Joburg cyber attack: Cities among fastest growing targets of hackers

25 October 2019 - 19:48 By TimesLIVE
The City of Johannesburg received a bitcoin ransom note from the Shadow Kill Hackers after a computer network breach.
The City of Johannesburg received a bitcoin ransom note from the Shadow Kill Hackers after a computer network breach.
Image: 123RF/dolgachov

City Power warned customers on Friday they could not report faults via the city's call centre due to a computer network security breach by a group seeking a bitcoin ransom.

The city reported a breach of its network late on Thursday night and shut down its website e-services.

“They have isolated their network and applications,” said City Power spokesperson Isaac Mangena. “This affects City Power in that our customers will not be able to log calls on the City of Johannesburg call centre.”

The customer billing system was also affected. Customers were urged to use the app to log calls instead.

“We urge the customers not to panic as the IT teams from all the city's utilities and cybersecurity experts have been working since last night to attend to this,” said Mangena.

City Power had to rope in “strategic external partners” who were experts in cyber security after being hit by a ransomware virus that temporarily encrypted its computer databases, applications and network in July.

Anton Ivanov, security researcher at global cybersecurity company Kaspersky said in a statement on Friday that the threat of ransomware remained as powerful as ever. The company’s detection data showed that “larger organisations, such as city authorities and enterprises, are the fastest growing target”.

“Attacks on urban infrastructure are often worryingly successful, with far-reaching impact on essential systems and processes, affecting not just the authority itself but local businesses and citizens.”

Cities became targets as they ran vast networks of connected technology that could be hard to update, manage and patch effectively, or “because the attackers believe they may be more inclined to pay the ransom to avoid recovery costs that can be many times higher than the ransom fee”. 

Kaspersky recommended securing all data, devices and networks with robust security software but cautioned that with many non-technical employees, located across different sites, “employee training and awareness is probably the greatest priority”.

Security expert and J2 Software CEO John McLoughlin said that the global cybersecurity market was booming and security spend had started outpacing IT spend.

However, adoption in SA was not yet growing at the same rate, although there was growth in interest and understanding of the need to do more to protect against cyber threats.

Cybersecurity should be a high priority for information-based organisations such as banks, financial institutions, insurance companies, telcos, municipalities and power utilities.

“These industries are already experiencing paralysing attacks that stop critical services such as electricity and water supply. These crippling cyber attacks will ultimately result in increased spend as they cause unprecedented loss of revenue,” said McLoughlin.

BusinessLIVE reported that the SA Banking Risk Information Centre (Sabric) confirmed on Friday that the banking industry had been hit by a wave of ransom-driven distributed denial-of-service (DDoS) attacks but said it had not involved hacking or a data breach.

The attack on the industry happened on Wednesday targeting various public-facing services across multiple banks, it said. The attacks started with a ransom note.

Because the attacks did not involving hacking or a data breach, customer data was not at risk, Sabric said. Increased traffic on networks, however, could cause minor disruptions.