Murfreesboro Discloses Security Incident Involving Water Resources Portal

Posted on August 5, 2019
New Microsoft Spear-Phishing Attack Uses Exact Domain Spoofing Tactic
The City of Murfreesboro has disclosed a security incident involving the online portal for its Water Resources Customer webpage. In early August, IT personnel for the Rutherford County municipality detected some security issues affecting the online portal for the Water Resources Customer webpage. Tennessean reported that they decided to shut down the portal so that they could investigate the issues. In so doing, they closed off the ability for customers to make online payments. They therefore took to Twitter to keep customers informed. https://twitter.com/cityofmborotn/status/1157709442345033729 The IT department's investigation revealed that digital attackers had gained access to the online portal via a single page containing old scripts. Those individuals then leveraged that access to deface the webpage by inserting images of both the Iranian flag and a Guy Fawkes mask. They also posted the text "Hacked by Iranian Hackers" and " Hacked by Mamad Warning" along with the following message:

We are always closer to you. Your idenity[sic] is known to us. Your information is for us ;) take care.

ewscripps.brightspotcdn.com_.jpg
A screenshot of the hacked online portal. (Source: News Channel 5 Nashville) IT had not attributed the bad actors responsible for the compromise by the time of Tennessean's reporting. But it had determined that the attack did not expose any customer information. It had also predicted that it would be able to restore access to the portal by 5 August, if not sooner, while it worked to update the old scripts used by the municipality. https://twitter.com/cityofmborotn/status/1157733572276568064?ref_src=twsrc%5Etfw This incident is just the latest attack in which bad actors decided to go after municipalities. Back in June, for instance, two Florida cities collectively paid out more than a million dollars to recover their affected assets from ransomware attackers. About a month later, a company responsible for providing electricity to the South African city of Johannesburg disclosed that it fell victim to a ransomware attack. Murfreesboro said it would provide the public with additional information as it receives it.
Join over 20,000 IT security pros who get our top stories delivered to their inbox every week!