[BreachExchange] KE briefly suspends non-critical services after cyberattack

Destry Winant destry at riskbasedsecurity.com
Fri Sep 11 10:02:46 EDT 2020


https://tribune.com.pk/story/2263273/ke-briefly-suspends-non-critical-services-after-cyberattack

The K-Electric (KE) – which has faced severe criticism and penalty for
prolonged power outages and electrocutions – has come under a
cyberattack which compelled the firm to temporarily suspend some of
the non-critical services to end consumers.

"K-Electric experienced an attempted cyber incident earlier this
week," the only integrated power utility firm in the private sector
reported on Wednesday.

The utility firm supplies power to around 2.5 million households,
industries, commercial and agricultural consumers in Karachi and parts
of upper Sindh and Balochistan.

It, however, remained unknown whether KE lost its consumers’ data and
bore any financial loss in the attack.

The company did not share the details regarding what was likely the
objective and origin (country) of the attack.

"The KE teams have initiated consultation with international
information security experts and are also collaborating with local
authorities in this regard [cyber incident]," KE said.

The power utility in its brief statement said: "While all critical
customer services including bill payment solutions and 118 call
centres are operational and fully functional, to ensure the integrity
of our systems, as a precautionary measure, we have isolated few
non-critical services.

"As such customers may experience some disruption in accessing
duplicate bills from the KE website. As an alternate, duplicate bills
may be availed from the nearest K-Electric Customer Care Centre. Any
inconvenience to customers is regretted as the power utility is
following cybersecurity protocols."

This is not for the first time that the Pakistan-based firm has faced
a cyberattack due to poor security infrastructure.

The country has been a victim of at least 11 suspected state-sponsored
cyber operations since 2009.

Experts have underlined the need for improving cybersecurity
infrastructure from time-to-time and urged firms to make right
selections for the required hardware and software to protect from
potential cyberattacks.

The Covid-19 pandemic has enhanced the pace of Pakistan's
transformation to a digital economy, however, firms in the country are
still losing an estimated Rs1 billion in online fraud every year.

"A single cyberattack can jeopardise your online businesses and
services. Cost of reputational damages cannot be aggregated. You lose
market share to competitors," an expert said, while speaking at an
nternational Information Security Conference of Pakistan the other
day.

The K-Electric reported the cyberattack only a day after announcing
the appointment of its new chairman Shan Ashary on Tuesday.

The official statement said the newly elected chief had been on the
board of directors of the company since 2005 and represented the
longest serving member of the board.

“As the new chairman, his focus will be on operational excellence at
the company across its generation, transmission and distribution
functions to ensure safe, reliable and uninterrupted power supply to
the company’s customers.

The K-Electric has come a long way since its privatisation in 2005,
and has converted from an under-utilised strategic asset into a
leading energy player today. With the unplanned growth of Karachi and
other civic challenges, it continues to face challenges. The new
chairman is committed to lead the utility contribute towards the
development and growth of Karachi," the KE said.


More information about the BreachExchange mailing list