Tag: manufacturing
Ransomware attacks on industrial systems double in one year
Ransomware attacks on the operational technology (OT) and industrial control systems (ICS) that run industrial facilities almost doubled in 2024. According to Washington DC-based industrial cybersecurity company Dragos, ransomware attacks on industrial organizations in 2024 increased by a staggering 87 percent over the previous year. The main industries targeted were: electricity and water; industrial manufacturing; telecommunications; oil and gas; food and beverage; chemical manufacturing; mining, transportation, and logistics. Manufacturing, which accounted for 69 percent of all ransomware attacks targeting 1,171 manufacturing entities, was by far the worst hit.
‘Dark Unicorns’ target US healthcare
Ransomware attacks on the healthcare sector have risen by a third in 2024 with the US the prime target. Cybersecurity company Black Kite reports 374 incidents in the past year, a 32.16 percent rise in the number of attacks on the industry over 2023. Healthcare is now among the top targets for ransomware, surpassed only by manufacturing and professional services. The rapid rise in ransomware attacks on the healthcare sector is the result of increasing ruthlessness on the part of ransomware gangs. Until relatively recently, some sectors, such as healthcare and education, were considered off-limits. According to Black Kite, if an affiliated criminal gang attacked a healthcare organization, the core ransomware group would frequently step in, apologizing to the victim organization -sometimes even decrypting the ransomed data for free.
Ransomware gangs target law and accountancy firms
In what is bad news for law and accounting firms, the professional and technical services sector has now overtaken the manufacturing sector as the prime target for ransomware attacks of Q3 2024. According to cybersecurity company Nuspire: “These firms handle highly sensitive client data, such as financial records, legal documents, and business strategies, making them prime targets for ransomware operators.” Nuspire predicts that, with ransom demands averaging around $2.5 million a hit for law firms, ransomware operators will continue to target this sector as long as the potential rewards outweigh the effort. The situation is particularly dire for smaller practices, which may lack the resources to protect against today’s increasingly ruthless and sophisticated cyber-attacks.
US to block use of Chinese semiconductor equipment
The US Congress has introduced a new act to prevent the Chinese and “other foreign entities of concern” from infiltrating the US’s domestic chipmaking industry. The bill, the Chip Equipment Quality, Usefulness, and Integrity Protection Act of 2024 (Chip EQUIP Act), follows on from the CHIPS and Science Act, enacted in 2022, which earmarked roughly $280 billion in new funding to boost US domestic research and manufacturing of semiconductors. It included $39 billion in subsidies plus tax breaks for US chipmakers. However, China has recently matched this with a new $40 billion investment in its own semiconductor industry, which will heavily focus on chip manufacturing equipment. In April, Chinese tech giant Huawei announced investing in new R&D capabilities to rival US, Japanese, and Dutch firms.
Adobe Applies Patches to Critical Flaws – June 12th
Yesterday, June 11th, Adobe announced that they rolled out security patches for 6 critical vulnerabilities affecting Adobe After Effects, Photoshop, and Illustrator. According to Adobe, the vulnerabilities could have led to successful arbitrary code execution and/or memory leaks in the current user's context.
China bans US semiconductors
A new bamboo curtain has fallen across China, with a reported blanket ban on US chips. The move is bad news for long-time Silicon Valley tech giant chipmaker Intel, whose Chinese sales accounted for roughly a quarter of its global revenues. Big names join Semiconductor ban But China’s retaliatory move may not only be bad news for US chip makers such as Intel and AMD but also for China’s own communications infrastructure. The order from China’s Ministry of Industry and Information Technology includes big players China Telecom, China Mobile, and China Unicorn, together with other Chinese operators. All are now obliged to submit draft deadlines for the replacement of foreign microchips. It is uncertain to what extent the CCP actually believes that Intel and AMD chips are likely to have built-in spyware or anything of the sort. The ban can be seen as part of a broader strategy on the part of the Chinese Communist Party (CCP) to end its country’s long-term reliance on US technology.
I-Soon Leak Offers Glimpse Into Chinese Hacking Campaigns – February 22nd
The Chinese Police reported on a nation-state sensitive data leak on Chinese company, I-Soon. The data uncovers in detail, methods used by Chinese authorities to surveil dissidents, and hacking networks across Central and Southeast Asia.
iOS Trojan Steals Facial Recognition Data – February 16th
Group-IB discovered a new iOS Trojan named "GoldPickaxe.iOS" that was built to steal facial recognition data from infected iOS devices. The 'GoldPickaxe' Trojan abuses the TestFlight exploit, which sends users innocent URLs that downloads the malware when clicked. According to Group-IB, the stolen biometric data is used to gain unauthorized access to banking accounts.
Critical Sectors Faced 13 Cyber Attacks per Second in 2023 – January 30th
A Forescout Research - Vedere Labs report disclosed that over 420 million attacks were recorded between January and December 2023 in the medical, power, communications, waste, manufacturing, and transportation equipment sectors, amounting to 13 attacks per second. Forescout's report "2023 Global Threat Roundup” states that despite the ongoing surge in cyber attacks, the cybersecurity landscape remains optimistic considering proceedingly enhanced visibility and proactive defense strategies in the affected sectors.