Huge cyber attack hits Georgia and the City of Johannesburg struck by major Ransomware attack

It’s been a very eventful week in the world of cyber following some major cyber attacks.

The nation of Georgia was hit by a massive cyber attack that knocked out thousands of websites and two national TV stations and in South Africa, the city of Johannesburg was brought to its knees following a ransomware attack.

Georgia attack

Over 15,000 websites were defaced and two tv stations were knocked off the air as hackers breached one of the countries local web hosting providers. The nation’s media is calling the breach the largest cyber attack in Georgia’s history and impacted the sites for banks, courts, local newspapers and numerous government agencies.

As the attack was detected, Pro-Service, the local web hosting provider affected shut down customer websites in order to halt the attack, in turn causing the outages reported.

The attack continued throughout Monday 28th October but was ended by 8pm after Pro-Service staff managed to recover more than half of the sites impacted.

Hacktivists or Russia?

According to reports the websites impacted were defaced to display an image of Georgia’s former President Mikheil Saakashvili, with the text ‘I’ll be back’. Saakashvili is well known for being pro-western and now lives in Ukraine. During his term president he was regarded as someone who stood against corruption.

Despite the pro-western leader being splashed onto the defaced websites many suspect the attack was carried out by Russia. In 2008 during the five-day Russia-Georgia War the country was hit by a series of similar attacks. So far there is no available evidence to support the Russian theory.

Ransomware strikes Johannesburg

2019’s ransomware epidemic shows no sign of waning after the South African city of Johannesburg was hit, adding it to the long list of cities, towns and government bodies that have fallen victim this year.

The attack forced the city government’s website offline, took several of its departments out of action and prevented many agencies from accepting payments and other transactions.

The ransomware is thought to have been triggered via a phishing email leading to the hackers demanding that the city pay them four Bitcoins in exchange for unlocking the compromised data and systems. According to the reports the city authorities have refused to pay up, instead focusing on attempts to restore the affected systems.

The attack places Johannesburg on the same list as cities such as Baltimore and many others. The criminals behind the attacks have switched tactics over the past year or two by focusing on government departments rather than businesses. The reason behind this is that these agencies have to provide services to the population and are therefore seen to be more likely to pay up due to the pressure they will come under from frustrated citizens. Smaller government departments are also more likely to be using legacy software and have smaller cybersecurity budgets available.

Read More: 2019’s Ransomware epidemic claims more victims

United Nations target of Spear Phishing Campaign

You might think that an organisation the size of the UN would have the best cybersecurity in the world, but that hasn’t stopped hackers from launching a sustained spear phishing campaign against its employees and those from other NGOs.

According to security firm Lookout, the spear phishing campaign has been underway since March with the hackers using compromised Office 365 credentials attained via phishing attacks in order to infiltrate the UN’s systems and create phishing websites that imitate the organisations sign-in page. The goal of the hackers was to steal employee login details.

Avoiding fake phishing sites

There’re a few ways to avoiding a phishing website, these include;

  • Always check the URL of the site before clicking it. Fake links generally imitate established websites, often by adding unnecessary words and domains.
  • Check the spelling of the website. Often, fake sites are spelt incorrectly.
  • Hover over any hyperlinked text before clicking to check for errors and whether it is prefixed with HTTPS (although this doesn’t 100% guarantee a site is legit)
  • Is the quality of the website substandard? If it is then it’s more likely to be dodgy. Most businesses tend to invest a lot of money into making polished and refined websites.

For Further Reading -

Don’t get reeled in by Phishers

Don’t have a Cyber Scare this Halloween

Where’s your business’s ‘crown jewels’ and how to protect them

Want to try CyberScore? Click here for a free trial - cyberscore.com/trial

Claim your FREE A-Z Glossary HERE or Cyber basics eBook HERE

Follow us on FacebookTwitter and LinkedIn and sign up to our newsletter