February 11, 2019: Colorado Water and Sanitation District Locked Out of Engineering Data and Drawings
When employees of the Fort Collins Loveland Water District and South Fort Collins Sanitation District got to work the morning of Feb. 11, they were locked out of technical and engineering data and drawings stored on their computers. The districts had fallen victim to a ransomware cyberattack, the second in two years, General Manager Chris Matkins said. Hackers were holding the data hostage and demanding a ransom payment before they'd unlock the information. Matkins won't say how big the ransom demand was or how payment was to be made. "It's not something we will talk about," he said. "It didn't have any bearing on how we responded."
February 21, 2018: SamSam Ransomware Takes Down Colorado DOT
The Colorado Department of Transportation (CDOT) was hit by a SamSam ransomware attack that penetrated a temporary system being tested without full security. Once inside, bad actors used it to access CDOT, ultimately affecting roughly half its computing environment, around 400 servers, all databases and applications and around 1,300 workstations. The agency was back to 80 percent functionality six weeks after the ransomware attack, at an estimated cost of up to $1.5 million. The state’s new backup system prevented data loss, but personal data on employees’ computers may not be recovered.
March 22, 2018: Ransomware Attack Shuts Down City of Atlanta, GA,
On March 22, 2018, Atlanta’s connected systems city-wide were hit with a ransomware message locking their respective files and demanding an approximately $50,000 payment in bitcoin (the price has fluctuated since). The ransomware is believed to be from the group known as SamSam, which has been operating and executing similar attacks since at least 2015. Atlanta residents were unable to do simple city system-dependent tasks like paying parking tickets or utility bills. City employees didn’t get the all-clear to turn on their computers until five days later and many city systems still have not recovered. The cyberattack took more than one-third of Atlanta’s 424 software programs offline or partially offline. The first month of recovery cost almost $3 million.
Extensive information about the Bowman Avenue dam in Rye, New York state was taken by the hackers. An investigation pointed to Iran as the likely source of the attack. The same group of hackers that attacked Bowman Avenue was also implicated in separate attacks on three US financial firms. Many times security researchers found evidence that hackers had won access to these sensitive systems. The US power network has also come under regular attack. So far, all the attacks seemed intent on gathering detailed information, including engineering drawings, about networks and facilities.
November 15, 2013: Target Suffers Largest Retail Data Breach in U.S. History.
The Target Corp hackers managed to break into its payments network by first breaching a “data connection” between the U.S. retailer and its HVAC systems contractor. The data connection was used by the vendor, Fazio Mechanical Services, to bill Target and exchange contract and project management information with the retailer. Target, the third-largest U.S. retailer, has said the hackers stole about 40 million credit and debit card records, as well as personal information, such as addresses and phone numbers, belonging to about 70 million customers.
Many in the industry immediately recognized that a similar attack could happen with credentials for a BAS or energy management system, especially if a third-party company is performing a remote monitoring service.
October 22, 2020: Covid vaccine-maker Dr Reddy Laboratories hit by cyber-attack
Pharmaceutical company Dr Reddy's, which is developing a Covid-19 vaccine, stated it has been hit by a cyber-attack. Sites around the world have been affected, including those in the UK, Brazil, India, Russia and the US. The India-based company said it had isolated all of its data centre services to contain the attack. The attack came only days after the pharmaceutical company was gearing up for a phase 2/3 clinical trial of Russia’s COVID-19 vaccine, dubbed Sputnik V, after gaining the trial go-ahead from Indian regulators last week.
The unnamed water district, referred to as Kemuri, had asked Verizon Security Solutions to conduct a proactive assessment as part of its efforts to keep systems and networks healthy. Experts soon discovered clear signs of malicious activity. They immediately noticed that the organization had a poor security architecture, with Internet-facing systems plagued by high-risk vulnerabilities. Hackers took advantage of outdated systems and poor cyber hygiene and were able to cross breach, jumping from the IT side to the OT side, to access 2.5 million financial records and to manipulate the area’s water supply.
The 'Kemuri' Water Company was able to remediate the changes made to the water supply, and the customer impact was minimal. But the insecurity of the plant’s networks could have led to far more serious consequences, including risk to human safety.
September 28, 2022: Exponential Rise in IRS-Themed SMS Phishing Attacks in U.S.
The Internal Revenue Service (IRS) warned Americans of an exponential rise in IRS-themed text message phishing attacks trying to steal their financial and personal information in the last few weeks. "In recent months, the IRS has reported multiple large-scale smishing (MMS/SMS/text scams) campaigns targeting taxpayers, that have delivered thousands – and even hundreds of thousands – of IRS-themed messages in hours or a few days, far exceeding previous levels of activity."
The Federal Communications Commission (FCC) issued a similar warning in July 2022. According to the U.S. communications watchdog's Robocall Response Team, these phishing messages (or robotexts as the FCC calls them) will hit billions of phones every month.
The Board of Water and Light (BWL) in Lansing, Michigan, was struck by ransomware on Monday, April 25. 2016. The cyberattack shut down BWL's accounting and email systems after an employee unknowingly opened an email with an infected attachment. This would seem to be the first disclosed example of a utility being successfully compromised by ransomware.
The Lansing Board of Water & Light paid a $25,000 ransom to unlock its internal communications systems after they were disabled by a cyberattack last spring, officials said Tuesday. BWL General Manager Dick Peffley pegged the cost of responding to the emergency, including the ransom and technology upgrades to prevent future attacks, at $2.4 million. All but $500,000 of those costs are covered by insurance. Paying the ransom was “the only action we could take to unlock our system and free it from the ransomware.”
July 5, 2022: American Airlines Suffers Breach
American Airlines informed some if its customers Friday (September 16) about a security incident that occurred July 5 and resulted in a breach of personal information.
In July the airline found an attacker compromised email accounts of airline workers via a phishing attack and were then able to pivot from there to get in and purloin personal information.
In a letter dated September 16, Russell Hubbard, deputy general counsel and chief privacy and data protection officer at American Airlines said: “We are writing to inform you about a recent incident that involved some of your personal information.