The German City of Potsdam has become the latest victim of a cyber attack. Following the attack, the city services went offline. Yet, the recent updates show the situation is somewhat improving now.
City Of Potsdam Hacked
Reportedly, the City of Potsdam suffered a cyber attack, which caused disruption in the usual services.
Following the security breach, the City disclosed the matter in a press release. According to Mayor Mike Schubert,
We put our systems offline for security reasons, because we have to assume an illegal cyber attack.
In brief, the city administration services went offline after noticing unauthorized access attempting to exfiltrate data or install malware. The attack potentially happened by exploiting a “weak point in the system of an external provider”.
Due to the shutdown of the internet, the administration could not communicate via emails.
State officials and the IT specialists continued to work over the weekend as well for remediation processes.
Thankfully, the incident did not affect the emergency services such as the fire department. As the Mayor said,
Despite the cyber attack, the fire brigade of the state capital Potsdam is 100 percent able to work. The important message for the citizens, who are dependent on payments from the state capital: We can guarantee all payments to, for example, social welfare and housing benefit recipients, youth welfare providers or for the fees of the community college teachers, as well as for the administrative staff.
Situation Being Improved
After the attack, the City undertook appropriate measures to improve the situation, such as involving IT specialists and filing complaints.
The City still has to recover from the internet shutdown. According to an update shared on January 27, 2020,
The state capital Potsdam is unfortunately still without an internet connection.
While the technical details about the attack are minimal, the City assured the integrity of the data.
No data was tapped.
Whereas, according to a German journalist Hanno Böck, the attackers may have exploited the Citrix vulnerability CVE-2019-19781.
As stated in his tweet (translated),
On Potsdam hacker attack: I have a list of hosts vulnerable to the Citrix vulnerability from January 14th, there are two with a hostname “[dot] Potsdam [dot] de”
Zu Potsdamer Hackerangriff: Ich hab eine Liste mit für die Citrix-Lücke verwundbaren hosts vom 14.1., da sind zwei mit einem hostnamen "[dot]potsdam[dot]de".
— hanno (@hanno) January 24, 2020
This certainly reiterates the need for urgently updating the vulnerable systems, since Citrix has released the patches.
For now, we can only wait to see if the City of Potsdam reveals further details about the incident.
Let us know your thoughts in the comments.