At WIRED have written extensively about the threat cyberattacks pose to power grids around the world. But lately, the most significant attacks on electrical systems have demonstrated that hacking is hardly necessary when physical destruction and sabotage are an option: just as the Russian invasion force in Ukraine systematically destroyed electrical infrastructure To cause widespread blackouts across the country, a mysterious and ongoing series of physical attacks have hit electric utilities in the American Southeast and, in one case, caused an extended outage for tens of thousands of people.
We will come to that. In the meantime, however, the cyber news we’ve been talking about hasn’t really stopped this week: Apple has added end-to-end encryption for its iCloud backups, while officially rolling back its abusive content hunting plan. child sex in iCloud and the reopening of a long-running rift with the FBI. Payroll and HR services provider Sequoia has acknowledged a data breach that included users’ social security numbers. A study of cyber crime forums revealed a tendency for scammers to scam scammers. And we’ve looked at how Twitter files will fuel conspiracy theorists, how technology is helping UK authorities create a ‘hostile environment’ for immigrants, and the security and privacy issues around the Lensa portrait app. HAVE.
But there is more. Each week, we highlight security news that we haven’t covered in depth ourselves. Click on the titles below to read the full stories.
When shootings at two electrical substations in North Carolina left 40,000 customers without power for days, the incident seemed like an isolated, albeit bizarre and disturbing, incident. But this week, the same utility, Duke Energy, reported gunshots at another facility, a hydroelectric plant in South Carolina. And combined with two other incidents of practical sabotage of US electrical installations in Oregon and Washington in October and November, the vulnerability of the US grid to old-fashioned physical damage began to appear as a serious threat.
No damage appears to have occurred in the South Carolina case, and in previous incidents in Washington, the utilities involved have called the cases “vandalism.” But intruders in Oregon carried out a more deliberate attack, breaching a perimeter fence and damaging equipment, according to the Oregon utility, causing a “brief” power outage in one instance. And in another separate series of incidents, Duke Energy saw half a dozen “intrusions” into substations in Florida, according to documents viewed by Newsnation. Federal law enforcement is investigating the cases.
The incidents recall another bizarre and isolated attack on California’s power grid in 2015, when a sniper fired at an electrical substation and caused a blackout in parts of Silicon Valley with 15 million dollars of damage. These new cases, while still relatively small, show how vulnerable the US power grid remains to relatively simple forms of sabotage.
The state-sponsored Chinese hacker group APT41 has long practiced a rare blend of cyber espionage and cyber crime. The group, linked in a 2020 U.S. indictment to a company called Chengdu 404 working as a contractor for China’s Ministry of State Security, have been charged with moonlighting as thieves for profit and even deployment of ransomware. Now, NBC News is reporting that the Secret Service believes APT41 went so far as to steal $20 million from US Covid relief funds – state-sponsored hackers stealing money from the US government itself. About half of the stolen funds have reportedly been recovered. But a group of hackers on the Chinese government’s payroll stealing from US federal coffers represents a far more brazen red-line crossing than even APT41’s previous exploits.
The Met Opera announced earlier this week that it was the victim of an ongoing cyberattack that took down its website and online ticketing system. Given that the Met Opera sells $200,000 worth of tickets a day, losses from the disruption could seriously harm one of New York’s premier cultural institutions. As of Friday afternoon, the website was still offline and its administrators had moved ticket sales to a new site. The New York Timesin its reporting on the attack, pointed out that the Met Opera had criticized Russia’s war in Ukraine – going so far as to part ways with its Russian soprano singer – but there is still no real explanation for the offensive.
Cybersecurity firm ESET this week blamed a campaign of data-destroying malware attacks targeting the diamond industry on a group of hackers it calls Agrius, which was previously linked to the Iranian government. Attackers hijacked software updates from an Israeli-made diamond industry software suite to deploy the erasing malware, which ESET calls Fantasy, in March this year. As a result, it hit targets not just in Israel, but others as far afield as a mining operation in South Africa and a jeweler in Hong Kong. While Iranian cyberattacks against Israeli targets are certainly nothing new, ESET researchers’ editorial staff does not speculate on the motivation for the attack.
#Attackers #continue #target #power #grid