Here’s the first timeline of April covering the main cyber-attaks occurred in the first half of the same month. A timeline telling us that April has been quite an active month (so far), since I have collected a total of 80 events, including 3 that occurred at the end of March.
Bayer is the most important organization that you will find in this list: the pharmaceutical giant has been hit (and was able to contain) by a targeted attack carried out by the Wicked Panda group. But also the IT outsourcing and consulting giant Wipro, is among the high-profile targets of this fortnight, along with Georgia Tech where a vulnerability in a web application allow an attacker to gain access to the personal information of up to 1.3 million students.
Targeted ransomware is another trend characterizing this timeline. There are a dozen of events of this kind, and Arizona Beverages is probably the most remarkable victims.
A couple of additional remarkable events of this timeline include a successful attack against a Microsoft support agent, whose credentials were compromised, and enabled the attackers to access information within Microsoft customers’ email accounts between January 1 and March 28; and also the comeback of the infamous Triton ICS malware.
And since this timeline is particularly long, feel free to browse it all, share it, and spread the verb of security awareness throughout the community. Last but not least do not forget to follow @paulsparrows on Twitter for the latest updates
wdt_ID
ID
Date
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
1
1
29/03/2019
?
Palmetto Health
Palmetto Health reports that a phishing attack sometime in November 2018, hit 23,811 patients.
Account Hijacking
Q Human health and social work activities
CC
US
Palmetto Health
2
2
29/03/2019
?
Womens’ Health USA
Womens’ Health USA notifies 17,531 patients, after disclosing that its employees were hit by a phishing attack that began in April, 2018 and also occurred in August.
Account Hijacking
Q Human health and social work activities
CC
US
Womens’ Health USA
3
3
30/03/2019
?
Multiple Targets using Magento
A recently patched SQL injection flaw affecting the popular open-source e-commerce platform Magento is actively exploited by attackers.
Magento Vulnerability (PRODSECBUG-2198)
Y Multiple Industries
CC
>1
Magento, SQL Injection, PRODSECBUG-2198
4
4
02/04/2019
?
Georgia Tech
Georgia Tech announces that a vulnerability in a web application allowed an attacker to gain access to the personal information of up to 1.3 million students, college applications, staff, and faculty members. The breach was discovered on March 21.
Undisclosed Vulnerability
P Education
CC
US
Georgia Tech
5
5
02/04/2019
?
Arizona Beverages
Arizona Beverages, one of the largest beverage suppliers in the U.S., is hit by a ransomware attack.
Malware
I Accommodation and food service activities
CC
US
Arizona Beverages, ransomware
6
6
02/04/2019
?
Genesee County
Genesee County is hit with a ransomware attack and the county has been working non-stop to get their systems back online.
Malware
O Public administration and defence, compulsory social security
CC
US
Genesee County, ransomware
7
7
02/04/2019
?
Multiple Targets
Research from AT&T Alien Labs discover Xwo, a Python-based bot scanner working in conjunction with the malware families Xbash and MongoLock.
Malware
Y Multiple Industries
CC
>1
AT&T Alien Labs, Xwo, Xbash, MongoLock
8
8
02/04/2019
?
Verizon Customers
Researchers at Lookout mobile security reveal a new wave of mobile-focused phishing attacks against Verizon customers.
Account Hijacking
X Individual
CC
>1
Lookout, Verizon
9
9
02/04/2019
?
Android Users
Researchers from Trend Micro discover a new variant of the XLoader Trojan that is targeting Android devices by posing as a security application and using Twitter as a Command and Control.
Malware
X Individual
CC
>1
Trend Micro, Xloader, Android, Twitter
10
10
02/04/2019
?
Single Individuals
Researchers from Bromium uncover over a dozen servers, unusually registered in the United States, which are hosting ten different malware families spread through phishing campaigns potentially tied to the Necurs botnet.
