Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label critical infrastructure cybersecurity. Show all posts
Infrastructure
critical infrastructure cybersecurity Cyber Security Cybersecurity Governance cybersecurity in healthcare Cybersecurity measures Infrastructure

Identity governance must extend to physical access in critical infrastructure security

 

In cybersecurity, much attention is often placed on firewalls, multi-factor authentication, and digital access controls, but in sensitive sectors such as utilities, energy, airports, pharmaceutical plants, and manufacturing, the challenge extends well beyond digital defenses. Physical access plays a critical role, and in many organizations, it remains the weakest link. As digital and physical systems converge, managing identity across both domains has become increasingly complex. What was once considered a facilities matter is now a direct responsibility of security leadership, carrying implications for compliance, safety, and organizational trust. 

In many companies, physical security systems like badge readers, door access points, and turnstiles are treated separately from IT environments. While that may have once been acceptable, the risks today show how flawed this separation is. If an individual no longer employed by the organization can still walk into a sensitive area, or if badge privileges remain after a role change, the organization faces serious vulnerabilities. Facilities such as airports, government offices, data centers, and large manufacturing plants see thousands of individuals moving through them daily, creating countless opportunities for mistakes or misuse. 

The consequences of an insider retaining unnecessary access can be immediate and damaging. The complexity is magnified by scale. Consider the case of an employee whose role shifted within a company. While IT permissions were updated to reflect the new position, the physical badge remained active for higher-level areas. This outdated access was then duplicated for new hires, unintentionally granting them entry to spaces far beyond their job requirements. 

In a global company with thousands of employees and multiple secure sites, such oversights multiply rapidly. Systems are often powerful but remain disconnected from HR records and identity governance tools, making it difficult to track whether access privileges are accurate or necessary. Physical access systems are operational technology, often running independently on separate networks. Like other OT systems, they can be neglected, with access lists left unchanged for years. 

This leads to problems such as orphaned badges for former employees, inherited permissions, excessive access rights, and little visibility into how many people hold credentials for sensitive areas. Unlike digital environments where logs and directories allow oversight, physical access systems are typically siloed, leaving leaders unable to prove whether access controls are correct. 

Even if nothing is wrong, there is rarely substantiated evidence to demonstrate compliance or safety. Unauthorized physical access can be just as damaging as a digital breach, and in many cases, the risks are greater. Governing identity today means addressing both digital and physical dimensions with equal rigor. 

Without integrating and validating badge data, correlating it with employee records, and continuously reviewing privileges, organizations are relying on assumptions rather than facts. In environments where physical presence carries risk, relying on assumptions is not a viable security strategy.
Read more »
Security Service of Ukraine(SBU)
Critical Infrastructure critical infrastructure cybersecurity Cyber Attacks Cybersecurity E-ticketing Online Services Russia-Ukraine War SBU Security Service of Ukraine(SBU)

Ukrzaliznytsia Cyberattack Disrupts Online Ticket Sales but Train Services Remain Unaffected

 

Ukraine’s national railway operator, Ukrzaliznytsia, has fallen victim to a large-scale cyberattack, severely disrupting its online ticket sales and forcing passengers to rely on physical ticket booths. The attack, which began on March 23, has caused significant delays, long queues, and overcrowding at train stations as people struggle to secure their travel arrangements. Despite the disruption to digital services, train schedules have remained unaffected, ensuring that rail transportation across the country continues without major interruptions.

In response to the attack, Ukrzaliznytsia has taken steps to mitigate the inconvenience by deploying additional staff at ticket offices to accommodate the surge in demand. However, the company acknowledged that waiting times remain long and urged passengers not to overcrowd sales points unnecessarily. To ensure that military personnel are not affected by the disruption, they have been granted the option to purchase tickets directly from train conductors. Meanwhile, civilians who had bought their tickets online before the cyberattack are advised to use the PDF copies sent to their email or arrive at the station early to seek assistance from railway officials. 

Ukrzaliznytsia confirmed the cyberattack in an official statement across multiple communication platforms, apologizing for the inconvenience caused to passengers. The company emphasized that, despite the challenges, train operations were running smoothly and schedules had not been impacted. Officials noted that prior experience with cyberattacks had helped strengthen the railway’s response mechanisms, allowing it to implement backup protocols that ensured continuity of service. 

However, online ticket sales remain unavailable as efforts continue to restore affected systems. Describing the attack as highly systematic and multi-layered, Ukrzaliznytsia stated that it was working closely with cybersecurity specialists from Ukraine’s Security Service (SBU) and the Government Computer Emergency Response Team (CERT-UA) to identify vulnerabilities and strengthen its defenses. While the company did not specify the origin of the attack, cyber threats targeting Ukrainian infrastructure have been a persistent issue since the start of Russia’s full-scale invasion. Both state agencies and private companies have faced frequent cyber incidents, highlighting the growing challenges in securing critical infrastructure. 

Despite the cyberattack, Ukrzaliznytsia remains committed to maintaining uninterrupted rail service. The company reassured passengers that its backup systems were in place to handle such incidents, ensuring that transportation across Ukraine and beyond continues without disruption. However, no specific timeline has been given for when online ticketing services will be fully restored, leaving passengers to rely on in-person ticket purchases for the foreseeable future.
Read more »
Vulnerabilities and Exploits
command injection flaw critical infrastructure cybersecurity industrial cybersecurity mySCADA vulnerabilities OT security risks SCADA security Vulnerabilities and Exploits

Critical Security Flaws Discovered in mySCADA myPRO SCADA System

Cybersecurity researchers have identified two high-severity vulnerabilities in mySCADA myPRO, a Supervisory Control and Data Acquisition (SCADA) system widely used in operational technology (OT) environments. These flaws could allow threat actors to gain unauthorized control over affected systems.

"These vulnerabilities, if exploited, could grant unauthorized access to industrial control networks, potentially leading to severe operational disruptions and financial losses," said Swiss security firm PRODAFT.

Both security flaws are rated 9.3 on the CVSS v4 scale and stem from operating system command injection issues:
  • CVE-2025-20014 – Allows attackers to execute arbitrary commands via crafted POST requests with a version parameter.
  • CVE-2025-20061 – Enables remote command execution using a POST request with an email parameter.
If exploited, these vulnerabilities could enable command injection and arbitrary code execution on affected systems.

Security Updates & Mitigation Measures

The issues have been addressed in the following patched versions:
  • mySCADA PRO Manager 1.3
  • mySCADA PRO Runtime 9.2.1
PRODAFT attributes the flaws to improper input validation, which creates an entry point for command injection attacks.

"These vulnerabilities highlight the persistent security risks in SCADA systems and the need for stronger defenses," the company stated. "Exploitation could lead to operational disruptions, financial losses, and safety hazards."

Organizations using mySCADA myPRO should take immediate action by:
  1. Applying the latest patches to eliminate vulnerabilities.
  2. Isolating SCADA systems from IT networks through network segmentation.
  3. Enforcing strong authentication measures to prevent unauthorized access.
  4. Monitoring system activity for signs of suspicious behavior.
By implementing these cybersecurity best practices, organizations can fortify their SCADA environments against potential attacks.
Read more »
Subscribe to: Posts (Atom)