Last Updated on May 28, 2019

After the statistics of April, and the ones of the first quarter of this troubled 2019, it’s time to publish the first timeline of May, covering the main cyber events occurred between May 1st and 15th. In this timeline I have collected a total of 73 events (including 4, that took place in April), so despite the average level remains high, the trend is slightly decreasing compared to the previous two timelines.

Let me say that this period of the year is characterized by the Magecart attacks that are now targeting every possible platform, and continue to add high-profile organizations to the unwelcome list of their victims (for example the Forbes Magazine subscription website).

Mega hacks to crypto startups are also back (let’s hope it’s just an isolated occurrence and not the beginning of a new crime spree). Unfortunately this time the criminals have decided to hit Binance and stole more than 7,000 BTC (41 million bucks worth at the time the incident occurred).

And while the identity of 275 million citizens has been compromised thanks to a misconfigured MongoDB immediately exploited by an attacker, ransomware attacks continue to spread: the city of Baltimore, the global information services firm Wolters Kluwer, and the Austrian construction company Porr are just some examples of the victims of this threat that is becoming more and more targeted.

The Cyber Espionage landscape continues to be quite active, while hacktivism seems limited mainly to Italy.

But as usual the timeline is too long to be summarized in a few lines, so feel free to spend some time to browse it, share it, and spread the verb of security awareness throughout the community (and do not forget to follow @paulsparrows on Twitter for the latest updates.

wdt_IDIDDateAuthorTargetDescriptionAttackTarget ClassAttack ClassCountryLinkTags
1104/04/2019?Sylvan Union School DistrictThe Sylvan Union School District is hit by a ransomware attack whose remediation costs exceed $1 million.MalwareP EducationCCUSSylvan Union School District, ransomware
2204/04/2019?Training School of the First Scout Ranger RegimentEmerging reports claim that the website of the training school of the First Scout Ranger Regiment, one of the Philippine Army’s (PA) elite units, was hacked last year.UnknownO Public administration and defence, compulsory social securityCCPHTraining School of the First Scout Ranger Regiment
3322/04/2019?Potter CountyPotter County is hit by Ransomware.MalwareO Public administration and defence, compulsory social securityCCUSPotter County, ransomware.
4423/04/2019?Vulnerable Revive Adserver InstallsRevive Adserver patches two vulnerabilities, one of which may have been used to distribute malware to third-party websites.Revive Adserver VulnerabilityM Professional scientific and technical activitiesCC>1Revive Adserver
5501/05/2019?Telangana State Southern Power Distribution Company Ltd (TSSPDCL)The websites of Telangana State Southern Power Distribution Company Ltd (TSSPDCL) and its AP counterpart were hacked a couple of days ago, disrupting web services, including online payments.MalwareD Electricity gas steam and air conditioning supplyCCINTelangana State Southern Power Distribution Company Ltd TSSPDCL, ransomware
6601/05/2019?57 payment gateways all over the worldSanguine Security researcher Willem de Groot discovers a novel Magecart skimmer with support for 57 payment gateways, ranging from the highly popular Stripe to local processors from Germany, Australia, Brazil, US, UK and others.Malicious Script InjectionY Multiple IndustriesCC>1Sanguine Security, Willem de Groot, Magecart, Stripe
7701/05/2019?Augustana CollegeAugustana College is the victim of a ransomware attack.MalwareP EducationCCUSAugustana College
8801/05/2019?Tertiary Education Subsidy (TES) applicantsOfficials reveal that the Tertiary Education Subsidy (TES) applicants database, containing the private data of 1,130,899 applicants was accessed by unknown intruders on March 16.UnknownP EducationCCPHTertiary Education Subsidy, TES
9902/05/2019?PorrAustrian construction company Porr detects a cyber attack on its communication infrastructure and its telephone lines and emails are disrupted.MalwareM Professional scientific and technical activitiesCCATPorr, ransomware
101002/05/2019?GitHub, GitLab, and Bitbucket usersAttackers are targeting GitHub, GitLab, and Bitbucket users, wiping code and commits from multiple repositories, and leaving behind only a ransom note and a lot of questions.Account HijackingX IndividualCC>1GitHub, GitLab, Bitbucket
IDDateAuthorTargetDescriptionAttackTarget ClassAttack ClassCountryLinkTags

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.