United States

June 1, 2013: OT Attack on Bowman Avenue Dam Illustrates Vulnerability of the U.S. Infrastructure

Extensive information about the Bowman Avenue dam in Rye, New York state was taken by the hackers. An investigation pointed to Iran as the likely source of the attack. The same group of hackers that attacked Bowman Avenue was also implicated in separate attacks on three US financial firms. Many times security researchers found evidence that hackers had won access to these sensitive systems. The US power network has also come under regular attack. So far, all the attacks seemed intent on gathering detailed information, including engineering drawings, about networks and facilities.

November 15, 2013: Target Suffers Largest Retail Data Breach in U.S. History.

The Target Corp hackers managed to break into its payments network by first breaching a “data connection” between the U.S. retailer and its HVAC systems contractor. The data connection was used by the vendor, Fazio Mechanical Services, to bill Target and exchange contract and project management information with the retailer. Target, the third-largest U.S. retailer, has said the hackers stole about 40 million credit and debit card records, as well as personal information, such as addresses and phone numbers, belonging to about 70 million customers.

Many in the industry immediately recognized that a similar attack could happen with credentials for a BAS or energy management system, especially if a third-party company is performing a remote monitoring service.

October 22, 2020: Covid vaccine-maker Dr Reddy Laboratories hit by cyber-attack

Pharmaceutical company Dr Reddy's, which is developing a Covid-19 vaccine, stated it has been hit by a cyber-attack. Sites around the world have been affected, including those in the UK, Brazil, India, Russia and the US. The India-based company said it had isolated all of its data centre services to contain the attack. The attack came only days after the pharmaceutical company was gearing up for a phase 2/3 clinical trial of Russia’s COVID-19 vaccine, dubbed Sputnik V, after gaining the trial go-ahead from Indian regulators last week.

March 15, 2016: Hackers Manipulated Water Supply at Unnamed Water District – ‘Kemuri’.

The unnamed water district, referred to as Kemuri, had asked Verizon Security Solutions to conduct a proactive assessment as part of its efforts to keep systems and networks healthy. Experts soon discovered clear signs of malicious activity. They immediately noticed that the organization had a poor security architecture, with Internet-facing systems plagued by high-risk vulnerabilities. Hackers took advantage of outdated systems and poor cyber hygiene and were able to cross breach, jumping from the IT side to the OT side, to access 2.5 million financial records and to manipulate the area’s water supply.

The 'Kemuri' Water Company was able to remediate the changes made to the water supply, and the customer impact was minimal. But the insecurity of the plant’s networks could have led to far more serious consequences, including risk to human safety.

September 28, 2022: Exponential Rise in IRS-Themed SMS Phishing Attacks in U.S.

The Internal Revenue Service (IRS) warned Americans of an exponential rise in IRS-themed text message phishing attacks trying to steal their financial and personal information in the last few weeks. "In recent months, the IRS has reported multiple large-scale smishing (MMS/SMS/text scams) campaigns targeting taxpayers, that have delivered thousands – and even hundreds of thousands – of IRS-themed messages in hours or a few days, far exceeding previous levels of activity."

The Federal Communications Commission (FCC) issued a similar warning in July 2022. According to the U.S. communications watchdog's Robocall Response Team, these phishing messages (or robotexts as the FCC calls them) will hit billions of phones every month.

April 25, 2016: Lansing, MI, Public Utility Compromised by Attack, $25K Ransom paid.

The Board of Water and Light (BWL) in Lansing, Michigan, was struck by ransomware on Monday, April 25. 2016. The cyberattack shut down BWL's accounting and email systems after an employee unknowingly opened an email with an infected attachment. This would seem to be the first disclosed example of a utility being successfully compromised by ransomware.

The Lansing Board of Water & Light paid a $25,000 ransom to unlock its internal communications systems after they were disabled by a cyberattack last spring, officials said Tuesday. BWL General Manager Dick Peffley pegged the cost of responding to the emergency, including the ransom and technology upgrades to prevent future attacks, at $2.4 million. All but $500,000 of those costs are covered by insurance. Paying the ransom was “the only action we could take to unlock our system and free it from the ransomware.”

July 5, 2022: American Airlines Suffers Breach

American Airlines informed some if its customers Friday (September 16) about a security incident that occurred July 5 and resulted in a breach of personal information.
In July the airline found an attacker compromised email accounts of airline workers via a phishing attack and were then able to pivot from there to get in and purloin personal information.
In a letter dated September 16, Russell Hubbard, deputy general counsel and chief privacy and data protection officer at American Airlines said: “We are writing to inform you about a recent incident that involved some of your personal information.

September 12, 2022: Uber Hit in Cyberattack

Uber, the ride-hailing and food delivery company has suffered a systems breach, according to a report, with employees unable to access internal tools such as Slack. One employee resource page is said to have had a not safe for work image posted to it by the hacker.
An official statement posted to Twitter said, "We are currently responding to a cybersecurity incident. We are in touch with law enforcement and will post additional updates here as they become available."
Uber said the hacker behind the breach is affiliated with the Lapsus$ extortion group and the group used the stolen credentials of an Uber EXT contractor in an multi-factor authentication (MFA) fatigue attack where the contractor was inundated with two-factor authentication login requests until one of them was accepted

June 12, 2022: Over 2,5 Million Individuals Impacted by System Breach at Federal Student Loan Services Provider.

Data for over 2.5 million individuals with student loans from Oklahoma Student Loan Authority (OSLA) and EdFinancial was exposed after hackers breached the systems of technology services provider Nelnet Servicing. Sometime in June, unidentified intruders compromised Nelnet Servicing and stayed on its systems until July 22. The hackers compromised the company's network likely after exploiting a vulnerability. EdFinancial underlines that not all its clients are hosted by Nelnet Servicing. Due to the seriousness of this incident, law firm "Markovits, Stock & DeMarco" launched an investigation on the potential of a class action lawsuit.

August 23, 2022: Business Critical Systems Disrupted at Largest Library Content, Software and Services Provider.

Baker & Taylor confirmed being hit by ransomware. The world's largest global distributor of books to libraries revealed that disruptions to its business-critical systems would persist through the week while technical teams work on restoring impacted servers. Currently, there is no information on what ransomware group or affiliate is behind the attack. Based on the company's statement that it's working on restoring affected servers, it's safe to say that Baker & Taylor will not pay the ransom demand, reports Bleepingcomputer.

Pin It on Pinterest

Scroll to Top