Week 44 Cyberattack Digest 2019 – Spanish radio, the City of Joburg, 15,000 Georgian websites
Welcome to the cyberattack digest week 44. This time we will talk not only about some particular incidents, but even cyberattack floods descending on different countries.
Ransomware virus affects Spanish radio
by Reuters – 4 November, 2019
Spain has fallen victim of a series of cyber incidents, that affected a number of companies including Cadena SER radio. The security issues were caused by a ransomware virus that impacted Cadena Ser’s local broadcasts. Still, according to the owner of a chain of local and countryside stations, the national output was not involved in the attack. “We have been recommended not to work on our computers in a network environment,” a source at the station commented. The rest of the victims were not named by The National Security Department.
Malefactors demanding a ransomware from Joburg
by Hashed Out – 29 October, 2019
Spain was not the only country that experienced a series of cyber incidents recently as several major South African organizations have been involved in security incidents as well.
Last Thursday, Oct. 24th, the City of Joburg revealed that the city network had been hit by a cyberattack. The breach was caused by a ransomware attack with hackers demanding a ransom of four Bitcoins (about R500,000 South African Rand or $37,000 USD). The malefactor or malefactors claimed to have obtained backdoors into the city systems and threatened to upload the stolen records online. Following the cyber incident, the main city systems were shut down, online services and bill payments were disabled al well. According to the city officials, the breach was accurately “timed to coincide with all City month end processes affecting both supplier payments and customer payments.”
The investigation is currently ongoing, but it’s no surprise that the incident has impacted the city and its citizens a lot.
Meanwhile, several DDoS attacks were performed on a number of websites of large South African banks. These included Standard Bank and ABSA. Despite the fact that the attack related to a different type, the attacker’s goal was the same: the malefactor wanted to get a ransom. As a result of the incident, several transactions were delayed and some services went down.
The CEO of the South African Banking Risk Information Centre (SABRIC), Susan Potgieter, commented: “We must emphasize that DDoS attacks like this one do not involve hacking or a data breach and therefore no customer data is at risk. It does however, involve increased traffic on networks necessary to access public facing services. This may cause minor disruptions.”
15,000 Georgian websites are affected by a wave of cyberattacks
by BBC – 28 October, 2019
Finally, a wave of cyberattacks affected Georgia as well. Many website experienced a cyberattack that is also called defacement, as a result of which home pages are replaced with some images. This time the malefactors placed there an image of former President Mikheil Saakashvili and the caption “I’ll be back”.
While the real origin of the attack remains unknown, BBC Caucasus correspondent Rayhan Demytrie commented that people on social media were presuming that Russia might be behind the malicious actions. Over 15,000 pages were touched by the flood of cyberattacks. Among the affected websites, there were the presidential website, non-government organisations and private companies. According to cyber security experts, government websites of Georgia were “poorly protected and vulnerable to attack”.
“The scale of this attack is something we haven’t seen before,” commented Prof Alan Woodward, cyber security expert at Surrey University.