Tag: government
Geopolitical crises fuel cyber-attacks in the US
As geopolitical tensions and conflicts rise across the globe, so are cyber-attacks on critical Western infrastructure, particularly industrial facilities running on operation technology (OT) systems. Ransomware attacks on industrial organizations increased by over 50 percent in 2023, according to a report by cybersecurity firm Dragos: OT Cybersecurity – 2023 in Review. Seventy percent of all ransomware attacks targeted 638 manufacturing entities in 33 unique manufacturing subsectors. Dragos tracked a total of 21 threat groups targeting industrial organizations including three new threat groups: Gananite, Laurionite, and Voltzite. Dragos reports all three new groups as conducting diverse operations against various organizations, including cybersecurity research firms, government and military defense entities, rail, manufacturing, automotive, and utilities. Voltzite has been the most active of the three in targeting critical infrastructure.
Corruption allegations overshadow EU cyber rulings
The European Union (EU) has adopted its first Cybersecurity Certificate scheme to boost cybersecurity in products and services sold within the EU states, amid ongoing investigations of alleged corruption in Brussels. The European Cybersecurity Scheme on Common Criteria (EUCC) drafted by the European Union Agency for Cybersecurity (ENISA) was adopted on Wednesday as the first scheme within the EU cybersecurity certification framework. ENISA is also already developing two additional cybersecurity certification schemes: EUCS on cloud services and EU5G on 5G security. But the announcement coincided with another press release published by the EU on the same day. On Wednesday, Jan 31st, 2024, the Committee on Civil Liberties also endorsed the draft negotiating mandate for stronger rules against corrupt decision-makers across all levels in the EU. Members of the European Parliament (MEPs) amended the draft anti-corruption provisions to cover “any person entrusted with tasks of public interest or in charge of a public service”, with top EU decision-makers, European Commissioners, the President of the European Council and MEPs to be added to the category of “high-level officials” who will now be subjected to more severe rules than in the past.
Government Vulnerabilities Grow by 151% – January 26th
According to a Bugcrowd report, no other sector saw as much vulnerability growth as the government sector, which saw a 151% surge and a 58% rise in critical vulnerabilities. Following the government sector were the retail (+34%), corporate services (+20%), and computer software (+12%) sectors.
Storm gathers over the cloud
News of the mass exploitation of ownCloud customers as a result of a zero-day vulnerability follows revelations earlier this month of a critical security vulnerability in Microsoft’s Azure cloud platform. Reports of gaping security flaws in cloud services come at a bad time for cloud service providers in general and Microsoft in particular. The Seattle-based computing giant is currently doing its utmost to persuade the US, UK, and Australian governments that its Azure Government Cloud is the best way for the AUKUS trio to securely update cross-border information and enhance mutual collaboration. This might prove problematic for Microsoft, whose Azure platform was recently proven to have a critical vulnerability, and some of whose government clients suffered a series of serious breaches earlier this year.
UK and US Develop Global AI Security Guidelines – November 27th
The UK's National Cyber Security Center (NCSC), in partnership with the US's Cybersecurity and Infrastructure Security Agency (CISA) launched the 'Guidelines for Secure AI System Development'. The guidelines are set to secure AI system development, to help developers make informed cybersecurity decisions at every step of the AI development process. These AI guidelines were also co-signed in cooperation with 21 other international agencies and ministries from across the world.
Lloyd’s warns of a potential $3.5 trillion cyber-strike
According to Lloyds, a single well-orchestrated cyber strike breaching a financial services payments system could lead to losses of $1.1 trillion in the US alone, with global losses amounting to $3.5 trillion over a five-year period. China would face losses of around $470 billion and Japan $200 billion.
Budworm Group Targets Middle Eastern Telco Company – September 29th
Chinese hacker group Budworm has been using cyber-espionage malware to target a telecommunications company in the Middle East and an Asian government organization. Reports say attacks have been orchestrated through a new variant of the group's SysUpdate backdoor malware, and that telecommunication companies have become a common target for hacking groups.
FBI sounds second call to arms to fight cybercrime
The US Federal Bureau of Investigation (FBI) is increasingly anxious to enlist the private sector in the losing battle it is fighting against global cybercrime and espionage. Speaking in Washington on Monday, FBI director Christopher Wray stressed the importance of “collaborative, public-private” operations in fighting cybercrime, developing a strategy previously outlined by FBI Deputy Director Paul Abbate at a Boston cybersecurity conference three months ago.
Europol aims to dismantle the EU’s Euro188bn criminal economy
The European Police Office (Europol)’s first-ever threat assessment on the topic, ‘The other side of the coin: an analysis of financial and economic crime in the EU’, aims to shine a spotlight on a EUR 188 billion-plus international underground criminal economy.
Email Address Forging is a Real Threat – September 11th
In today's roundup; Addresses forged via email forwarding, the Sri Lankan attack causes government data loss, and Pune reports a spike in cybercrime cases.
Chinese cyber-espionage campaign exposed
The China-backed hacking group referred to as RedHotel has been linked to attacks in 17 countries during a three-year espionage campaign. According to cybersecurity firm Recorded Future, RedHotel has been infiltrating sectors such as academia, aerospace, government, media, telecoms, and research while operating across the US, Europe, and Asia.
Jordan’s first cyber summit – August 15th
The Jordan News Agency has announced that Jordan will hold its first-ever cybersecurity summit this September. The conference will be held on September 25 under the patronage of His Royal Highness Crown Prince Al Hussein bin Abdullah II.