The Cowlitz County PUD is among more than a dozen utilities targeted in a recent cyberattack across the United States, according to an investigation by The Wall Street Journal published this week.
Cowlitz County PUD spokeswoman Alice Dietz confirmed Wednesday that the PUD’s firewall successfully blocked the only infected email that hackers sent.
“We’re proud of our IT department,” Dietz said. “They just continue to implement strong cybersecurity measures. This is a great example of why we take it so seriously.”
No customers were affected by the failed attack.
Yet-to-be identified hackers attempted to install malware on utility computers across the United States through “phishing” emails, which try to trick recipients into opening them and unleashing the malware inside, the WSJ reported.
The malware sent to utilities, dubbed “Lookback,” could allow hackers to take control of victims’ computers and steal information, according to the WSJ. Only a few people at each utility were targeted, a cybersecurity firm said, suggesting the hackers studied the utilities closely before striking, the WSJ reported.
Dietz said she did not know which PUD employee was the intended recipient of the email, nor what the contents of the email were.
The WSJ says researchers identified two periods in July and August when hackers sent malicious emails. Dietz said the PUD only received an email in the August attack, and it was intercepted by the PUD’s firewall.
Cowlitz County PUD General Manager Gary Huhta told the WSJ that PUD staff weren’t aware of “Lookback” until the FBI contacted them in July, and their subsequent research found no malicious emails entered the utility’s network.
The attackers left identifying information on targets briefly exposed on a server in Hong Kong, security researchers told the WSJ. Dietz told The Daily News that the PUD’s security system automatically blocks emails from overseas.
Utilities in Maine, Washington, Michigan, Texas, Arizona, Florida and other states were affected. The Klickitat County PUD was another Washington utility that was attacked, according to the WSJ.
The attacks were first brought to light in August by researchers at Proofpoint Inc., a Silicon Valley cybersecurity company, the WSJ reported. Proofpoint operates Cowlitz PUD’s firewall system, Dietz said.