Authentication and Energy and Utilities

A massive phishing campaign using QR codes targets the energy sector

Security Affairs

AUGUST 16, 2023

A phishing campaign employing QR codes targeted a leading energy company in the US, cybersecurity firm Cofense reported. “Beginning in May 2023, Cofense has observed a large phishing campaign utilizing QR codes targeting the Microsoft credentials of users from a wide array of industries.” ” continues the report.

Phishing

Phishing Energy and Utilities Insurance Manufacturing

Authentication bypass allows complete takeover of Modicon PLCs used across industries

CSO Magazine

JULY 12, 2021

Several programmable logic controllers (PLCs) from Schneider Electric’s Modicon series that automate industrial processes in factories, energy utilities, HVAC systems and other installations are impacted by a flaw that could allow hackers to bypass their authentication mechanism and execute malicious code.

Authentication

Authentication Energy and Utilities CSO Malware

Data Encryption Shields the Energy Sector Against Emerging Threats

Thales Cloud Protection & Licensing

JANUARY 13, 2021

Data Encryption Shields the Energy Sector Against Emerging Threats. The energy sector is part of the critical national infrastructure (CNI), and delivers services that are essential for modern life. Energy services companies are a lucrative target for adversaries. Wed, 01/13/2021 - 09:42. Cybersecurity challenges. A recent U.S.

Encryption

Encryption Energy and Utilities Firewall Marketing

Webinars

Human-Centered Cyber Security Training: Driving Real Impact on Security Culture

MORE WEBINARS

MY TAKE: The role of semiconductors in bringing the ‘Internet of Everything’ into full fruition

The Last Watchdog

DECEMBER 11, 2022

Power modules must continue to advance; energy consumption of big digital systems must continue to become more and more efficient to support the smart commercial buildings and transportation systems of the near future, Rosteck says. Energy at the edges. How microcontrollers distribute energy is a very big deal.

Internet

Internet Internet Energy and Utilities IoT

SHARED INTEL: Poll shows companies pursuing ‘Digital Trust’ reap benefits as laggards fall behind

The Last Watchdog

FEBRUARY 21, 2024

DigiCert’s clients and prospects are steadily modernizing the way digital connections get authenticated and sensitive assets get encrypted, Trzupek told me. “In Policies and enforcement: Next, establish organizational policies that outline appropriate and inappropriate behaviors regarding digital assets.

Energy and Utilities

Energy and Utilities IoT Manufacturing Healthcare

Cyber Threat warning issued to all internet connected UPS devices

CyberSecurity Insiders

APRIL 1, 2022

The alert was issued on a joint note by the Department of Energy and FBI and urges all critical facilities to review the security of their power back up solutions to the core. UPS Devices are emergency power backup solutions that offer electric power help in the time of emergency to hospitals, industries, data centers and utilities.

Cyber threats

Cyber threats Internet Internet Energy and Utilities

Revisiting Duo’s FedRAMP Authorized Federal Editions

Duo's Security Blog

FEBRUARY 23, 2024

Back in November, 2019, Duo achieved a key milestone with its FedRAMP Authorization as a Cloud Service Provider (CSP), and launched its federal products that are FedRAMP Moderate with the sponsorship from the Department of Energy (DOE). Duo also supports AAL3 authenticators such as FIPS YubiKey from Yubico.

Energy and Utilities

Energy and Utilities Authentication Mobile Technology

Major authentication and encryption weaknesses discovered in Schneider Electric, outdated ICS systems

SC Magazine

JULY 13, 2021

It affects Modicon models M340, M580 and others, which are found in “millions” of controllers used in building services, automation, manufacturing, energy utilities and HVAC systems. The post Major authentication and encryption weaknesses discovered in Schneider Electric, outdated ICS systems appeared first on SC Media.

Authentication

Authentication Encryption Energy and Utilities Media

Bluetooth Bug Opens Devices to Man-in-the-Middle Attacks

Threatpost

SEPTEMBER 10, 2020

The "BLURtooth" flaw allows attackers within wireless range to bypass authentication keys and snoop on devices utilizing implementations of Bluetooth 4.0 through 5.0.

Wireless

Wireless Authentication

The Evolving Cybersecurity Threats to Critical National Infrastructure

Thales Cloud Protection & Licensing

OCTOBER 23, 2023

However, simple actions like adopting multi-factor authentication (MFA) or encrypting sensitive data everywhere should be exercised throughout the year and not just during that month. The threat of attacks against Critical National Infrastructure (CNI) – energy, utilities, telecommunications, and transportation – is a top priority.

Energy and Utilities

Energy and Utilities Cybersecurity Ransomware Technology

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

Security Affairs

FEBRUARY 28, 2024

. “As early as 2022, APT28 actors had utilized compromised EdgeRouters to facilitate covert cyber operations against governments, militaries, and organizations around the world.” Attackers replaced binaries on compromised EdgeRouters with trojanized OpenSSH server binaries allowing remote attackers to bypass authentication.

Energy and Utilities

Energy and Utilities Government Firewall Malware

PseudoManuscrypt: a mass-scale spyware attack campaign

SecureList

DECEMBER 16, 2021

of all computers attacked by the PseudoManuscrypt malware are part of industrial control systems (ICS) used by organizations in various industries, including Engineering, Building Automation, Energy, Manufacturing, Construction, Utilities, and Water Management. According to our telemetry, at least 7.2%

Spyware

Spyware Energy and Utilities Malware VPN

FBI’s Vetted Info Sharing Network ‘InfraGard’ Hacked

Krebs on Security

DECEMBER 13, 2022

While the FBI’s InfraGard system requires multi-factor authentication by default, users can choose between receiving a one-time code via SMS or email. ” But USDoD said that in early December, their email address in the name of the CEO received a reply saying the application had been approved (see redacted screenshot to the right).

Hacking

Hacking Energy and Utilities Cybercrime Accountability

Microsoft Targets Critical Outlook Zero-Day Flaw

eSecurity Planet

MARCH 16, 2023

. “An attacker who successfully exploited this vulnerability could access a user’s Net-NTLMv2 hash which could be used as a basis of an NTLM Relay attack against another service to authenticate as the user,” the company wrote. This will prevent the sending of NTLM authentication messages to remote file shares.

Energy and Utilities

Energy and Utilities Authentication Firewall Engineering

PseudoManuscrypt, a mysterious massive cyber espionage campaign

Security Affairs

DECEMBER 16, 2021

of all systems targeted by the PseudoManuscrypt malware are part of industrial control systems (ICS) used by organizations in multiple industries, including Engineering, Building Automation, Energy, Manufacturing, Construction, Utilities, and Water Management. The experts revealed that at least 7.2%

Spyware

Spyware Energy and Utilities Malware Engineering

NIS2 Framework: Your Key To Achieving Cybersecurity Excellence

Centraleyes

JANUARY 21, 2024

Essential entities ” span sectors such as energy, healthcare, transport, and water. Utilize recognized frameworks like the CRA to conduct standardized assessments, allowing you to identify key risks and prioritize improvements. Action Steps: Utilize assessment insights to craft short-term and long-term action plans.

Cybersecurity

Cybersecurity Energy and Utilities Cyber threats Risk

The Ongoing Cyber Threat to Critical Infrastructure

Thales Cloud Protection & Licensing

JULY 21, 2022

The threat of attacks against Critical National Infrastructure (CNI) – energy, utilities, telecommunications, and transportation – is now front of mind for many. Despite these challenges, only half of leaders (51%) currently have security precautions like Multi-Factor Authentication in place, to combat against these human challenges.

Cyber threats

Cyber threats Energy and Utilities Ransomware IoT

Advisory: Malicious North Korean Cyber Activity

SecureWorld News

AUGUST 21, 2020

Here's what Blindingcan has accomplished so far: "A threat group with a nexus to North Korea targeted government contractors early this year to gather intelligence surrounding key military and energy technologies. If these services are required, use strong passwords or Active Directory authentication.

Energy and Utilities

Energy and Utilities Passwords Antivirus Firewall

DarkPulsar and other NSA hacking tools used in hacking operations in the wild

Security Affairs

OCTOBER 21, 2018

The hackers used the powerful cyber weapons to compromise systems used in aerospace, nuclear energy, R&D, and other industries. The infected vulnerable servers are used in some 50 organizations within industries including aerospace and nuclear energy, particularly those with large IT and R&D departments.

Hacking

Hacking Energy and Utilities Advertising Authentication

UK, US agencies warn of large-scale brute-force attacks carried out by Russian APT

Security Affairs

JULY 1, 2021

The attacks took place between mid-2019 and early 2021, the Russia-linked threat actor used a Kubernetes cluster to conduct anonymized brute force access against hundreds of government organizations and businesses worldwide, including think tanks, defense contractors, energy firms. ” reads the joint report.

Energy and Utilities

Energy and Utilities VPN Government Passwords

Netwalker ransomware hit K-Electric, the major Pakistani electricity provider

Security Affairs

SEPTEMBER 9, 2020

K-Electric (KE) (formerly known as Karachi Electric Supply Company / Karachi Electric Supply Corporation Limited) is a Pakistani investor-owned utility managing all three key stages – generation, transmission and distribution – of producing and delivering energy to consumers. Use two-factor authentication with strong passwords.

Ransomware

Ransomware Energy and Utilities VPN Advertising

Report: Increased IIoT Connectivity Leading to Greater Security Risk in Power Grid

SecureWorld News

MARCH 23, 2021

More networked consumer devices and distributed energy resources, which provide increased monitoring and control capabilities for consumers and utilities, are being connected to distribution systems networks.".

Energy and Utilities

Energy and Utilities Risk Internet Internet

The Scammers’ Playbook: How Cybercriminals Get Ahold of Your Data

eSecurity Planet

SEPTEMBER 14, 2022

Energy and utility companies have been some of the most high-profile cyber attacks in recent memory, such as the May 2021 Colonial Pipeline attack or the Delta-owned Monroe Energy attack in November 2021. Given how lucrative and necessary both sectors are to daily life, they make prime targets for ransomware.

Social Engineering

Social Engineering Energy and Utilities Phishing Scams

NIS2

Centraleyes

JANUARY 3, 2024

Organizations must maintain an inventory of relevant assets and ensure their proper utilization and management. Implementing multi-factor authentication, continuous authentication solutions, voice, video, text encryption, and encrypted internal emergency communication when appropriate.

Energy and Utilities

Energy and Utilities Cyber Risk Risk Encryption

Critical Success Factors to Widespread Deployment of IoT

Thales Cloud Protection & Licensing

FEBRUARY 16, 2021

Electric grid utilities are deploying smart meters to better correspond to consumers energy demands while lowering costs. The use of digital certificates to sign code, ensure mutual authentication of devices connected to corporate networks, and encrypt data traffic is a well-established and effective solution.

IoT

IoT Manufacturing Energy and Utilities Data collection

The Nature of Cybersecurity Defense: Pentagon To Reveal Updated Zero-Trust Cybersecurity Strategy & Guidelines

CyberSecurity Insiders

NOVEMBER 15, 2022

If energy, dollars and effort to apply Zero Trust is entirely focused on the infrastructure and OS components of cloud, data center or hybrid deployment patterns the bad actors will simply move their efforts to the attack surface that isn’t conditioned to Zero Trust. The Proper Authentication of Digital Assets.

Cybersecurity

Cybersecurity Architecture Energy and Utilities Encryption

Hackers Tap into Oldsmar Water Facility

Security Boulevard

FEBRUARY 11, 2021

If a utility or critical infrastructure provider is unable to systematically protect against or rapidly detect and respond to the unauthorized or misuse of a remote access solution into the systems that matter most to operations and even downstream lives, what about a more sophisticated attack executed by a nation state actor? Yes, that’s it.

Energy and Utilities

Energy and Utilities CISO Risk Penetration Testing

Quantum computing brings new security risks: How to protect yourself

CyberSecurity Insiders

FEBRUARY 1, 2022

Most of our current online privacy protocols utilize cryptography to maintain privacy and data integrity. Quantum computing focuses on developing computer technology based on principles that describe how particles and energy react at the atomic and subatomic levels. What is quantum computing? Implement Zero Trust.

Risk

Risk Social Engineering Threat Detection Encryption

US Cyber Command warns of Iran-linked hackers exploiting CVE-2017-11774 Outlook flaw

Security Affairs

JULY 2, 2019

The APT33 group has been around since at least 2013, since mid-2016, the group targeted the aviation industry and energy companies with connections to petrochemical production. These executables are both downloaders that utilize powershell to load the PUPY RAT. Most of the targets were in the Middle East, others were in the U.S.,

Energy and Utilities

Energy and Utilities Malware Advertising InfoSec

Herjavec Group BlackMatter Ransomware Profile

Herjavec Group

SEPTEMBER 24, 2021

Solar BR Coca-Cola A partnership venture between The Coca-Cola Company and two other large domestic manufacturers and distributors of beer, soft drinks, juices, energy drinks and dairy products. Enable multifactor authentication (MFA) for all user accounts if able. . Food Beverage & Tobacco Brazil. ATT&CK Lifecycle .

Ransomware

Ransomware Manufacturing Energy and Utilities Encryption

Iranian Hackers Target U.S. Water Facility

SecureWorld News

DECEMBER 1, 2023

The utility's general manager, Robert J. The attack has been linked to CyberAv3ngers, an Iranian-backed group known for its focus on targeting Israeli water and energy sites. Require multifactor authentication for all remote access to the OT network, including from the IT network and external networks.

Energy and Utilities

Energy and Utilities VPN Authentication Passwords

Spam and phishing in 2022

SecureList

FEBRUARY 16, 2023

To lend an air of authenticity and to motivate the victim to enter valid information, the swindlers warned that the victim could be prosecuted for providing false information. An energy or resource crisis was not used as a pretext in this particular case, but refunds were still offered in the name of the water supply authority.

Phishing

Phishing Scams Accountability Energy and Utilities

Hidden Biases in Cybersecurity Reviews – And How to Use Them

eSecurity Planet

SEPTEMBER 8, 2023

The survey should have representation from categories such as: Company size: small to large Industry vertical: healthcare, energy, etc. Organization type: corporate, education, utility, non-profit, government International regions: Asia, South America, North America, etc.

Cybersecurity

Cybersecurity Marketing Technology Energy and Utilities

Our Principles for IoT Security Labeling

Google Security

NOVEMBER 2, 2022

For example, the current baseline security requirements do not cover things like the strength of a biometric authenticator (important for phones and a growing range of consumer digital products) nor do they provide a standardized method for comparing the relative strength of security update policies (e.g.

IoT

IoT Retail Manufacturing Marketing

Importance of Securing Software with a Zero Trust Mindset

Security Boulevard

MARCH 22, 2022

With the increase of supply chain attacks on everything from logging software like Log4J to takeovers of important JavaScript packages to compromises of network utility tools like SolarWinds, more and more organizations are recognizing the need to adopt a Zero Trust mindset. Photo by Morgane Perraud on Unsplash.

Software

Software Architecture Energy and Utilities Risk

5 Major Cybersecurity Trends to Know for 2024

eSecurity Planet

DECEMBER 19, 2023

Before companies can effectively and safely use generative AI tools, employees must be educated on utilizing best practices: writing prompts that achieve desired outcomes, keeping data security and privacy in mind when inputting data, identifying the quality and security of AI, verifying AI output, and more,” elaborates Arti Raman, CEO Portal26.

Cybersecurity

Cybersecurity CISO Government Technology

Large-Scale AiTM Attack targeting enterprise users of Microsoft email services

Security Boulevard

AUGUST 2, 2022

It uses an adversary-in-the-middle (AiTM) attack technique capable of bypassing multi-factor authentication. Some of the key industry verticals such as FinTech, Lending, Insurance, Energy and Manufacturing in geographical regions such as the US, UK, New Zealand and Australia are targeted. Fingerprinting-based evasion.

Phishing

Phishing Energy and Utilities Authentication Accountability

Preparing for IT/OT convergence: Best practices

CyberSecurity Insiders

SEPTEMBER 21, 2021

Beyond traditional IT operations that utilize servers, routers, PCs and switches, these organizations also rely on OT, such as programmable logic controllers (PLCs), distributed control systems (DCSs) and human machine interfaces (HMIs) to run their physical plants and factories. They also don't have event logs or audit trails.

Energy and Utilities

Energy and Utilities Manufacturing Threat Detection Technology

CSTA Turns 400 – Proof That Technology Integrations Is Exactly What You Are Looking For

Cisco Security

AUGUST 26, 2021

With the addition of Kenna Security into our program we now have over 250 technology partners and over 400 integrations for our mutual customers to utilize. Active Lock protects individual files by requiring step-up authentication until the threat is cleared. Also have a look at a webinar recording about the D3E technology here. [2]

Technology

Technology Firewall VPN Authentication

Defense Cybersecurity: The Easy Doors for Adversaries are Closed, so How are They Still Getting In?

CyberSecurity Insiders

NOVEMBER 30, 2021

Treasury, Commerce, State, Energy, and Homeland Security departments, government agencies and the presidential administration were forced to rapidly evaluate what exactly went wrong — and how to right the sails. By Samuel Hutton, SVP North America, Glasswall. In the calm after the massive SolarWinds breach in 2020 that impacted the U.S.

Cybersecurity

Cybersecurity Energy and Utilities Government Technology

Threats to ICS and industrial enterprises in 2022

SecureList

NOVEMBER 23, 2021

For instance, we see a new trend emerging in the criminal ecosystem of spyware-based authentication data theft, with each individual attack being directed at a very small number of targets (from single digits to several dozen). Individual attacks as part of cybercriminal campaigns are already targeting ever fewer victims.

Spyware

Spyware Phishing Cybercrime Energy and Utilities

Cybersecurity Risks of 5G – And How to Control Them

eSecurity Planet

SEPTEMBER 1, 2021

Efforts like to shore up identity , leverage zero trust frameworks, and authenticate devices will remain best practices for the immediate future. How 5G Goes Beyond 4G. Objectives for 5G Implementation. Between now and then, we continue to learn and develop adequate security systems to defend the next generation of wireless networks.

Risk

Risk Cybersecurity IoT Wireless

The State of Blockchain Applications in Cybersecurity

eSecurity Planet

JULY 28, 2021

Permissioned blockchains, or private blockchains,aren’t truly decentralized because they’re organized by a governance structure and authentication process for nodes. For advantages, private blockchains are more scalable and energy-efficient with suggested use cases of banking and supply chain management. Next-Generation Cryptography.

Cybersecurity

Cybersecurity Cryptocurrency Technology Energy and Utilities

Security Distilled: Building a First-Principles Approach to Understanding Security

Security Boulevard

MAY 19, 2023

Some answers extended this to incorporate authenticity, utility, and possession (which form the Parkerian Hexad when combined with the CIA triad). The most commonly observed answer consistently related back to confidentiality, integrity, and availability: the CIA triad.

Accountability

Accountability Energy and Utilities Passwords Banking

A massive phishing campaign using QR codes targets the energy sector

Authentication bypass allows complete takeover of Modicon PLCs used across industries

Webinars

Trending Sources

Data Encryption Shields the Energy Sector Against Emerging Threats

Webinars

MY TAKE: The role of semiconductors in bringing the ‘Internet of Everything’ into full fruition

SHARED INTEL: Poll shows companies pursuing ‘Digital Trust’ reap benefits as laggards fall behind

Cyber Threat warning issued to all internet connected UPS devices

Revisiting Duo’s FedRAMP Authorized Federal Editions

Major authentication and encryption weaknesses discovered in Schneider Electric, outdated ICS systems

Bluetooth Bug Opens Devices to Man-in-the-Middle Attacks

The Evolving Cybersecurity Threats to Critical National Infrastructure

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

PseudoManuscrypt: a mass-scale spyware attack campaign

FBI’s Vetted Info Sharing Network ‘InfraGard’ Hacked

Microsoft Targets Critical Outlook Zero-Day Flaw

PseudoManuscrypt, a mysterious massive cyber espionage campaign

NIS2 Framework: Your Key To Achieving Cybersecurity Excellence

The Ongoing Cyber Threat to Critical Infrastructure

Advisory: Malicious North Korean Cyber Activity

DarkPulsar and other NSA hacking tools used in hacking operations in the wild

UK, US agencies warn of large-scale brute-force attacks carried out by Russian APT

Netwalker ransomware hit K-Electric, the major Pakistani electricity provider

Report: Increased IIoT Connectivity Leading to Greater Security Risk in Power Grid

The Scammers’ Playbook: How Cybercriminals Get Ahold of Your Data

NIS2

Critical Success Factors to Widespread Deployment of IoT

The Nature of Cybersecurity Defense: Pentagon To Reveal Updated Zero-Trust Cybersecurity Strategy & Guidelines

Hackers Tap into Oldsmar Water Facility

Quantum computing brings new security risks: How to protect yourself

US Cyber Command warns of Iran-linked hackers exploiting CVE-2017-11774 Outlook flaw

Herjavec Group BlackMatter Ransomware Profile

Iranian Hackers Target U.S. Water Facility

Spam and phishing in 2022

Hidden Biases in Cybersecurity Reviews – And How to Use Them

Our Principles for IoT Security Labeling

Importance of Securing Software with a Zero Trust Mindset

5 Major Cybersecurity Trends to Know for 2024

Large-Scale AiTM Attack targeting enterprise users of Microsoft email services

Preparing for IT/OT convergence: Best practices

CSTA Turns 400 – Proof That Technology Integrations Is Exactly What You Are Looking For

Defense Cybersecurity: The Easy Doors for Adversaries are Closed, so How are They Still Getting In?

Threats to ICS and industrial enterprises in 2022

Cybersecurity Risks of 5G – And How to Control Them

The State of Blockchain Applications in Cybersecurity

Security Distilled: Building a First-Principles Approach to Understanding Security

Stay Connected