Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Infrastructure. Show all posts
Terrorism
Banking CERT-In Cybe Security Cyberattack DDoS defacement Digital Finance India Infrastructure Misinformation Pahalgam SocialMedia surveillance Terrorism

India Strengthens Cybersecurity Measures Amid Rising Threats Post-Pahalgam Attack

 

In response to a surge in cyberattacks targeting Indian digital infrastructure following the Pahalgam terror incident, the Indian government has directed financial institutions and critical infrastructure sectors to enhance their cybersecurity protocols. These instructions were issued by the Computer Emergency Response Team (CERT-In), according to a source familiar with the development, Moneycontrol reported.

The precautionary push isn’t limited to government networks — private sector entities are also actively reinforcing their systems against potential cyber threats. “We have been extra alert right from the Pahalgam attack, in terms of ensuring cyber security speedily not just by government agencies but also by the private sector,” the source stated.

CERT-In, India’s central agency for cyber defense, has released advisories to banking institutions and other essential sectors, urging them to tighten their digital safeguards. In addition, the government has engaged with organizations like NASSCOM to facilitate a collaborative cyber alert framework.

Recent attacks primarily involved DDoS, or distributed denial-of-service incidents, which overwhelm servers with excessive traffic, rendering websites inaccessible and potentially causing financial damage. Attempts to deface websites — typically for political messaging — were also reported.

This intensified focus on digital defense follows India’s military action against terrorist hideouts in Pakistan, occurring nearly two weeks after the Pahalgam incident, which resulted in the deaths of Indian tourists in Kashmir.

Moneycontrol previously highlighted that cyber surveillance across India's vital digital infrastructure is being ramped up following the Pahalgam attack and the subsequent Operation Sindoor. Critical sectors and strategic installations are under strict scrutiny to ensure adherence to robust cybersecurity practices.

Amid these developments, misinformation remains a parallel concern. Daily takedown requests under Section 69A of the IT Act have surpassed 1,000, as the government works with social media platforms to curb the spread of fake news, the source noted.
Read more »
Risk Management
Cloud Cyber Security cybersecurity best practices cybersecurity posture Enterprise enterprise cybersecurity Google Cloud Platform Infrastructure Risk Management

Posture Management Emerges as Strategic Cybersecurity Priority Amid Cloud and Data Fragmentation

 

Posture management is rapidly evolving into a cornerstone of enterprise cybersecurity as organizations grapple with increasing digital complexity. With infrastructures now sprawling across cloud platforms, identity services, and data environments, the traditional model of siloed risk monitoring is no longer sustainable. As a result, cybersecurity leaders are embracing posture management not only to gauge exposure but also to orchestrate defenses in real time. 

This shift reflects a broader industry movement toward unifying visibility and control. “From a business perspective, large organizations have M&A — they have rollups; they have multiple divisions. They’re not centralized; they’re across globes,” said Erik Bradley, chief strategist and director of research at Enterprise Technology Research. “There’s no way that we’re ever going to see a consolidation on one platform.” 

Bradley shared these insights during a conversation with theCUBE’s Jon Oltsik and Dave Vellante at the RSAC 2025 Conference, hosted by SiliconANGLE Media. The discussion focused on how posture management is becoming integral to modern security operations by improving visibility, minimizing tool sprawl, and enabling strategic risk reduction across complex IT environments. Security teams are increasingly recognizing the limitations of point solutions. 

Instead, they’re exploring how posture management can serve as a foundational layer across enterprise-wide platforms. “We’re carving up terminology and confusing the market,” said Oltsik. “IT is moving so quickly and it’s so specialized that you need specialized posture management tools for cloud, identity, and data.” Leading cybersecurity vendors like CrowdStrike and Palo Alto Networks are embedding posture management into broader security suites, aligning it with automation, identity access controls, and even password management. 

These integrations aim to reduce operational overhead while enabling faster, more accurate threat detection. According to Bradley, these vendors view posture management as both a preventive control in peacetime and a readiness tool in active cyber warfare scenarios. However, challenges persist—particularly around data fragmentation. Although many vendors tout strong telemetry capabilities, few offer complete visibility across all domains. 

This leaves enterprises vulnerable to gaps in their defenses, especially as they try to consolidate vendors and reduce redundancy. “No CSO is going to go all-in with one provider,” Bradley emphasized. “They’re focused on consolidating redundant vendors and streamlining operations without sacrificing visibility or security.” 

As cybersecurity evolves, posture management is no longer a niche function—it’s becoming the backbone of a resilient, scalable defense strategy.
Read more »
Technology
Automation Cybersecurity Infrastructure Innovation Integration Manufacturing Technology

Critical Infrastructure at Risk: Why OT-IT Integration is Key to Innovation and Cybersecurity

 

As cyberattacks grow more advanced, targeting the essential systems of modern life—from energy pipelines and manufacturing plants to airports and telecom networks—governments are increasing pressure on industries to fortify their digital and physical defenses.

A series of high-profile breaches, including the shutdown of Seattle’s port and airport and disruptions to emergency services in New York, have triggered calls for action. As early as 2020, agencies like the NSA and CISA urged critical infrastructure operators to tighten their cybersecurity frameworks.

Despite this, progress has been gradual. Many businesses remain hesitant due to perceived costs. However, experts argue that merging operational technology (OT)—which controls physical equipment—with information technology (IT)—which manages digital systems—offers both protection and growth potential.

This fusion not only enhances reliability and minimizes service interruptions, but also creates opportunities for innovation and revenue generation, as highlighted by experts in a recent conversation with CIO Upside.

“By integrating (Internet-of-Things) and OT systems, you gain visibility into processes that were previously opaque,” Sonu Shankar, chief product officer at Phosphorus, told CIO Upside. Well-managed systems are a “launchpad for innovation,” said Shankar, allowing enterprises to make use of raw operational data.

“This doesn’t just facilitate operational efficiencies — it would potentially generate new revenue streams born from integrated visibility,” Shankar added.

Understanding OT and Its Role

Operational technology refers to any hardware or system essential to a business’s core services—such as factory machinery, production lines, logistics hubs, and even connected office devices like smart printers.

Upgrading these legacy systems might seem overwhelming, particularly for industries reliant on outdated hardware. But OT-IT convergence doesn’t have to be expensive. In fact, several affordable and scalable solutions already exist.

Technologies such as network segmentation, zero trust architecture, and cloud-based OT-IT platforms provide robust protection and visibility:

Network segmentation breaks a primary network into smaller, isolated units—making it harder for unauthorized users to access critical systems.

Zero trust security continuously verifies users and devices, reducing the risks posed by human error or misconfigurations.

Cloud platforms offer centralized insights, historical logs, automated system upkeep, and AI-powered threat detection—making it easier to anticipate and prevent cyber threats.

Fused OT-IT environments lay the groundwork for faster product development and better service delivery, said James McQuiggan, security awareness advocate at KnowBe4.

“When OT and IT systems can communicate effectively and securely across multiple platforms and teams, the development cycle is more efficient and potentially brings products or services to market faster,” he said. “For CIOs, they are no longer just supporting the business, but shaping what it will become.”

As digital threats escalate and customer expectations rise, the integration of OT and IT is no longer optional—it’s a strategic imperative for security, resilience, and long-term growth
Read more »
Telecom
Cyber Security Cybersecurity Infrastructure Security SIM surveillance Telecom

Government Plans SIM Card Replacement Amid Security Concerns Over Chinese-Made Chipsets

 

The Indian government is actively assessing the feasibility of a nationwide SIM card replacement program as part of broader efforts to enhance digital and telecom security. Authorities are currently evaluating the scale of the issue and may soon introduce detailed guidelines on the rollout. The move, if executed, could impact millions of mobile users still operating with SIM cards issued years ago.

The initiative is part of a larger investigation led by the National Cyber Security Coordinator (NCSC), following concerns about the security risks posed by chipsets embedded in SIM cards reportedly sourced from Chinese vendors. According to a report by Mint, the Ministry of Home Affairs has raised red flags over the potential misuse of personal information due to these chipsets.

“The investigation is being done collectively under NCSC involving DoT, MHA, and other stakeholders to identify the entry of such chips in the market and the extent of SIM cards with chips of Chinese origin. It seems even telecos were not aware of the procurement by their vendors,” the Mint reported, citing official sources.

As part of this investigation, the government is exploring technological and legal hurdles that may arise if the replacement plan is greenlit. Key telecom operators, including Vodafone Idea, Bharti Airtel, and Reliance Jio, have reportedly been consulted to discuss possible security loopholes that may surface during the swap process.

In addition to SIM replacement, authorities are also looking to tighten import controls on telecom equipment. Only suppliers from vetted, reliable sources may be allowed to contribute to India's telecom infrastructure moving forward.

Legal Framework Supporting the Move
The Telecommunications Act of 2023 provides the government with the authority to restrict, suspend, or ban telecom equipment or services if they are found to pose a threat to national security.

“Procurement of telecommunication equipment and telecommunication services only from trusted sources,” Section 21 of the Telecom Act, 2023 states.

Before this legislation, the Department of Telecommunications (DoT) had already implemented licensing rules that factored in defence and national security considerations when sourcing telecom hardware. Under these rules, telecom service providers are permitted to buy only from "trusted sources" and must seek prior approval from the National Cyber Security Coordinator.
Read more »
Vulnerabilities
Automation Backup Cyber Security Exploits Infrastructure Vulnerabilities

CISA Highlights Major Vulnerabilities in Critical Infrastructure Systems

 

The Cybersecurity and Infrastructure Security Agency (CISA) has released two significant advisories focused on Industrial Control Systems (ICS), urging swift action from organizations operating within vital infrastructure sectors. These advisories—ICSA-25-091-01 and ICSA-24-331-04—highlight newly discovered vulnerabilities that could pose severe threats if left unaddressed.

ICSA-25-091-01 focuses on a critical vulnerability affecting Rockwell Automation's Lifecycle Services, which integrate with Veeam Backup and Replication. This issue stems from improper deserialization of untrusted data (CWE-502)—a known risk that allows remote attackers to execute malicious code. The flaw has received a CVSS v4 score of 9.4, indicating a high-severity, low-complexity threat that is remotely exploitable.

Impacted products include:

  • Industrial Data Center (IDC) with Veeam (Generations 1-5)
  • VersaVirtual Appliance (VVA) with Veeam (Series A-C)
If exploited, the vulnerability could give attackers with admin rights full access to execute arbitrary code, potentially leading to complete system takeover.

"CISA urges organizations to take immediate defensive measures to mitigate the risk, including:
• Minimizing network exposure for all control systems and ensuring they are not directly accessible from the internet.
• Using secure access methods like Virtual Private Networks (VPNs) when remote access is necessary.
• Keeping VPNs up to date to prevent vulnerabilities from being exploited."

Rockwell Automation is collaborating with CISA to inform affected clients—especially those under Infrastructure Managed Service contracts—about available patches and remediation steps.

ICSA-24-331-04 draws attention to multiple security flaws in Hitachi Energy’s MicroSCADA Pro/X SYS600, a system widely used in energy and manufacturing sectors. These vulnerabilities include improper query logic handling, session hijacking via authentication bypass, and path traversal risks.

The most critical issue, CVE-2024-4872, carries a CVSS v3 score of 9.9, making it one of the most severe. It enables attackers with valid credentials to inject harmful code into the system, risking unauthorized access and corruption of persistent data.

Other issues include:
  • CVE-2024-3980: Lack of proper file path limitations
  • Exposure to further system compromise if not promptly patched
"Hitachi Energy has released patches for the affected versions, including a critical update to Version 10.6 for MicroSCADA Pro/X SYS600. Users are also advised to apply necessary workarounds and stay updated with security patches to protect against exploitation."

CISA strongly advises organizations using these systems to implement all recommended mitigations without delay to minimize potential risks.
Read more »
Techonology
Infrastructure IoTs Power Grids Solar Power Techonology

Vulnerabilities Alert: Solar Power Grids Worldwide Under Threat of Cyber Attacks


Global solar power industry under threat

The rise in the use of solar power worldwide has revealed gaps in cybersecurity in cloud computing devices, inverters, and monitoring platforms. As these become prone to critical vulnerabilities, it creates an unsafe ecosystem where threat actors can disrupt power grids, exploit energy production, and steal important data, causing serious threats to global energy infrastructures. 

A recent study has found 46 new flaws across three main solar inverter manufacturers- SMA, Growatt, and Sungrow. Past findings revealed that 80% of documented flaws were high or critical, with a few touching the highest CVSS scores. In the last three years, an average of 10 new flaws have been reported annually; 32% of these carried a CVSS score of 9.8 or 10, suggesting that threat actors could exploit compromised systems fully. 

Experts at Forescout research said their findings have shown an “ecosystem that is insecure — with dangerous energy and national security implications.” “While each residential solar system produces limited power, their combined output reaches dozens of gigawatts” This makes their “collective impact on cybersecurity and grid reliability too significant to ignore.”

Solar power systems are in danger, and millions of them

Various solar investors link with the internet directly. This makes them scapegoats for attackers, as they can exploit out-of-date firmware, unencrypted data transmissions, and poor authentication mechanisms to take control. 

How threat exploit grid infrastructure

Hackers use exposed APIs to hack user accounts, change credentials, and change inverter settings, causing power outages. Also, unsafe object references and cross-site scripting (XSS) flaws could disclose user emails, energy consumption data, and physical addresses, breaking privacy regulations like GDPR. “Attacks can target individual persons and organizations owning solar power systems, or they can be broad and automated,” Forescout said.

Risks posed by solar power 

Apart from grid instability, compromised inverters can also cause further risks such as financial manipulation, smart home hijacking, and data theft. A few flaws let hackers take control of EV chargers and smart plugs. By changing inverter settings, attackers can impact energy prices and demand ransom payments to restore system functions. 

Robust cybersecurity frameworks such as NIST IR 8259 and the implementation of Web Application Firewalls (WAFs) can help lower threats.

Read more »
SQL
Cyber Attacks Data Security Tiktok Election Security Elections Infrastructure Romania Russia Security Breaches SQL

Romania Annuls Elections After TikTok Campaign and Cyberattacks Linked to Russia

 


Romania’s Constitutional Court (CCR) has annulled the first round of its recent presidential elections after intelligence reports revealed extensive foreign interference. Cyberattacks and influence campaigns have raised serious concerns, prompting authorities to reschedule elections while addressing security vulnerabilities. 
  
Cyberattacks on Election Infrastructure

The Romanian Intelligence Service (SRI) uncovered relentless cyberattacks targeting key election systems between November 19th and November 25th. Attackers exploited vulnerabilities to compromise platforms such as:
  • Bec.ro: Central Election Bureau system.
  • Registrulelectoral.ro: Voter registration platform.
Key findings include:
  • Methods Used: SQL injection and cross-site scripting (XSS) exploited to infiltrate systems.
  • Leaked Credentials: Stolen login details shared on Russian cybercrime forums.
  • Server Breach: A compromised server linked to mapping data allowed access to sensitive election infrastructure.
  • Origin: Attacks traced to devices in over 33 countries, suggesting state-level backing.
While the SRI has not explicitly named Russia, the attack methods strongly indicate state-level involvement. TikTok Influence Campaign Beyond cyberattacks, a coordinated TikTok influence campaign sought to sway public opinion in favor of presidential candidate Calin Georgescu:
  • Influencers: Over 100 influencers with a combined 8 million followers participated.
  • Payments: Ranged from $100 for smaller influencers to substantial sums for those with larger followings.
  • Impact: Pro-Georgescu content peaked on November 26th, ranking 9th among TikTok’s top trending videos.
  • Activity Pattern: Many accounts involved were dormant since 2016 but became active weeks before the election.
Romania’s Ministry of Internal Affairs (MAI) noted parallels between Georgescu’s messaging and narratives supporting pro-Russian candidates in Moldova, further tying the campaign to Russian influence efforts. Geopolitical Implications Romania’s Foreign Intelligence Service (SIE) linked these actions to a broader Russian strategy to destabilize NATO-aligned countries:

Goals: Undermine democratic processes and promote eurosceptic narratives.

Target: Romania’s significant NATO presence makes it a critical focus of Russian propaganda and disinformation campaigns.

Election Annulment and Future Challenges 
 
On November 6th, the CCR annulled the election’s first round, citing security breaches and highlighting vulnerabilities in Romania’s electoral infrastructure. Moving forward:
  • Cybersecurity Enhancements: Authorities face mounting pressure to strengthen defenses against similar attacks.
  • Disinformation Countermeasures: Efforts to combat influence campaigns are essential to safeguarding future elections.
  • Warning from SRI: Election system vulnerabilities remain exploitable, raising concerns about upcoming elections.
The incidents in Romania underscore the rising threat of cyberattacks and influence operations on democratic processes worldwide, emphasizing the urgent need for robust security measures to protect electoral integrity.
Read more »
Vulnerabilities
CPS critical Cyber Security Cyberattack Cybersecurity Digital Infrastructure National Security public safety Supply Chain Vulnerabilities

Cyberattacks on Critical Infrastructure: A Growing Threat to Global Security

 

During World War II, the U.S. Army Air Forces launched two attacks on ball bearing factories in Schweinfurt, aiming to disrupt Germany’s ability to produce machinery for war. The belief was that halting production would significantly affect Germany’s capacity to manufacture various war machines.

This approach has a modern parallel in the cybersecurity world. A cyberattack on a single industry can ripple across multiple sectors. For instance, the Colonial Pipeline attack affected American Airlines operations at Charlotte Douglas Airport. Similarly, the Russian NotPetya attack against Ukraine spilled onto the internet, impacting supply chains globally.

At the 2023 S4 Conference, Josh Corman discussed the potential for cascading failures due to cyberattacks. The creation of the Cybersecurity and Infrastructure Security Agency’s National Critical Functions was driven by the need to coordinate cybersecurity efforts across various critical sectors. Corman highlighted how the healthcare sector depends on several infrastructure sectors, such as water, energy, and transportation, to provide patient care.

The question arises: what if a cyber incident affected multiple segments of the economy at once? The consequences could be devastating.

What makes this more concerning is that it's not a new issue. The SQL Slammer virus, which appeared over two decades ago, compromised an estimated one in every 1,000 computers globally. Unlike the recent CrowdStrike bug, Slammer was an intentional exploit that remained unpatched for over six months. Despite differences between the events, both show that software vulnerabilities can be exploited, regardless of intent.

Digital technology now underpins everything from cars to medical devices. However, as technology becomes more integrated into daily life, it brings new risks. Research from Claroty’s Team82 reveals that insecure code and misconfigurations exist in software that controls physical systems, posing potential threats to national security, public safety, and economic stability.

Although the CrowdStrike incident was disruptive, businesses and governments must reflect on the event to prevent larger, more severe cyber incidents in the future.

Cyber-Physical Systems: A Shifting Threat Landscape

Nearly every facility, from water treatment plants to hospitals, relies on digital systems known as cyber-physical systems (CPS) to function. These systems manage critical tasks, but they also introduce vulnerabilities. Today, billions of tiny computers are embedded in systems across all industries, offering great benefits but also exposing the soft underbelly of society to cyber threats.

The Stuxnet malware attack in 2014, which disrupted Iran's nuclear program, was the first major cyber assault on CPS. Since then, there have been several incidents, including the 2016 Russian Industroyer malware attack that disrupted part of Ukraine’s power grid, and the 2020 Iranian attempt to attack Israeli water utilities. Most recently, Chinese hackers have targeted U.S. critical infrastructure.

These incidents highlight how cybercriminals and nation states exploit vulnerabilities in critical infrastructure to understand weaknesses and the potential impact on security. China, for example, has expanded its objectives from espionage to compromising U.S. infrastructure to weaken its defense capabilities in case of a conflict.

The CrowdStrike Bug and Broader Implications

The CrowdStrike bug wasn’t a malicious attack but rather a mistake tied to a gap in quality assurance. Still, the incident serves as a reminder that our dependence on digital systems has grown significantly. Failures in cyber-physical systems—whether in oil pipelines, manufacturing plants, or hospitals—can have dangerous physical consequences.

Although attacks on CPS are relatively rare, many of these systems still rely on outdated technology, including Windows operating systems, which account for over 25% of vulnerabilities in the CISA Known Exploited Vulnerabilities Catalog. Coupled with long periods of technological obsolescence, these vulnerabilities pose significant risks.

What would happen if a nation-state deliberately targeted CPS in critical infrastructure? The potential consequences could be far worse than the CrowdStrike bug.

Addressing the vulnerabilities in CPS will take time, but there are several steps that can be taken immediately:

  • Operationalize compensating controls: Organizations must inventory assets and implement network segmentation and secure access to protect vulnerable systems.
  • Expand secure-by-design principles: CISA has emphasized the need to focus on secure-by-design in CPS, particularly for medical devices and automation systems.
  • Adopt secure-by-demand programs: Organizations should ask the right questions of software vendors during procurement to ensure higher security standards.
Although CPS drive innovation, they also introduce new risks. A failure in one link of the global supply chain could cascade across industries, disrupting critical services. The CrowdStrike bug wasn’t a malicious attack, but it underscores the fragility of modern infrastructure and the need for vigilance to prevent future incidents
Read more »
Subscribe to: Posts (Atom)