The initial news reports were breathless. \u201cHackers are Hitting Israel\u2019s Power Grid!\u201d gushed TechInsider. The International Business Times went even further, \u201cIsrael: Electricity board crippled by ransomware cyberattack causing widespread panic!\u201d<\/p>\n
Only, it wasn’t true.<\/p>\n
Yes, on January 25 Israel’s Electricity Authority was hit by a cyber attack.<\/p>\n
Yes, the attack severely crippled 100s of Windows PC workstations inside their firewall.<\/p>\n
No, the attackers did not shut down parts of the nation\u2019s electricity grid.<\/p>\n
No, it wasn’t terrorists.<\/p>\n
It\u2019s actually more mundane than all of that. It was a phishing attack that injected CryptoLocker into a bunch of Windows PCs. And that is precisely why I’m writing about it today.<\/p>\n
Here\u2019s what really happened. On January 25 an unnamed employee of the Electricity Authority opened her email, saw what looked to be an email she should open and opened it.<\/p>\n
That\u2019s all it took. Within minutes 100s of workstations inside the network were loaded with CryptoLocker \u2013 a widely-used form of ransomware.<\/p>\n
The rest we’ve heard before. Machines were paralyzed. Servers went offline. It was the usual CryptoLocker shit storm.<\/p>\n
So here we are again. A simple phishing attack ends up loading a bunch of malware into an office network, hijacking PC workstations. Their firewall didn\u2019t matter. If each workstation was running anti-virus and malware protection that obviously didn\u2019t matter, either.<\/p>\n
What might have happened if the hackers instead chose to load malware that worked quietly in the background, harvesting key company data, collecting bank account logins and passwords? Theft on a grand scale. And who is to say that won\u2019t happen? We know about the CryptoLocker attack. But what if that was a distraction added to the attack to misdirect and otherwise lull the Electricity Authority into thinking that, once they dealt with CryptoLocker, all was well?<\/p>\n
Meanwhile the real dirty stuff is working in the background in these infected PC workstations, laying in wait for a bigger kill.<\/p>\n
This is precisely why all businesses should cordon-off their financial transactions through a service like BankVault. You can’t hack something that doesn’t exist.<\/p>\n
(By the way, the Israel Electrical Authority doesn’t even have access to their grid. It\u2019s a regulatory body that sets tariffs and otherwise provides oversight to Israel\u2019s electrical generators, transmitters and power stations.)<\/p>\n","protected":false},"excerpt":{"rendered":"
Hackers Instead Launch Mundane But Successful Phishing Attack on Office Network with CryptoLocker. The initial news reports were breathless. \u201cHackers are Hitting Israel\u2019s Power Grid!\u201d gushed TechInsider. The International Business Times went even further, \u201cIsrael: Electricity board crippled by ransomware cyberattack causing widespread panic!\u201d Only, it wasn’t true. Yes, on January 25 Israel’s Electricity Authority […]<\/p>\n","protected":false},"author":2,"featured_media":3072,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[37],"tags":[216,28,217,41,48,50],"class_list":["post-2793","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security-news","tag-attack","tag-cryptolocker","tag-cyber","tag-hackers","tag-malware","tag-phishing"],"yoast_head":"\n