After the statistics of April, and the ones of the first quarter of this troubled 2019, it’s time to publish the first timeline of May, covering the main cyber events occurred between May 1st and 15th. In this timeline I have collected a total of 73 events (including 4, that took place in April), so despite the average level remains high, the trend is slightly decreasing compared to the previous two timelines.
Let me say that this period of the year is characterized by the Magecart attacks that are now targeting every possible platform, and continue to add high-profile organizations to the unwelcome list of their victims (for example the Forbes Magazine subscription website).
Mega hacks to crypto startups are also back (let’s hope it’s just an isolated occurrence and not the beginning of a new crime spree). Unfortunately this time the criminals have decided to hit Binance and stole more than 7,000 BTC (41 million bucks worth at the time the incident occurred).
And while the identity of 275 million citizens has been compromised thanks to a misconfigured MongoDB immediately exploited by an attacker, ransomware attacks continue to spread: the city of Baltimore, the global information services firm Wolters Kluwer, and the Austrian construction company Porr are just some examples of the victims of this threat that is becoming more and more targeted.
The Cyber Espionage landscape continues to be quite active, while hacktivism seems limited mainly to Italy.
But as usual the timeline is too long to be summarized in a few lines, so feel free to spend some time to browse it, share it, and spread the verb of security awareness throughout the community (and do not forget to follow @paulsparrows on Twitter for the latest updates.
wdt_ID
ID
Date
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
1
1
04/04/2019
?
Sylvan Union School District
The Sylvan Union School District is hit by a ransomware attack whose remediation costs exceed $1 million.
Malware
P Education
CC
US
Sylvan Union School District, ransomware
2
2
04/04/2019
?
Training School of the First Scout Ranger Regiment
Emerging reports claim that the website of the training school of the First Scout Ranger Regiment, one of the Philippine Army’s (PA) elite units, was hacked last year.
Unknown
O Public administration and defence, compulsory social security
CC
PH
Training School of the First Scout Ranger Regiment
3
3
22/04/2019
?
Potter County
Potter County is hit by Ransomware.
Malware
O Public administration and defence, compulsory social security
CC
US
Potter County, ransomware.
4
4
23/04/2019
?
Vulnerable Revive Adserver Installs
Revive Adserver patches two vulnerabilities, one of which may have been used to distribute malware to third-party websites.
Revive Adserver Vulnerability
M Professional scientific and technical activities
CC
>1
Revive Adserver
5
5
01/05/2019
?
Telangana State Southern Power Distribution Company Ltd (TSSPDCL)
The websites of Telangana State Southern Power Distribution Company Ltd (TSSPDCL) and its AP counterpart were hacked a couple of days ago, disrupting web services, including online payments.
Malware
D Electricity gas steam and air conditioning supply
CC
IN
Telangana State Southern Power Distribution Company Ltd TSSPDCL, ransomware
6
6
01/05/2019
?
57 payment gateways all over the world
Sanguine Security researcher Willem de Groot discovers a novel Magecart skimmer with support for 57 payment gateways, ranging from the highly popular Stripe to local processors from Germany, Australia, Brazil, US, UK and others.
Malicious Script Injection
Y Multiple Industries
CC
>1
Sanguine Security, Willem de Groot, Magecart, Stripe
7
7
01/05/2019
?
Augustana College
Augustana College is the victim of a ransomware attack.
Malware
P Education
CC
US
Augustana College
8
8
01/05/2019
?
Tertiary Education Subsidy (TES) applicants
Officials reveal that the Tertiary Education Subsidy (TES) applicants database, containing the private data of 1,130,899 applicants was accessed by unknown intruders on March 16.
Unknown
P Education
CC
PH
Tertiary Education Subsidy, TES
9
9
02/05/2019
?
Porr
Austrian construction company Porr detects a cyber attack on its communication infrastructure and its telephone lines and emails are disrupted.
Malware
M Professional scientific and technical activities
CC
AT
Porr, ransomware
10
10
02/05/2019
?
GitHub, GitLab, and Bitbucket users
Attackers are targeting GitHub, GitLab, and Bitbucket users, wiping code and commits from multiple repositories, and leaving behind only a ransom note and a lot of questions.