Hackers Take Aim at County Website, Europe and U.K. Parliament

In case you missed our coverage this week in ThreatWatch, Nextgov’s regularly updated index of cyber breaches:

Hackers Deface LA County Website with Pro-ISIS Messages

Hackers this week defaced a Los Angeles County government website, posting what seem to be pro-ISIS messages, ABC7 reports.

The county joins a string of other state entities recently targeted with the same message, which said, "You will be held accountable Trump, you and all your people for every drop of blood flowing in Muslim countries."

A hacking group called Team System DZ is reportedly the culprit, but it’s unclear whether it has actual ties to ISIS.

The message was posted June 27 on the county board of supervisors website. Officials say no personal data was compromised from county computers.

ABC7 also said there is no indication the Los Angeles County hack is related to the Petya ransomware that has swept the world.

The Next WannaCry? Ransomware Quickly Spreading Across Europe

Ransomware that locked up systems at Ukraine-based government agencies, the state-run bank, utilities, transportation services and other businesses Tuesday appears to be spreading to other countries, according to reports.

The British advertising company WPP, Danish shipping company Maersk and the Russian oil company Rosneft all said their IT systems were under attack, The Telegraph reported.

Victims including Ukraine’s Vice Prime Minister Pavlo Rozenko shared images of the ransom screen, which demands—in English—300 bitcoin.

Some experts say the attack maybe be a ransomware variant known as Petya or Petrwarp, which, according to Kaspersky Labs, encrypts a computer’s data and overwrites the hard drive so infected devices can’t boot up the operating system.

“The malware is a notable example of the Ransomware-as-a-Service model, when ransomware creators offer their malicious product ‘on demand’, spreading it by multiple distributors and getting a cut of the profits,” a company blog post said.  

Another security firm, BitDefender, identified the virus as GoldenEye, a ransomware family similar to Petya. A company blog post said both GoldenEye and Petya use the EternalBlue exploit—allegedly a tool created by the National Security Agency—to spread from computer to computer.

Forbes reports Belgium’s national cyber emergency team, CERT.be, said the ransomware may be spreading through a different Windows flaw that requires opening a document with malicious code. Some of the earliest attacks may have been spread with phishing emails and Excel attachments, the article said.

Last month, the WannaCry ransomware outbreak infected hundreds of thousands of computers globally. Although security experts discovered a “kill switch” for the ransom portion, the self-replicating worm continues to infect systems.

'Sustained' Attack Disrupts U.K. Parliament Email System

Access to the U.K. Parliament’s email systems was restricted Friday because of a “sustained” cyberattack, according to reports.

As a security measure, Parliament's IT teams disabled remote access to accounts after they detected unauthorized access, the BBC reported. The attackers attempted to find members and staffers using weak passwords. Fewer than 90 accounts were compromised (and there are 650 MPs), The Guardian reported Sunday.

The attack is being investigated by the National Cyber Security Centre, part of the British intelligence organization GCHQ.

“The NCSC is aware of an incident and is working around the clock with the UK Parliamentary digital security team to understand what has happened and advise on the necessary mitigating actions,” said an agency statement.