Hackers Instead Launch Mundane But Successful Phishing Attack on Office Network with CryptoLocker.
The initial news reports were breathless. “Hackers are Hitting Israel’s Power Grid!” gushed TechInsider. The International Business Times went even further, “Israel: Electricity board crippled by ransomware cyberattack causing widespread panic!”
Only, it wasn’t true.
Yes, on January 25 Israel’s Electricity Authority was hit by a cyber attack.
Yes, the attack severely crippled 100s of Windows PC workstations inside their firewall.
No, the attackers did not shut down parts of the nation’s electricity grid.
No, it wasn’t terrorists.
It’s actually more mundane than all of that. It was a phishing attack that injected CryptoLocker into a bunch of Windows PCs. And that is precisely why I’m writing about it today.
Here’s what really happened. On January 25 an unnamed employee of the Electricity Authority opened her email, saw what looked to be an email she should open and opened it.
That’s all it took. Within minutes 100s of workstations inside the network were loaded with CryptoLocker – a widely-used form of ransomware.
The rest we’ve heard before. Machines were paralyzed. Servers went offline. It was the usual CryptoLocker shit storm.
So here we are again. A simple phishing attack ends up loading a bunch of malware into an office network, hijacking PC workstations. Their firewall didn’t matter. If each workstation was running anti-virus and malware protection that obviously didn’t matter, either.
What might have happened if the hackers instead chose to load malware that worked quietly in the background, harvesting key company data, collecting bank account logins and passwords? Theft on a grand scale. And who is to say that won’t happen? We know about the CryptoLocker attack. But what if that was a distraction added to the attack to misdirect and otherwise lull the Electricity Authority into thinking that, once they dealt with CryptoLocker, all was well?
Meanwhile the real dirty stuff is working in the background in these infected PC workstations, laying in wait for a bigger kill.
This is precisely why all businesses should cordon-off their financial transactions through a service like BankVault. You can’t hack something that doesn’t exist.
(By the way, the Israel Electrical Authority doesn’t even have access to their grid. It’s a regulatory body that sets tariffs and otherwise provides oversight to Israel’s electrical generators, transmitters and power stations.)