Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Critical Infrastructure. Show all posts
Trust
Critical Infrastructure Cyber Security Organization security State Actors Trust

Trust in Cyber Takes a Knock as CNI Budgets Flatline

Trust in Cyber Takes a Knock as CNI Budgets Flatline

Trust in cybersecurity technologies has become one of the most difficult hurdles for critical national infrastructure (CNI) providers as sophisticated nation-state threats grow, according to a recent Bridewell assessment.

The Trust Deficit

The IT services firm's most recent Cyber Security in Critical National Infrastructure report is based on interviews with over 1000 CISOs and equivalents from CNI providers in the United States and the United Kingdom.

It found that over a third (31%) identified "trust in cybersecurity tools" as a key challenge this year, up 121% from the 2023 edition of the survey.

Confidence in tools took a hit last year when the UK joined the US and other nations in warning providers of key services about China-backed action against CNI, according to the research.

74% of respondents expressed fear about Chinese state actors, which is comparable to 73% anxiety about Russian state operatives.

These worries are likely to have been heightened recently, with the United States warning in February that Chinese agents have pre-positioned themselves in several CNI networks to unleash damaging strikes in the event of a military conflict.

Budget Constraints

Budgets have declined in tandem with trust in tooling. According to the research, the share of IT (33%) and OT (30%) budgets set aside for cybersecurity has dropped drastically from 44% and 43% the previous year, respectively.

The dramatic reduction is evident across the board, from new recruits to training and risk assessments to technological investments.

Despite these financial challenges, nearly a third (30%) of CNI respondents who were victims of a ransomware attack last year informed Bridewell that they paid the extortionists.

Bridewell cautioned that, in addition to the fees, CNI enterprises could face legal consequences.

Ransom payments could, for example, be sent to persons facing legal repercussions from the United Kingdom, the United States, or the European Union. The UK's Office of Financial Sanctions Implementation has warned that payments may violate the law in other jurisdictions, according to the report.

Interestingly, more than a quarter (27%) of respondents reported that ransomware intrusions had a psychological impact on employees.

The Way Forward

Bridewell CEO Anthony Young expressed sympathy for those firms that do wind up paying.

If the firm is unable to recover, paying the ransom may be the only viable alternative for resuming operations short of reinstalling its systems from the start, he argued.

However, this tough decision can be avoided by implementing a security plan that reduces the possibility of threat actors obtaining access and moving through your systems without being detected and effectively removed.

Read more »
ransomware-as-a-service
BlackByte ransomware Critical Infrastructure Cyberattack Cybersecurity Cybersecurity Agencies Data Breach Encina Wastewater Authority ransomware-as-a-service

Encina Wastewater Authority Reportedly Targeted by BlackByte Ransomware

Carlsbad, California – Encina Wastewater Authority (EWA) has become the latest target of the notorious BlackByte ransomware group. The group, known for its aggressive tactics, has hinted at a cyberattack on EWA's platform, suggesting the potential sale of sensitive company documents obtained during the intrusion.

Despite BlackByte's claims, EWA's website, http://encinajpa.com, remains operational without immediate signs of intrusion. However, cybersecurity experts speculate that the threat actor may have infiltrated the organization's backend systems or databases rather than launching a visible front-end attack like a distributed denial-of-service (DDoS) assault.

Encina Wastewater Authority serves over 379,000 residents and businesses across North San Diego County, playing a crucial role in wastewater treatment, resource recovery, and environmental protection for public health and regional water sustainability.

The Cyber Express has reached out to Encina Wastewater Authority for clarification on the alleged cyberattack. As of writing, no official statement or response has been issued by the organization, leaving the claims unconfirmed. The BlackByte ransomware group has also shared sample documents, indicating the attack and offering their sale or removal via email.

BlackByte has been a concern for cybersecurity agencies since its emergence in July 2021, targeting critical infrastructure and gaining attention from the Federal Bureau of Investigation (FBI) and the US Secret Service (USS). Despite mitigation efforts, such as the release of a decrypter by Trustwave in October 2021, BlackByte continues to evolve its tactics and persists in targeting organizations worldwide through a ransomware-as-a-service (RaaS) model.

The situation regarding the alleged cyberattack on Encina Wastewater Authority will be closely monitored by The Cyber Express, and updates will be provided as more information becomes available or any official statement from the organization is issued.
Read more »
water system security
Critical Infrastructure Cyber Threats cybersecurity posture Data Breach ransomware attacks Southern Water Veolia North America water supply water system security

Major Water Suppliers Hit by Ransomware Attacks

 

Recent ransomware attacks have impacted two major water supply systems in the United States and the United Kingdom, with Boston-based Veolia North America and England's Southern Water falling victim to cyber threats. In both instances, attackers have reportedly seized employee or customer data and are demanding ransom payments. Fortunately, neither organization has reported prolonged service disruptions due to encrypted files or folders, and no ransom payments have been disclosed.

Veolia North America, serving approximately 550 communities, acknowledged a ransomware incident affecting its Municipal Water division. The attack prompted the temporary shutdown of some software applications and systems, causing delays in online bill payment systems for customers. The company assured that no operational technology, including industrial control systems, was compromised. Digital forensics investigators were promptly engaged to investigate the intrusion, and affected individuals will be directly notified about the stolen personal information.

Similarly, Southern Water in the UK confirmed a ransomware attack by the Black Basta group but asserted that no data encryption occurred, and critical operations remained intact. The utility, serving 2.5 million water customers and over 4.7 million wastewater customers, is still evaluating the extent of potential data theft. The Black Basta group claimed to have stolen 750 gigabytes of data, including corporate documents and users' personal information. Southern Water emphasized that customer relationships and financial systems remained unaffected, and services continued without disruption.

These incidents come amid a broader surge in ransomware attacks, as highlighted in a report by British consultancy NCC Group, revealing an 84% increase in known ransomware attacks in 2023 compared to the previous year. The U.S. Cybersecurity and Infrastructure Security Agency recently released an incident response guide for the water and wastewater sector, emphasizing the potential cascading impacts of a compromise in critical infrastructure sectors.

The White House has been urging various critical infrastructure sectors to enhance their cybersecurity posture, with a focus on reviewing and improving defenses. The attacks also underscore the ongoing challenges in ensuring the cybersecurity of essential services, prompting organizations to remain vigilant and proactive in safeguarding their systems.
Read more »
Vulnerable Systems
CISA Critical Infrastructure Ransomware Groups RWVP Vulnerabilities and Exploits Vulnerable Systems

RWVP: CISA Shares Vulnerabilities and Misconfigurations Targeted by Ransomware Groups


The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently revealed an insight into the misconfigurations and security vulnerabilities exploited by ransomware groups, in order to help critical infrastructure companies tackle their attacks. 

This information is part of a Ransomware Vulnerability Warning Pilot (RVWP) program conducted by CISA, which shows concern over the ransomware devices discovered on the networks of critical infrastructure organizations. 

To date, RVWP has discovered and identified over 800 vulnerable systems with internet-accessible vulnerabilities that are often targeted by different ransomware activities.  

CISA stated that "Ransomware has disrupted critical services, businesses, and communities worldwide and many of these incidents are perpetrated by ransomware actors using known common vulnerabilities and exposures (CVE) (i.e., vulnerabilities)." 

"However, many organizations may be unaware that a vulnerability used by ransomware threat actors is present on their network[…]Now, all organizations have access to this information in our known exploited vulnerabilities (KEV) catalog as we added a column titled, 'known to be used in ransomware campaigns.' Furthermore, CISA has developed a second new RVWP resource that serves as a companion list of misconfigurations and weaknesses known to be used in ransomware campaigns," CISA added.

RVWP is a component of a much larger effort that was initiated in response to the growing ransomware threat to critical infrastructure that first surfaced almost two years ago with a wave of cyberattacks targeting key infrastructure companies and U.S. government organizations, including Colonial Pipeline, JBS Foods, and Kaseya.

In June 2021, CISA broadened its horizon by launching the Ransomware Readiness Assessment (RRA), a component of its Cyber Security Evaluation Tool (CSET), whose goal is to help companies analyze and evaluate their preparedness in order to mitigate the risks and tackle from potential ransomware attacks. 

By August 2021, CISA also made recommendations to help vulnerable public and commercial sector organizations stop data breaches brought on by ransomware incidents.

In addition, CISA further formed an alliance with the business sector to defend vital US infrastructure against ransomware and other online dangers. All federal agencies and businesses who joined the cooperation have a collective response strategy embodied in this collaborative initiative, the Cyber Defense Collaborative.  

Read more »
phishing
Critical Infrastructure Cyber Security Cyber-attacks ISRO phishing

Cybersecurity Challenges Faced by ISRO: Chief S Somanath

The Indian Space Research Organisation (ISRO) has been facing over 100 cyber-attacks daily, according to a statement by ISRO Chief S Somanath. The attacks are mostly phishing attempts and malware attacks. 

During the concluding session of the 16th edition of the c0c0n, a two-day international cyber conference in Kerala’s Kochi, Somanath stated that rocket technology, which employs advanced software and chip-based hardware, is more susceptible to cyber-attacks.

ISRO’s Cybersecurity Challenges

"The organization is equipped with a robust cybersecurity network to face such attacks," said Mr. Somnath. "Earlier, the way of monitoring one satellite has changed to a way of software monitoring many satellites at a time. This indicates the growth of this sector. During COVID, it was possible to launch from a remote location which shows the triumph of technology."

During the concluding session of the c0c0n, Kerala Revenue Minister P Rajeev stated that the state government is capable of providing sufficient security to the cyber arena, making it a model for cyber security governance. He stated that The Kerala state government is capable of ensuring cybersecurity and supporting the sector by establishing a Digital University in the state. Additionally, K-Fone ensures internet access in every household in Kerala.

The ISRO is responsible for India’s space program and has been instrumental in launching several satellites and missions. The organization has been targeted by hackers in the past, with reports of cyber-attacks dating back to 2017. The recent statement by the ISRO Chief highlights the increasing threat of cyber-attacks on critical infrastructure.

ISRO’s Cybersecurity Measures

The ISRO has taken several measures to improve its cybersecurity posture. In 2020, the organization launched a cybersecurity policy aimed at protecting its critical infrastructure from cyber threats. The policy outlines guidelines for secure coding practices, access control, incident management, and other security-related aspects.

"We can face the challenges posed by cyber criminals using technology like artificial intelligence with the same technology. There should be research and hard work towards this end," Mr. Somnath said.


Read more »
Subscribe to: Posts (Atom)