After the statistics of April, and the ones of the first quarter of this troubled 2019, it’s time to publish the first timeline of May, covering the main cyber events occurred between May 1st and 15th. In this timeline I have collected a total of 73 events (including 4, that took place in April), so despite the average level remains high, the trend is slightly decreasing compared to the previous two timelines.
Let me say that this period of the year is characterized by the Magecart attacks that are now targeting every possible platform, and continue to add high-profile organizations to the unwelcome list of their victims (for example the Forbes Magazine subscription website).
Mega hacks to crypto startups are also back (let’s hope it’s just an isolated occurrence and not the beginning of a new crime spree). Unfortunately this time the criminals have decided to hit Binance and stole more than 7,000 BTC (41 million bucks worth at the time the incident occurred).
And while the identity of 275 million citizens has been compromised thanks to a misconfigured MongoDB immediately exploited by an attacker, ransomware attacks continue to spread: the city of Baltimore, the global information services firm Wolters Kluwer, and the Austrian construction company Porr are just some examples of the victims of this threat that is becoming more and more targeted.
The Cyber Espionage landscape continues to be quite active, while hacktivism seems limited mainly to Italy.
But as usual the timeline is too long to be summarized in a few lines, so feel free to spend some time to browse it, share it, and spread the verb of security awareness throughout the community (and do not forget to follow @paulsparrows on Twitter for the latest updates.
wdt_ID
ID
Date
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
1
1
04/04/2019
?
Sylvan Union School District
The Sylvan Union School District is hit by a ransomware attack whose remediation costs exceed $1 million.
Malware
P Education
CC
US
Sylvan Union School District, ransomware
2
2
04/04/2019
?
Training School of the First Scout Ranger Regiment
Emerging reports claim that the website of the training school of the First Scout Ranger Regiment, one of the Philippine Army’s (PA) elite units, was hacked last year.
Unknown
O Public administration and defence, compulsory social security
CC
PH
Training School of the First Scout Ranger Regiment
3
3
22/04/2019
?
Potter County
Potter County is hit by Ransomware.
Malware
O Public administration and defence, compulsory social security
CC
US
Potter County, ransomware.
4
4
23/04/2019
?
Vulnerable Revive Adserver Installs
Revive Adserver patches two vulnerabilities, one of which may have been used to distribute malware to third-party websites.
Revive Adserver Vulnerability
M Professional scientific and technical activities
CC
>1
Revive Adserver
5
5
01/05/2019
?
Telangana State Southern Power Distribution Company Ltd (TSSPDCL)
The websites of Telangana State Southern Power Distribution Company Ltd (TSSPDCL) and its AP counterpart were hacked a couple of days ago, disrupting web services, including online payments.
Malware
D Electricity gas steam and air conditioning supply
CC
IN
Telangana State Southern Power Distribution Company Ltd TSSPDCL, ransomware
6
6
01/05/2019
?
57 payment gateways all over the world
Sanguine Security researcher Willem de Groot discovers a novel Magecart skimmer with support for 57 payment gateways, ranging from the highly popular Stripe to local processors from Germany, Australia, Brazil, US, UK and others.
Malicious Script Injection
Y Multiple Industries
CC
>1
Sanguine Security, Willem de Groot, Magecart, Stripe
7
7
01/05/2019
?
Augustana College
Augustana College is the victim of a ransomware attack.
Malware
P Education
CC
US
Augustana College
8
8
01/05/2019
?
Tertiary Education Subsidy (TES) applicants
Officials reveal that the Tertiary Education Subsidy (TES) applicants database, containing the private data of 1,130,899 applicants was accessed by unknown intruders on March 16.
Unknown
P Education
CC
PH
Tertiary Education Subsidy, TES
9
9
02/05/2019
?
Porr
Austrian construction company Porr detects a cyber attack on its communication infrastructure and its telephone lines and emails are disrupted.
Malware
M Professional scientific and technical activities
CC
AT
Porr, ransomware
10
10
02/05/2019
?
GitHub, GitLab, and Bitbucket users
Attackers are targeting GitHub, GitLab, and Bitbucket users, wiping code and commits from multiple repositories, and leaving behind only a ransom note and a lot of questions.
Account Hijacking
X Individual
CC
>1
GitHub, GitLab, Bitbucket
11
11
02/05/2019
?
Single Individuals
Researchers from Cisco Talos discover a new malware campaign distributing a new Qakbot banking Trojan variant with a novel persistence technique that improves its obfuscation capabilities, assembling the malware from encrypted chunks.
Malware
X Individual
CC
>1
Cisco Talos, Qakbot
12
12
02/05/2019
Magecart Group 12
OpenCart online stores
RiskIQ researcher Yonathan Klijnsma details a large-scale operation carried out by Magecart Group 12 against OpenCart online stores.
Malicious Script Injection
Y Multiple Industries
CC
>1
RiskIQ, Yonathan Klijnsma, Magecart Group 12, OpenCart
13
13
02/05/2019
?
4000 Compromised Office 365 accounts
Researchers from Barracuda Networks reveal the details a massive spam campaign: 1.5 million malicious and spam emails are delivered by threat actors using roughly 4,000 Office 365 accounts compromised during March 2019 within a single month.
Account Hijacking
Y Multiple Industries
CC
>1
Barracuda Networks, Office 365
14
14
02/05/2019
?
Banking Users
Researchers at Proofpoint warn of the resurfacing of the Retefe banking Trojan that implements new techniques to avoid detection.
Malware
K Financial and insurance activities
CC
>1
Proofpoint, Retefe
15
15
03/05/2019
Mirrorthief
Checkout pages of 201 U.S. and Canadian online campus stores
Researchers from Trend Micro reveal that the checkout pages of 201 U.S. and Canadian online campus stores powered by the PrismWeb e-commerce platform were injected by a hacking group with a JavaScript-based payment card skimming script.
Researchers from Sophos discover MegaCortex, a new ransomware targeting corporate networks and the workstations on them. Once a network is penetrated, the attackers infect the entire network by distributing the ransomware using Windows domain controllers.
Malware
Y Multiple Industries
CC
>1
Sophos, MegaCortex, ransomware
17
17
03/05/2019
Hamas
Israel
An Hamas cyber attack causes a retaliation airstrike on the Hamas cyber operations center. There are no details on the cyber attack, which, according to reports, was aimed at "harming the quality of life of Israeli citizens".
Unknown
O Public administration and defence, compulsory social security
CW
IL
Hamas, Israel
18
18
03/05/2019
Subby
IoT Botnets
A threat actor who goes online by the name of "Subby" has taken over the IoT DDoS botnets of 29 other hackers.
Brute-Force
S Other service activities
CC
N/A
Subby
19
19
03/05/2019
?
Vulnerable Oracle WebLogic servers
Researchers from Palo Alto Networks reveal another wave of attacks targeting vulnerable Oracle WebLogic servers via CVE-2019-2725 to install Monero miners and ransomware.
A new sextortion campaign is now sending extortion emails threatening to release compromising tapes if the victims do not send them a $1,500 in bitcoins.
Spam
X Individual
CC
>1
Sextortion
21
21
05/05/2019
?
Airbnb users in UK
Several Airbnb users complain that their accounts have been “hacked” with some finding holidays unknowingly booked in their name costing thousands of pounds.
Account Hijacking
I Accommodation and food service activities
CC
UK
Airbnb
22
22
06/05/2019
?
Wolters Kluwer
The global information services firm Wolters Kluwer is crippled by a ransomware attack.
Malware
J Information and communication
CC
NL
Wolters Kluwer, ransomware
23
23
07/05/2019
?
City of Baltimore
Systems at a number of Baltimore’s city government departments are taken offline by a ransomware attack caused by the RobbinHood malware.
Malware
O Public administration and defence, compulsory social security
CC
US
Baltimore, RobbinHood, ransomware
24
24
07/05/2019
?
Binance
Hackers steal more than 7,000 bitcoin ($41 million worth) from crypto exchange Binance, the world’s largest by volume. Malicious actors were able to access user API keys, two-factor authentication codes and “potentially other info.
Account Hijacking
V Fintech
CC
>1
Binance, Crypto
25
25
06/05/2019
LulzSec Italia
Anonymous Italia
30,000 Roman lawyers, including the Mayor of Rome Virginia Raggi
Hackers from LulzSec Italia and Anonymous Italia leak online sensitive data of 30,000 Roman lawyers, including the Mayor of Rome Virginia Raggi.
SQLi
M Professional scientific and technical activities
H
IT
LulzSec Italia, Anonymous Italia, Roman lawyers, Virginia Raggi.
