Last Updated on May 28, 2019

After the statistics of April, and the ones of the first quarter of this troubled 2019, it’s time to publish the first timeline of May, covering the main cyber events occurred between May 1st and 15th. In this timeline I have collected a total of 73 events (including 4, that took place in April), so despite the average level remains high, the trend is slightly decreasing compared to the previous two timelines.

Let me say that this period of the year is characterized by the Magecart attacks that are now targeting every possible platform, and continue to add high-profile organizations to the unwelcome list of their victims (for example the Forbes Magazine subscription website).

Mega hacks to crypto startups are also back (let’s hope it’s just an isolated occurrence and not the beginning of a new crime spree). Unfortunately this time the criminals have decided to hit Binance and stole more than 7,000 BTC (41 million bucks worth at the time the incident occurred).

And while the identity of 275 million citizens has been compromised thanks to a misconfigured MongoDB immediately exploited by an attacker, ransomware attacks continue to spread: the city of Baltimore, the global information services firm Wolters Kluwer, and the Austrian construction company Porr are just some examples of the victims of this threat that is becoming more and more targeted.

The Cyber Espionage landscape continues to be quite active, while hacktivism seems limited mainly to Italy.

But as usual the timeline is too long to be summarized in a few lines, so feel free to spend some time to browse it, share it, and spread the verb of security awareness throughout the community (and do not forget to follow @paulsparrows on Twitter for the latest updates.

wdt_IDIDDateAuthorTargetDescriptionAttackTarget ClassAttack ClassCountryLinkTags
1104/04/2019?Sylvan Union School DistrictThe Sylvan Union School District is hit by a ransomware attack whose remediation costs exceed $1 million.MalwareP EducationCCUSSylvan Union School District, ransomware
2204/04/2019?Training School of the First Scout Ranger RegimentEmerging reports claim that the website of the training school of the First Scout Ranger Regiment, one of the Philippine Army’s (PA) elite units, was hacked last year.UnknownO Public administration and defence, compulsory social securityCCPHTraining School of the First Scout Ranger Regiment
3322/04/2019?Potter CountyPotter County is hit by Ransomware.MalwareO Public administration and defence, compulsory social securityCCUSPotter County, ransomware.
4423/04/2019?Vulnerable Revive Adserver InstallsRevive Adserver patches two vulnerabilities, one of which may have been used to distribute malware to third-party websites.Revive Adserver VulnerabilityM Professional scientific and technical activitiesCC>1Revive Adserver
5501/05/2019?Telangana State Southern Power Distribution Company Ltd (TSSPDCL)The websites of Telangana State Southern Power Distribution Company Ltd (TSSPDCL) and its AP counterpart were hacked a couple of days ago, disrupting web services, including online payments.MalwareD Electricity gas steam and air conditioning supplyCCINTelangana State Southern Power Distribution Company Ltd TSSPDCL, ransomware
6601/05/2019?57 payment gateways all over the worldSanguine Security researcher Willem de Groot discovers a novel Magecart skimmer with support for 57 payment gateways, ranging from the highly popular Stripe to local processors from Germany, Australia, Brazil, US, UK and others.Malicious Script InjectionY Multiple IndustriesCC>1Sanguine Security, Willem de Groot, Magecart, Stripe
7701/05/2019?Augustana CollegeAugustana College is the victim of a ransomware attack.MalwareP EducationCCUSAugustana College
8801/05/2019?Tertiary Education Subsidy (TES) applicantsOfficials reveal that the Tertiary Education Subsidy (TES) applicants database, containing the private data of 1,130,899 applicants was accessed by unknown intruders on March 16.UnknownP EducationCCPHTertiary Education Subsidy, TES
9902/05/2019?PorrAustrian construction company Porr detects a cyber attack on its communication infrastructure and its telephone lines and emails are disrupted.MalwareM Professional scientific and technical activitiesCCATPorr, ransomware
101002/05/2019?GitHub, GitLab, and Bitbucket usersAttackers are targeting GitHub, GitLab, and Bitbucket users, wiping code and commits from multiple repositories, and leaving behind only a ransom note and a lot of questions.Account HijackingX IndividualCC>1GitHub, GitLab, Bitbucket
111102/05/2019?Single IndividualsResearchers from Cisco Talos discover a new malware campaign distributing a new Qakbot banking Trojan variant with a novel persistence technique that improves its obfuscation capabilities, assembling the malware from encrypted chunks.MalwareX IndividualCC>1Cisco Talos, Qakbot
121202/05/2019Magecart Group 12OpenCart online storesRiskIQ researcher Yonathan Klijnsma details a large-scale operation carried out by Magecart Group 12 against OpenCart online stores.Malicious Script InjectionY Multiple IndustriesCC>1RiskIQ, Yonathan Klijnsma, Magecart Group 12, OpenCart
131302/05/2019?4000 Compromised Office 365 accountsResearchers from Barracuda Networks reveal the details a massive spam campaign: 1.5 million malicious and spam emails are delivered by threat actors using roughly 4,000 Office 365 accounts compromised during March 2019 within a single month.Account HijackingY Multiple IndustriesCC>1Barracuda Networks, Office 365
141402/05/2019?Banking UsersResearchers at Proofpoint warn of the resurfacing of the Retefe banking Trojan that implements new techniques to avoid detection.MalwareK Financial and insurance activitiesCC>1Proofpoint, Retefe
151503/05/2019MirrorthiefCheckout pages of 201 U.S. and Canadian online campus storesResearchers from Trend Micro reveal that the checkout pages of 201 U.S. and Canadian online campus stores powered by the PrismWeb e-commerce platform were injected by a hacking group with a JavaScript-based payment card skimming script.Malicious Script InjectionP EducationCCUS CATrend Micro, PrismWeb, JavaScript, Magecart, Mirrorthief
161603/05/2019?Multiple TargetsResearchers from Sophos discover MegaCortex, a new ransomware targeting corporate networks and the workstations on them. Once a network is penetrated, the attackers infect the entire network by distributing the ransomware using Windows domain controllers.MalwareY Multiple IndustriesCC>1Sophos, MegaCortex, ransomware
171703/05/2019HamasIsraelAn Hamas cyber attack causes a retaliation airstrike on the Hamas cyber operations center. There are no details on the cyber attack, which, according to reports, was aimed at "harming the quality of life of Israeli citizens".UnknownO Public administration and defence, compulsory social securityCWILHamas, Israel
181803/05/2019SubbyIoT BotnetsA threat actor who goes online by the name of "Subby" has taken over the IoT DDoS botnets of 29 other hackers.Brute-ForceS Other service activitiesCCN/ASubby
191903/05/2019?Vulnerable Oracle WebLogic serversResearchers from Palo Alto Networks reveal another wave of attacks targeting vulnerable Oracle WebLogic servers via CVE-2019-2725 to install Monero miners and ransomware.MalwareY Multiple IndustriesCC>1Palo Alto Networks, Oracle WebLogic, CVE-2019-2725 , Monero, ransomware, crypto
202005/05/2019?Single IndividualsA new sextortion campaign is now sending extortion emails threatening to release compromising tapes if the victims do not send them a $1,500 in bitcoins.SpamX IndividualCC>1Sextortion
212105/05/2019?Airbnb users in UKSeveral Airbnb users complain that their accounts have been “hacked” with some finding holidays unknowingly booked in their name costing thousands of pounds.Account HijackingI Accommodation and food service activitiesCCUKAirbnb
222206/05/2019?Wolters KluwerThe global information services firm Wolters Kluwer is crippled by a ransomware attack.MalwareJ Information and communicationCCNLWolters Kluwer, ransomware
232307/05/2019?City of BaltimoreSystems at a number of Baltimore’s city government departments are taken offline by a ransomware attack caused by the RobbinHood malware.MalwareO Public administration and defence, compulsory social securityCCUSBaltimore, RobbinHood, ransomware
242407/05/2019?BinanceHackers steal more than 7,000 bitcoin ($41 million worth) from crypto exchange Binance, the world’s largest by volume. Malicious actors were able to access user API keys, two-factor authentication codes and “potentially other info.Account HijackingV FintechCC>1Binance, Crypto
252506/05/2019LulzSec Italia Anonymous Italia30,000 Roman lawyers, including the Mayor of Rome Virginia RaggiHackers from LulzSec Italia and Anonymous Italia leak online sensitive data of 30,000 Roman lawyers, including the Mayor of Rome Virginia Raggi.SQLiM Professional scientific and technical activitiesHITLulzSec Italia, Anonymous Italia, Roman lawyers, Virginia Raggi.
IDDateAuthorTargetDescriptionAttackTarget ClassAttack ClassCountryLinkTags

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.