It’s been a very eventful week in the world of cyber following some major cyber attacks.
The nation of Georgia was hit by a massive cyber attack that knocked out thousands of websites and two national TV stations and in South Africa, the city of Johannesburg was brought to its knees following a ransomware attack.
Over 15,000 websites were defaced and two tv stations were knocked off the air as hackers breached one of the countries local web hosting providers. The nation’s media is calling the breach the largest cyber attack in Georgia’s history and impacted the sites for banks, courts, local newspapers and numerous government agencies.
As the attack was detected, Pro-Service, the local web hosting provider affected shut down customer websites in order to halt the attack, in turn causing the outages reported.
The attack continued throughout Monday 28th October but was ended by 8pm after Pro-Service staff managed to recover more than half of the sites impacted.
According to reports the websites impacted were defaced to display an image of Georgia’s former President Mikheil Saakashvili, with the text ‘I’ll be back’. Saakashvili is well known for being pro-western and now lives in Ukraine. During his term president he was regarded as someone who stood against corruption.
Despite the pro-western leader being splashed onto the defaced websites many suspect the attack was carried out by Russia. In 2008 during the five-day Russia-Georgia War the country was hit by a series of similar attacks. So far there is no available evidence to support the Russian theory.
2019’s ransomware epidemic shows no sign of waning after the South African city of Johannesburg was hit, adding it to the long list of cities, towns and government bodies that have fallen victim this year.
The attack forced the city government’s website offline, took several of its departments out of action and prevented many agencies from accepting payments and other transactions.
The ransomware is thought to have been triggered via a phishing email leading to the hackers demanding that the city pay them four Bitcoins in exchange for unlocking the compromised data and systems. According to the reports the city authorities have refused to pay up, instead focusing on attempts to restore the affected systems.
The attack places Johannesburg on the same list as cities such as Baltimore and many others. The criminals behind the attacks have switched tactics over the past year or two by focusing on government departments rather than businesses. The reason behind this is that these agencies have to provide services to the population and are therefore seen to be more likely to pay up due to the pressure they will come under from frustrated citizens. Smaller government departments are also more likely to be using legacy software and have smaller cybersecurity budgets available.
You might think that an organisation the size of the UN would have the best cybersecurity in the world, but that hasn’t stopped hackers from launching a sustained spear phishing campaign against its employees and those from other NGOs.
According to security firm Lookout, the spear phishing campaign has been underway since March with the hackers using compromised Office 365 credentials attained via phishing attacks in order to infiltrate the UN’s systems and create phishing websites that imitate the organisations sign-in page. The goal of the hackers was to steal employee login details.
There’re a few ways to avoiding a phishing website, these include;
Want to try CyberScore? Click here for a free trial - cyberscore.com/trial