The City of Murfreesboro has disclosed a security incident involving the online portal for its Water Resources Customer webpage.
In early August, IT personnel for the Rutherford County municipality detected some security issues affecting the online portal for the Water Resources Customer webpage. Tennessean
reported that they decided to shut down the portal so that they could investigate the issues. In so doing, they closed off the ability for customers to make online payments. They therefore took to Twitter to keep customers informed.
The IT department's investigation revealed that digital attackers had gained access to the online portal via a single page containing old scripts. Those individuals then leveraged that access to deface the webpage by inserting images of both the Iranian flag and a Guy Fawkes mask. They also posted the text "Hacked by Iranian Hackers" and " Hacked by Mamad Warning" along with the following message:
We are always closer to you. Your idenity[sic] is known to us. Your information is for us ;) take care.
A screenshot of the hacked online portal. (Source: News Channel 5 Nashville
IT had not attributed the bad actors responsible for the compromise by the time of Tennessean's reporting. But it had determined that the attack did not expose any customer information. It had also predicted that it would be able to restore access to the portal by 5 August, if not sooner, while it worked to update the old scripts used by the municipality.
This incident is just the latest attack in which bad actors decided to go after municipalities. Back in June, for instance, two Florida cities collectively paid out more than a million dollars
to recover their affected assets from ransomware attackers. About a month later, a company responsible for providing electricity to the South African city of Johannesburg disclosed
that it fell victim to a ransomware attack.
Murfreesboro said it would provide the public with additional information as it receives it.