1-15 April 2019 Cyber Attacks Timeline

Here’s the first timeline of April covering the main cyber-attaks occurred in the first half of the same month. A timeline telling us that April has been quite an active month (so far), since I have collected a total of 80 events, including 3 that occurred at the end of March.

Bayer is the most important organization that you will find in this list: the pharmaceutical giant has been hit (and was able to contain) by a targeted attack carried out by the Wicked Panda group. But also the IT outsourcing and consulting giant Wipro, is among the high-profile targets of this fortnight, along with Georgia Tech where a vulnerability in a web application allow an attacker to gain access to the personal information of up to 1.3 million students.

Targeted ransomware is another trend characterizing this timeline. There are a dozen of events of this kind, and Arizona Beverages is probably the most remarkable victims.

A couple of additional remarkable events of this timeline include a successful attack against a Microsoft support agent, whose credentials were compromised, and enabled the attackers to access information within Microsoft customers’ email accounts between January 1 and March 28; and also the comeback of the infamous Triton ICS malware.

And since this timeline is particularly long, feel free to browse it all, share it, and spread the verb of security awareness throughout the community. Last but not least do not forget to follow @paulsparrows on Twitter for the latest updates

wdt_ID ID Date Author Target Description Attack Target Class Attack Class Country Link Tags
1 1 29/03/2019 ? Palmetto Health Palmetto Health reports that a phishing attack sometime in November 2018, hit 23,811 patients. Account Hijacking Q Human health and social work activities CC US Palmetto Health
2 2 29/03/2019 ? Womens’ Health USA Womens’ Health USA notifies 17,531 patients, after disclosing that its employees were hit by a phishing attack that began in April, 2018 and also occurred in August. Account Hijacking Q Human health and social work activities CC US Womens’ Health USA
3 3 30/03/2019 ? Multiple Targets using Magento A recently patched SQL injection flaw affecting the popular open-source e-commerce platform Magento is actively exploited by attackers. Magento Vulnerability (PRODSECBUG-2198) Y Multiple Industries CC >1 Magento, SQL Injection, PRODSECBUG-2198
4 4 02/04/2019 ? Georgia Tech Georgia Tech announces that a vulnerability in a web application allowed an attacker to gain access to the personal information of up to 1.3 million students, college applications, staff, and faculty members. The breach was discovered on March 21. Undisclosed Vulnerability P Education CC US Georgia Tech
5 5 02/04/2019 ? Arizona Beverages Arizona Beverages, one of the largest beverage suppliers in the U.S., is hit by a ransomware attack. Malware I Accommodation and food service activities CC US Arizona Beverages, ransomware
6 6 02/04/2019 ? Genesee County Genesee County is hit with a ransomware attack and the county has been working non-stop to get their systems back online. Malware O Public administration and defence, compulsory social security CC US Genesee County, ransomware
7 7 02/04/2019 ? Multiple Targets Research from AT&T Alien Labs discover Xwo, a Python-based bot scanner working in conjunction with the malware families Xbash and MongoLock. Malware Y Multiple Industries CC >1 AT&T Alien Labs, Xwo, Xbash, MongoLock
8 8 02/04/2019 ? Verizon Customers Researchers at Lookout mobile security reveal a new wave of mobile-focused phishing attacks against Verizon customers. Account Hijacking X Individual CC >1 Lookout, Verizon
9 9 02/04/2019 ? Android Users Researchers from Trend Micro discover a new variant of the XLoader Trojan that is targeting Android devices by posing as a security application and using Twitter as a Command and Control. Malware X Individual CC >1 Trend Micro, Xloader, Android, Twitter
10 10 02/04/2019 ? Single Individuals Researchers from Bromium uncover over a dozen servers, unusually registered in the United States, which are hosting ten different malware families spread through phishing campaigns potentially tied to the Necurs botnet. Malware X Individual CC US Bromium, Necurs
ID Date Author Target Description Attack Target Class Attack Class Country Link Tags

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: