Week 32 Cyberattack Digest 2019 – Baltimore City, Naples, State Farm Insurance and others
It is Monday again, and, as always, we have a new portion of cyber incidents for you in our week 32 cyberattack digest.
Bills rising after Baltimore City ransomware
by Patch – 6 May, 2019
Water bills have started rising once again after Baltimore City experienced a ransomware attack that has been affecting its network for three months
The attack took place on May 6, and water bills started to trickle out to residents Aug. 7. According to public works officials, the city is issuing bills in batches of 10,000 a day, which will reflect charges for April, May, June and July. When the attack happened fist, residents could not pay their water bills or parking tickets, and real estate agents could not process settlement transactions. City email services were unavailable, and city offices had to create Gmail addresses.
Naples loses $700,000 in a cyberattack
by WPTV – 5 August, 2019
The southwest Florida officials reveal that the city of Naples lost $700,000 as a result of a recent cyberattack.
The incident was a “spear phishing” attack that targeted a certain employee or department and appeared to be from a reliable source. The money was transferred to a fake bank account provided by a malefactor who was posing as a representative from the Wright Construction Group that was doing infrastructure work in Naples at that time.
City Manager Charles Chapman supposes that the incident was an isolated attack and there is no evidence that any city’s data systems have been impacted. A criminal investigation is currently ongoing.
State Farm insurance provider loses credentials
by Security Magazine – 8 August, 2019
The State Farm insurance provider of the US has experienced a credential stuffing attack. The firm acknowledged the cyberattack and filed a data breach notification with the California Attorney General
“Notice of Data Breach” emails have been sent out to users whose online account log-in credentials had been presumably obtained by the criminals. The insurer’s data breach notification email contained the following text: “State Farm recently detected an information security incident in which a bad actor used a list of user IDs and passwords obtained from some other source, like the dark web, to attempt to access to State Farm online accounts. During our investigation, we determined that the bad actor possessed the user ID and password for your State Farm online account.”
20-year-old hacks police websites
by Sky News – 12 August, 2019
A 20-year-old hacker has been jailed for 16 months for performing cyberattacks on police websites
Liam Reece Watts implemented specialist software to overload the Greater Manchester Police and Cheshire Police websites in separate attacks. These actions temporarily made the sites go offline. He said the attack on Cheshire Police was associated with a previous conviction over a bomb hoax which he made after the Manchester Arena bombing. The systems became victims of DDoS attacks, as a result of which websites were targeted by a network of computers, or botnet.
The attack on the Cheshire Police website also affected the Cheshire police and crime commissioner’s site. Watts, from Chorley in Lancashire, claimed on social media that he enjoyed bringing the sites down following the attacks in August 2018 and March 2019. The young man admitted to performing the attack after police searched his home. In his Twitter account, Watts said: “@Cheshirepolice want to send me to prison for a bomb hoax I never did, here you f****** go, here is what I’m guilty of.”