Critical Infrastructure | SC Media

Critical Infrastructure

Nation-states, terrorists place critical infrastructure in their cross-hairs

By Steve Durbin, managing director, Information Security Forum Over the coming years, the very foundations of today’s digital world will shake. Innovative and determined attackers, along with changes to the way organizations conduct their operations, will combine to threaten even the strongest establishments. Only those with vigorous preparations will stand tall. Nation states and terrorist…

No news on if Iran will retaliate yet...

Iran claims telecommunications infrastructure was attacked by Stuxnet variant

By

Iran officials are reportedly claiming that a variant of the Stuxnet worm that disrupted their country’s nuclear program in the late 2000s was used in an attack on their telecommunications infrastructure last week. Iran is publicly pointing the finger at Israel, while claiming to have successfully defended the attack, according to multiple news outlets, including…

Critical infrastructure attack

FireEye attributes TRITON ICS attack to Russian

By

The cybersecurity firm FireEye has attributed the source of the TRITON critical infrastructure intrusion to a Russian government-owned research institute. An unnamed critical infrastructure facility was involved in the TRITON attack. FireEye was able to backtrack the malware, now identified as TEMP.Veles, to Russia by testing other types of malicious software that were used in…

Clandestine ‘GreyEnergy’ APT group spawned from BlackEnergy, NotPetya actors

By

Researchers from ESET yesterday exposed a previously undisclosed threat group that descended from TeleBots, the APT group known for launching the BlackEnergy trojan and NotPetya attacks against Ukraine in recent years. Dubbed GreyEnergy, the actor is comparable to the BlackEnergy group (which later changed strategies and became known as TeleBots or Sandworm) in that it…

North Carolina water utility ONWASA taken down by ransomware

By

The Onslow Water and Sewer Authority (ONWASA) in Jacksonville, N.C. was hit with a ransomware attack over the weekend that has all but shut down its computer operations. ONWASA, which is still recovering from the effects of Hurricane Florence, reported that its system came under attack from what it believes to be the EMOTET trojan on…

Researchers: Backdoor malware connects NotPetya culprits to Industroyer attack against Ukraine’s grid

By

Researchers are pointing to a recently discovered malicious backdoor as a key piece of evidence that apparently links the actors who launched the 2017 NotPetya ransomware attacks with the malicious hackers who disrupted Ukraine’s power grid the year before. The finding potentially helps to confirm ongoing suspicions among cyber experts that these notorious cyber incidents…

White House unveils initiatives to combat botnets

White House touts release of National Cyber Strategy

By

Eager to demonstrate a commitment to cybersecurity amidst criticisms over vulnerable election infrastructure, the White House yesterday unveiled its National Cyber Strategy. The plan is divided four “pillars” of strategy: protecting the homeland by fighting cybercrime and fortifying defenses, promoting American prosperity by adding cyber jobs and defending intellectual property, preserving peace through strength by…

Business traveller

Bristol airport hit with ransomware attack

By

The Bristol airport in the UK recently recovered from a ransomware attack which prompted the airport to take flight information screens offline in an effort to keep the attack contained. This action was taken on Friday and the screens were back in operation by Sunday in “key locations” including departures and arrivals while officials are…

Patched bug could have allowed attackers to remotely disconnect PLC devices from ICS systems

By

Energy management and automation firm Schneider Electric updated its Modicon M221 programmable logic controller for industrial controls systems after researchers discovered a vulnerability that could allow attackers to remotely disconnect the device. The flaw, designated CVE-2018-7789, is classified as an improper check for unusual or exception conditions. While such conditions wouldn’t normally occur, attackers can deliberately trigger them by sending…

Next post in IoT