Security News

Western US power grid hit by 'cyber event'

Avast Security News Team, 3 May 2019

A strange disturbance hits the western US power grid, and a German IT provider holds the line on ransomware in this week's security news

A mysterious entry jumps out from the US Department of Energy report covering emergencies and disturbances for Q1 2019. Without going into any detail, it simply notes that between 9:12 AM and 6:57 PM on March 5 the power grid suffered a “cyber event that causes interruptions of electrical system operations.” Areas affected include Kern County and Los Angeles County in California, Salt Lake County in Utah, and Converse County in Wyoming.

The Western Electricity Coordinating Council (WECC) monitors power grid security across western North America, including the affected areas from the “cyber event.” The council has declined to add any info save to confirm “it was a single entity involved.” Historically, a cyberattack has never been known to impact or disrupt the North American power grid, which would make this an unprecedented event if that is indeed what has occurred.

Questions still surround the “cyber event,” which is broadly defined by the DOE as a disruption to one of their networks “caused by unauthorized access.” Without more pieces of information, it’s unclear if the event was caused by a remote hacker or somebody within the company. While the event caused a disturbance, it did not cause a power outage. If this “cyber incident” “were big enough of an impact, you'd see fairly widespread outages over multiple states. This didn't happen,” Patrick Miller, a critical infrastructure security expert, explained to Motherboard.

Avast Security Analyst Luis Corrons says that whatever sparked the incident, “This is a wake-up call to remember that we rely on computers more than ever and protecting the critical infrastructures of our countries is of the utmost importance.”  

Major German IT provider Citycomp blackmailed

The German company Citycomp, provider of tech infrastructure to multinational corporations such as Toshiba, Volkswagen, and Porsche, has been hacked and blackmailed. An entity calling itself Boris Bullet-Dodger perpetrated the hack, demanding $5,000 in return for not releasing the stolen sensitive data online.

“Boris” claims to have been rooting around in the Citycomp system for about a month, during which time he (or they) stole 312,570 files from 51,025 folders, totalling over 516 GB of personal customer data. The hacker(s) also set up a website to begin distributing the stolen info. While “Boris” claims to have specifically targeted Citycomp because “they have an [sic] totally awful security system,” researchers note that Boris’ email address has been the cybercriminal contact for at least one previous ransomware campaign.

In a statement to Dark Reading, the crisis manager for Citycomp commented, “Since Citycomp does not comply with blackmail, the publication of customer data could not be prevented.” The company said all affected Citycomp clients had been alerted, and that they supported the decision not to give in to the blackmail demands. He emphasized that investigation into the matter continues, writing “Our analysts are conducting a profound technical and forensic analysis on the attack.”

Avast’s Corrons praised the response, noting that “Many companies would have been tempted to pay the ransom and hide the incident, especially given the low amount of money involved. However Citycomp refused to engage with the criminal and hopefully law enforcement will capture whoever is behind this attack, discouraging new wannabe cybercriminals.”

Wanted: Your credit card numbers

A new report shows credit card compromise has risen 212% in the last year. For consumers, that means point-of-sale (POS) malware wants your credit card numbers, and – depending on where you shop – it may get them. While POS malware constitutes one of the simplest cyberattacks, it’s also highly effective, which has made it a rampant problem among brick-and-mortar business and entertainment services around the world.

Case in point: Last month, we cited the 10-month POS breach of Earl Enterprises, parent company to restaurant chains Buca di Beppo and Planet Hollywood. In that breach, more than 2 million credit card and debit card numbers were exfiltrated.

Cybersecurity experts point to the wide use of outdated hardware and software when it comes to POS tech. Many retailers still require customers to swipe their cards, a system with much weaker security than chip-readers or contactless payments. In addition, POS malware can be exceedingly tiny and stealthy, making it difficult to detect. Consumers are advised to think twice before swiping their credit card — if you pay with cash, you’re not providing any data that can be stolen.

On Password Day, looking beyond passwords

World Password Day, May 2, is traditionally a great opportunity to evaluate the role of PINs and passwords each year. (See our tips here.) This year new questions arose about the future of passwords – and whether the world is outgrowing them in favor of more sophisticated methods, such as biometrics. Conversational AI company Nuance commissioned a survey this year asking 5,000 adults in the US, UK, Germany, Spain and Australia how they feel about the use of biometrics – which authenticate individuals by their physical and behavioral characteristics. Support for this new alternative to passwords is growing, the survey found, with 68% globally and 78% in the US saying they feel comfortable using the technology.


Avast is a global leader in cybersecurity, protecting hundreds of millions of users around the world. Protect all of your devices with our award-winning free antivirus. Safeguard your privacy and encrypt your online connection with SecureLine VPN.

Learn more about products that protect your digital life at avast.com. And get all the latest news on today's cyberthreats and how to beat them at blog.avast.com.