The Johannesburg Ransomware Attack: crippling a city to darkness


Undefined

Last week, we read in the news that Johannesburg’s City Power, the public organization delivering power to South Africa’s financial hub, was hit with a ransomware attack that essentially left its residents in the dark.

The outage was initially thought to be a consequence of cold weather, however it turned out to be a cyber-attack on City Power’s infrastructure which resulted in databases and applications being encrypted. This left City Power’s customers – residents and businesses – unable to buy electricity as well as affecting the company’s website, response time to calls and hindering the operation of internal systems.

Ramifications of a Ransomware Attack

As we have seen with huge attacks on organizations such as the NHS and even cities like Copenhagen, a ransomware attack is extremely disruptive and can be physically dangerous, both for a company and citizens. While a ransomware attack has the ability to shut down entire systems and take any business back to ‘pen and paper’, if the right data is stolen and held to ransom, citizen safety can also be put at risk. 

In this instance, no citizen data was compromised nor were any citizens harmed in the attack but we do have to think about the wider ramifications of a ransomware attack in a time where much of what we do – in our personal lives and for business – relies on the Internet.

The Threat of Innovation

In the past, Critical National Infrastructure (CNI) was better insulated from cyber-attacks because control systems were traditionally isolated from general IP networks and the Internet. Today however, connectivity has increased, and we are now reliant on the Internet to do almost anything, including paying bills for utilities. By taking out the systems that citizens use to pay their bills, the cybercriminals effectively performed a denial of service on the city’s electricity company.

Electricity companies form a significant part of a nations Critical National Infrastructure (CNI), meaning it’s an asset that is essential for the functioning of a society and economy. We often think of attacks on utility companies as being driven through the SCADA control network, and while there was no customer data stolen in this incident, it has highlighted the potential for an alternative means of attack that has a similar result:  disruption and ultimately a lack of service to citizens. Understanding this approach as a new attack vector for a denial of service is important, and shows it is vital to have effective cyber security measures in place that can sufficiently protect this infrastructure to mitigate the risk.

Protecting Critical National Infrastructure

Utility companies and other organizations which rely on the Internet to enable critical services like electricity to be bought need to be proactive in protecting their Internet-facing infrastructure from attack. Another trend is for organizations to enable the general public to upload or share information via the Internet which is also creating new risks. For example, maliciously weaponized files can be uploaded to systems which, when opened, can result in a ransomware attack successfully spreading through the entire system.

To tackle this, organizations need to think like the cybercriminals do and investigate how their new business processes can be exploited by an attack. This includes having the IT/security teams being involved when planning the implementation of new technologies, processes and services as well as regularly commissioning penetration testing so vulnerabilities can be identified and rectified.

Additionally, it is vital for organizations to have suitable security solutions in place that adapt to the changing threatscape. Technology needs to act as a safety net for businesses, catching things that cannot be seen or handled by staff – and malicious files being uploaded to a portal is a prime example of this. For example, Clearswift’s SECURE Web Gateway or SECURE ICAP Gateway incorporate advanced inspection and security features that have the ability to identify, analyze and sanitize any hidden malware in documents and files entering a corporate network. This ensures that any malicious content is removed before it can infect the network. 

CNI organizations can’t stand still while the rest of the world moves forward and innovates but they do need to be much more thorough with their cyber security strategies to ensure a major attack doesn’t cause chaos. While Johannesburg had back-up plans in place that could deal with the outage, the next city might not be so lucky. Even worse, next time, it could cause a nationwide blackout AND steal customer data which would cause havoc for months, if not years.

 

Additional Information:

Clearswift Advanced Threat Protection

Clearswift Adaptive Data Loss Prevention

Clearswift Web Security & Data Protection Security Solutions

Clearswift Email Security & Data Protection Solutions

*** This is a Security Bloggers Network syndicated blog from Clearswift Blog authored by James.Cox. Read the original post at: https://www.clearswift.com/blog/2019/08/01/johannesburg-ransomware-attack-crippling-city-darkness