Tech where a vulnerability in a web application allow an attacker to gain access to the personal information of up to 1.3 million students.

Targeted ransomware is another trend characterizing this timeline. There are a dozen of events of this kind, and Arizona Beverages is probably the most remarkable victims.

A couple of additional remarkable events of this timeline include a successful attack against a Microsoft support agent, whose credentials were compromised, and enabled the attackers to access information within Microsoft customers’ email accounts between January 1 and March 28; and also the comeback of the infamous Triton ICS malware.

And since this timeline is particularly long, feel free to browse it all, share it, and spread the verb of security awareness throughout the community. Last but not least do not forget to follow @paulsparrows on Twitter for the latest updates

wdt_ID ID Date Author Target Description Attack Target Class Attack Class Country Link Tags
1 1 29/03/2019 ? Palmetto Health Palmetto Health reports that a phishing attack sometime in November 2018, hit 23,811 patients. Account Hijacking Q Human health and social work activities CC US Palmetto Health
2 2 29/03/2019 ? Womens’ Health USA Womens’ Health USA notifies 17,531 patients, after disclosing that its employees were hit by a phishing attack that began in April, 2018 and also occurred in August. Account Hijacking Q Human health and social work activities CC US Womens’ Health USA
3 3 30/03/2019 ? Multiple Targets using Magento A recently patched SQL injection flaw affecting the popular open-source e-commerce platform Magento is actively exploited by attackers. Magento Vulnerability (PRODSECBUG-2198) Y Multiple Industries CC >1 Magento, SQL Injection, PRODSECBUG-2198
4 4 02/04/2019 ? Georgia Tech Georgia Tech announces that a vulnerability in a web application allowed an attacker to gain access to the personal information of up to 1.3 million students, college applications, staff, and faculty members. The breach was discovered on March 21. Undisclosed Vulnerability P Education CC US Georgia Tech
5 5 02/04/2019 ? Arizona Beverages Arizona Beverages, one of the largest beverage suppliers in the U.S., is hit by a ransomware attack. Malware I Accommodation and food service activities CC US Arizona Beverages, ransomware
6 6 02/04/2019 ? Genesee County Genesee County is hit with a ransomware attack and the county has been working non-stop to get their systems back online. Malware O Public administration and defence, compulsory social security CC US Genesee County, ransomware
7 7 02/04/2019 ? Multiple Targets Research from AT&T Alien Labs discover Xwo, a Python-based bot scanner working in conjunction with the malware families Xbash and MongoLock. Malware Y Multiple Industries CC >1 AT&T Alien Labs, Xwo, Xbash, MongoLock
8 8 02/04/2019 ? Verizon Customers Researchers at Lookout mobile security reveal a new wave of mobile-focused phishing attacks against Verizon customers. Account Hijacking X Individual CC >1 Lookout, Verizon
9 9 02/04/2019 ? Android Users Researchers from Trend Micro discover a new variant of the XLoader Trojan that is targeting Android devices by posing as a security application and using Twitter as a Command and Control. Malware X Individual CC >1 Trend Micro, Xloader, Android, Twitter
10 10 02/04/2019 ? Single Individuals Researchers from Bromium uncover over a dozen servers, unusually registered in the United States, which are hosting ten different malware families spread through phishing campaigns potentially tied to the Necurs botnet. Malware X Individual CC US Bromium, Necurs
11 11 03/04/2019 ? Single Individuals Researchers from ProofPoint reveal a rise in tax-related campaigns both in the US and internationally, distributing RATs, downloaders, banking Trojans, and phishing emails. Malware X Individual CC >1 ProofPoint, tax, IRS
12 12 03/04/2019 ? Single Individuals A new variant of the CIA porn investigation emails are now putting the extortion payment instructions in password protected PDF attachments. Spam X Individual CC >1 CIA
13 13 03/04/2019 Roaming Mantis Victims in Russia, Japan, India, Bangladesh, Kazakhstan, Azerbaijan, Iran, and Vietnam. Researchers from Kaspersky reveal the details of a new campaign carried out by the Roaming Mantis Gang and aimed to distribute malware (sagawa AKA MoqHao, AKA XLoader) via SMS. Malware X Individual CC >1 Roaming Mantis, sagawa, MoqHao, Xloader, Kaspersky, Russia, Japan, India, Bangladesh, Kazakhstan, Azerbaijan, Iran, Vietnam
14 14 03/04/2019 ? Vulnerable Belkin WeMo home automation switches Researchers from Trend Micro discover an update of the Bashlite IoT malware, now targeting Belkin WeMo home automation switches. Malware Y Multiple Industries CC >1 Trend Micro, Bashlite, Belkin WeMo
15 15 03/04/2019 ? City of Tallahassee Almost half a million dollars is diverted out of the city of Tallahassee’s employee payroll after a suspected foreign cyber-attack of its human resources management application. Account Hijacking O Public administration and defence, compulsory social security CC US City of Tallahassee
16 16 04/04/2019 Wicked Panda’ Bayer Bayer reveals to have contained a cyber attack carried out by the Wicked Panda Group via the WINNTI malware. Targeted Attack M Professional scientific and technical activities CE DE Bayer, Wicked Panda, WINNTI
17 17 04/04/2019 London Blue Employees in Asia working for companies based mostly in the United States, Australia or Europe A report from Agari reveals that the London Blue cybercriminal group has been running business email compromise (BEC) scams against employees in Asia working for companies based mostly in the United States, Australia or Europe. Account Hijacking Y Multiple Industries CC >1 Agari, London Blue
18 18 04/04/2019 ? Single Individuals Researchers from Trustwave SpiderLabs discover a new variant of the CIA extortion scam, selling alleged proof on Satoshi Box for $500 that the victim is part of the CIA investigation. Spam X Individual CC >1 Trustwave SpiderLabs, CIA, Satoshi Box
19 19 04/04/2019 ? Brazilian Banking Users Researchers from Kaspersky reveal the details of BasBanke, a new Android malware family targeting Brazilian users. Malware K Financial and insurance activities CC BR Kaspersky, BasBanke
20 20 05/04/2019 FIN6 Entity within the engineering industry Researchers from FireEye reveal the details of an intrusion of the infamous FIN6 group showing that the group is now using the Ryuk and LockerGoga ransomware against its victims. Malware C Manufacturing CC N/A FIN6, FireEye, Ryuk, LockerGoga
21 21 05/04/2019 ? Single Individuals Researchers from Cisco Talos discover an online black market offering cybercrime goods and services on Facebook, spreading over 74 groups and totaling around 385,000 members. Cybercrime Facebook Group X Individual CC >1 Cisco Talos, Facebook
22 22 05/04/2019 ? AeroGrow International AeroGrow says in a letter to customers that its website had credit card scraping malware for more than four months. Anyone who bought something through its website between October 29, 2018 and March 4, 2019 could have been affected. Malicious Javascript Injection C Manufacturing CC US AeroGrow International
23 23 05/04/2019 ? Users of popular online services, including Gmail, Netflix, and PayPal Researchers at Bad Packets uncover a DNS hijacking campaign, targeting the users of popular online services, including Gmail, Netflix, and PayPal. DNS Hijacking X Individual CC >1 Bad Packets, Gmail, Netflix, PayPal
24 24 05/04/2019 ? Single Individuals Researchers from Trustwave SpiderLabs discover a spam campaign pushing the info-stealing LokiBot trojan, hiding the payload inside .PNG Images to avoid detection. Malware X Individual CC >1 Trustwave, Spiderlabs, LokiBot
25 25 05/04/2019 ? Klaussner Furniture Klaussner Furniture notifies more than 9,000 employees and their dependents of a data security incident when an unauthorized third party gained access to two computers on its network in February 2019. Unknown G Wholesale and retail trade CC US Klaussner Furniture
ID Date Author Target Description Attack Target Class Attack Class Country Link Tags

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.