Tag: critical infrastructure
CISA and EPA Launch Water Sector Cyber Toolkit – February 2nd
CISA and EPA Launch Water Sector Cyber Toolkit Amid the recent string
Critical Sectors Faced 13 Cyber Attacks per Second in 2023 – January 30th
A Forescout Research - Vedere Labs report disclosed that over 420 million attacks were recorded between January and December 2023 in the medical, power, communications, waste, manufacturing, and transportation equipment sectors, amounting to 13 attacks per second. Forescout's report "2023 Global Threat Roundup” states that despite the ongoing surge in cyber attacks, the cybersecurity landscape remains optimistic considering proceedingly enhanced visibility and proactive defense strategies in the affected sectors.
Government Vulnerabilities Grow by 151% – January 26th
According to a Bugcrowd report, no other sector saw as much vulnerability growth as the government sector, which saw a 151% surge and a 58% rise in critical vulnerabilities. Following the government sector were the retail (+34%), corporate services (+20%), and computer software (+12%) sectors.
Cyberattack Halts Albanian Parliament Data System – December 29th
Albania's Parliament announced it was hit by a cyberattack targeting its data system, resulting in halting the Parliament's services. The Albanian Parliament assured that although disrupted, the data was not encrypted by the threat actors and that their services would go back online soon.
US White House Issues Executive Order to Improve Nation’s Cybersecurity – December 22nd
On December 21st, the U.S. White House issued Executive Order (EO) 14028, "Executive Order on Improving the Nation's Cybersecurity," which emphasized modernizing cybersecurity infrastructure by coding in more secure ways. A more detailed excerpt from the Executive Order stated; "Software engineers, developers, and coders must build secure code and security controls into the code they create. They need to make security by design and security by default software-design requirements."
The UK is at ‘High Risk’ of Ransomware Attacks – December 14th
The Joint Committee on National Security Strategy (JCNSS) published a report "A hostage to fortune: ransomware and UK National Security," which revealed the UK's lack of planning against ransomware attacks. Targeted mainly at the critical cyber infrastructure of the UK government, the JCNSS report warns that a severe attack could disrupt the core of government services, healthcare, and child protection, which could lead to bringing the country to a 'standstill'.
Top 10 US energy firms hit by 3rd-party attacks
Nine out of ten of the world’s leading energy companies, including the top ten US energy companies, experienced a third-party data breach sometime in the last 12 months. According to cybersecurity ratings company Security Scorecard, while only four percent of leading energy companies worldwide suffered a direct data breach, most were compromised via a supplier, contractor, or other third-party organization. “Fueling the global economy and daily life, reliance on the energy sector elevates it as a prime target for cyberattacks. Amid economic and political uncertainties, concerns about safeguarding this vital sector intensified. Energy attacks not only result in financial losses and disruptions but ripple through manufacturing, healthcare, and transportation sectors,” says Security ScoreCard.
US aerospace company hit by cyber-attack
An unknown threat actor has breached an as-yet-unnamed US aerospace company. According to BlackBerry, who first highlighted the attack, the threat actor’s weaponization of a phishing attack became operational around September 2022, with the offensive phase of the attack occurring almost a year later in July of this year. The cybercriminals responsible, whom BlackBerry has christened “AeroBlade,” are believed to have used the intervening nine months to develop the additional resources necessary to ensure access to the aerospace company’s systems to exfiltrate potentially highly valuable information - pointing to a high degree of professionalism and persistence on the part of the attacker.