Here's one reason why Iranian state hackers may have been able to target Israeli-made pressure-monitoring controllers used by American water systems: Nearly 150 of the controllers are exposed to the internet - and some still use the default password 1111.
The U.S. Cybersecurity and Infrastructure Security Agency urged critical infrastructure owners to patch systems after publishing a warning that Chinese hackers are evading detection and maintaining persistent unauthorized access in U.S. information technology environments.
The United States sanctioned senior leaders of the Iranian government cyber unit responsible for carrying out malicious cyber campaigns against American critical infrastructure sectors. The sanctions are a direct response to hacks against water system operators that use Israeli systems and software.
Leaders from the U.S. water sector testified to the House Subcommittee on Environment, Manufacturing and Critical Materials that entities across the country face funding and resource disparities as emerging threats from domestic and foreign cyber actors target the increasingly vulnerable industry.
The FBI launched a court-authorized sting operation against a Chinese hacking group known as Volt Typhoon, partnering with the Cybersecurity and Infrastructure Security Agency and a cohort of U.S. cyber agencies to prevent a major attack on the nation's critical infrastructure sectors.
The FBI and the U.S. Department of Justice used a court order to disrupt a Chinese hacking operation that compromised thousands of internet-connected devices and targeted sensitive areas of U.S. critical infrastructure, according to media reports.
Two major water providers in the U.S. and U.K. report that they recently fell victim to ransomware attacks. In both cases, attackers appear to have stolen employee or customer data that they're now holding to ransom. Ransomware trackers say known attacks, affecting all sectors, have been surging.
As cyberthreats evolve, mobile network operators need offensive security to maintain resilience. Traditional security, such as firewalls and encryption, is not sufficient on its own. Offensive security is proactive; it mimics the strategies of real attackers to stay ahead of potential threats.
The U.S. Cybersecurity and Infrastructure Security Agency published guidance for water and wastewater sector owners and operators to bolster their cyber defenses with comprehensive incident response plans and enhanced practices for sharing information with the federal government.
A December cyberattack on Ukraine's top telecom operator, which authorities in Kyiv attribute to the Russian military, will cost the parent company nearly $100 million. Ukraine in mid-December accused the Russian General Staff Main Intelligence Directorate of perpetuating the incident.
A U.S. federal agency tasked with ensuring the secure transportation of energy and hazardous materials is launching a series of initiatives to address an increase in cyberattacks, a top official said. Watchdogs have warned for years that action is urgently needed to better protect U.S. pipelines.
Switzerland's federal government reports that multiple federal agencies' public-facing sites were temporarily disrupted by distributed denial-of-service attacks perpetrated by a self-proclaimed Russian hacktivist group "as a means of gaining media attention for their cause."
The U.S. Cybersecurity and Infrastructure Security Agency is warning critical infrastructure owners and operators about the dangers associated with the increasing reliance on Chinese unmanned aircraft systems, warning their use in CI sectors "risks exposing sensitive information to PRC authorities."
A U.S. federal watchdog said government agencies could better synchronize efforts to improve water and wastewater sector cybersecurity efforts and faulted the Cybersecurity and Infrastructure Security Agency for not coordinating well with the Environmental Protection Agency.
As we bid farewell to 2023, Philip Reitinger, president and CEO of the Global Cyber Alliance, reflected on the state of global cyber hygiene, shedding light on what's working, what needs improvement, and the transformative shifts necessary to achieve a cyber-secure future.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.asia, you agree to our use of cookies.