The latest in my series covering attacks against the Critial Infrastructure industry highlights an interesting case in South Africa - a ransomware attack against Johannesburg's City Power.
Something of note here is that despite the attack not seeming to have directly impacted the ICS network - residents are still reporting problems with power supply because of the impact the attack has had on payment and invoice systems. Manual workarounds were put in place, and additional engineers deployed to cover areas of high demand.
The collatoral impact of an attack like this reminds me of the attack against the "Kemuri Water Company" (not the real organisation name) in 2015. In this instance the water treatment side of the business was not directly targeted, but still damaged (to the degree that chemical levels in water were changed temporarily) due to connected networks and insufficient security controls. In each case we're not necessarily dealing with ICS/OT/SCADA-specific threat actors or malware families with all the specialisation and complexity that entails - and yet real-world impact is observed.
Johannesburg Ransomware Attack Leaves Residents in the Dark