Week 19 Cyberattack Digest 2019 – U.S. grid, MongoDB, Baltimore’s government and others
We hope that all of you have been waiting for a new portion of the hottest cyber attack articles as we have prepared our new weekly cyberattack digest. Enjoy!
The damage of first cyberattack on U.S. grid is assessed
by E&E News – 6 May 2019
A week ago, the U.S. power sector experienced a malicious “cyber event” as an anonymous Western utility first reported about disrupted grid operations. The incident itself took place two months ago. On March 5, a “denial-of-service” attack disabled Cisco Adaptive Security Appliance devices that were ringing power grid control systems in Utah, Wyoming and California. The incident was highlighted by multiple sources and a vague summary of a Department of Energy filing. The attack resulted in no blackouts, no harm to power generation. Also, there was happily very little effect on the Western transmission grid, according to the officials. The most obvious impact was a temporary loss of visibility to certain parts of the utility’s supervisory control and data acquisition (SCADA) system. Still, all major transmission operators in the regions affected denied having been hit by the denial-of-service attack.
Another huge database exposed on the Internet
by Bleeping Computer – 8 May 2019
It came to light recently that another huge MongoDB database with 275,265,298 records of Indians detailing personally identifiable information (PII) was exposed on the on the Internet for over a couple of weeks. The incident was discovered by a Security Discovery researcher Bob Diachenko; the database was hosted on Amazon AWS. The expert found out that the exposed records included critical data such as name, gender, date of birth, email, mobile phone number, education details, professional info (employer, employment history, skills, functional area), and current salary for each of the database records. The investigation did not reveal any information that would link the leaked information to a specific owner. Bob Diachenko “immediately notified Indian CERT team on the incident, however, database remained open and searchable until today, May 8th, when it got dropped by hackers known as ‘Unistellar’ group.”
Baltimore’s government servers are affected by a ransomware
by WTOP – 7 May 2019
Last week, Baltimore’s government shut down the majority of its computer servers as a result of a ransomware virus. Officials hope the virus has not affected critical public safety systems. FBI’s cyber squad agents were helping city IT employees investigate the case and find the source of the cyberattack. Baltimore Mayor Bernard “Jack” Young revealed that police, fire and EMS dispatch systems have not been touched, but other layers of the mid-Atlantic city’s network have been “infected with a ransomware virus.”