Avast Blog_Security News: Western US power grid hit by 'cyber event'

[harlan4096]

A strange disturbance hits the western US power grid, and a German IT provider holds the line on ransomware in this week's security news

A mysterious entry jumps out from the US Department of Energy report covering emergencies and disturbances for Q1 2019. Without going into any detail, it simply notes that between 9:12 AM and 6:57 PM on March 5 the power grid suffered a “cyber event that causes interruptions of electrical system operations.” Areas affected include Kern County and Los Angeles County in California, Salt Lake County in Utah, and Converse County in Wyoming.

The Western Electricity Coordinating Council (WECC) monitors power grid security across western North America, including the affected areas from the “cyber event.” The council has declined to add any info save to confirm “it was a single entity involved.” Historically, a cyberattack has never been known to impact or disrupt the North American power grid, which would make this an unprecedented event if that is indeed what has occurred.

Questions still surround the “cyber event,” which is broadly defined by the DOE as a disruption to one of their networks “caused by unauthorized access.” Without more pieces of information, it’s unclear if the event was caused by a remote hacker or somebody within the company. While the event caused a disturbance, it did not cause a power outage. If this “cyber incident” “were big enough of an impact, you'd see fairly widespread outages over multiple states. This didn't happen,” Patrick Miller, a critical infrastructure security expert, explained to Motherboard.

Avast Security Analyst Luis Corrons says that whatever sparked the incident, “This is a wake-up call to remember that we rely on computers more than ever and protecting the critical infrastructures of our countries is of the utmost importance.”

Major German IT provider Citycomp blackmailed

The German company Citycomp, provider of tech infrastructure to multinational corporations such as Toshiba, Volkswagen, and Porsche, has been hacked and blackmailed. An entity calling itself Boris Bullet-Dodger perpetrated the hack, demanding $5,000 in return for not releasing the stolen sensitive data online.

“Boris” claims to have been rooting around in the Citycomp system for about a month, during which time he (or they) stole 312,570 files from 51,025 folders, totalling over 516 GB of personal customer data. The hacker(s) also set up a website to begin distributing the stolen info. While “Boris” claims to have specifically targeted Citycomp because “they have an [sic] totally awful security system,” researchers note that Boris’ email address has been the cybercriminal contact for at least one previous ransomware campaign.

In a statement to Dark Reading, the crisis manager for Citycomp commented, “Since Citycomp does not comply with blackmail, the publication of customer data could not be prevented.” The company said all affected Citycomp clients had been alerted, and that they supported the decision not to give in to the blackmail demands. He emphasized that investigation into the matter continues, writing “Our analysts are conducting a profound technical and forensic analysis on the attack.”

Avast’s Corrons praised the response, noting that “Many companies would have been tempted to pay the ransom and hide the incident, especially given the low amount of money involved. However Citycomp refused to engage with the criminal and hopefully law enforcement will capture whoever is behind this attack, discouraging new wannabe cybercriminals.”

Continue Reading