Week 10 Cyberattack Digest 2019 – Venezuela’s blackout, Jackson County emergency services, Ramnit Worm and others
Welcome to our weekly cyber attack digest. Hope you have been waiting for our new weekly compilation of the hottest cyber incidents.
Cyberattack causing complete blackout in Venezuela
by Al Jazeera – 10 March 2019
According to Venezuela’s President Nicolas Maduro, the country’s complete blackout took place due to “an international cyber-attack”. Still, the president’s administration has “defeated their coup”. Electrical failures once again affected Venezuela on Sunday, and this was another hardship besides economic and political crises. The incident made worse tensions between the opposition and government loyalists. These accused each other of being responsible for the blackout. “I will tell this for the first time. We are in the process of investigation and correcting it all because there are many infiltrators attacking the electrical company from within,” said Maduro last Saturday. Lorelei Gorrin, an emergency surgeon, claimed that she had just completed one of the toughest shifts of her life saying: “I didn’t stop receiving patients. We could only help those who had life-threatening issues.”
Jackson County emergency services affected
by 11alive.com – 11 March 2019
A recent ransomware attack that hit Jackson County emergency services and the government’s computer systems finally cost the rural community $400,000. According to the county manager Kevin Poe, cybersecurity experts hired by the county paid the ransom in the crypto-currency, Bitcoin, which is difficult to trace. It is still unknown how the hackers managed to access to the government systems without being arrested. Jackson County’s computer system was hit by a malware late on March 1 or early the next day affecting many county offices. The incident had minimal impact on Jackson County’s 911 system as the county’s emergency medical services are issued through a third-party. Officials started the decryption process last Friday.
A new international phishing campaign is discovered
by SC Media – 6 March 2019
A re-emerging international phishing campaign that has been discovered recently is said to deliver Ramnit Worm/Botnet malware. The malware targets financial organisations in Asia. Some experts believe it is also heading for the UK as well. According to the researchers from CyberInt, it is only enough for the fake email to be opened by a member of staff, and then the malware executes on the victim’s machine installing a malicious file on the corporate network. This happens without even the knowledge of the victim who started all the process. The attacks have already been noticed in the Philippines and used a known variant of Ramnit worm/botnet trojan. By examining the executable code revealed that there had been various anti-analysis techniques deployed. Also, hackers applied hidden code designed to protect the financial institution’s most sensitive data. “This was a highly-sophisticated phishing campaign, potentially originating in Russia, has already targeted major financial institutions in Asia and now threatens banks in regions such as the UK and the US,” explained Jason Hill, CyberInt’s senior analyst. “Each S/MIME email certificate contains the sender’s authenticated email address, giving the receiver the means to confirm that requests for wire transfers and information of any kind come from authorised parties,” commented Tim Callan from Sectigo.