You are here

Home » Cybersecurity

Cybersecurity

Critical Infrastructure Resilience – Control Systems Upgrade Done Right Involves Cybersecurity

With control systems at water and wastewater utilities having been installed before cybersecurity was even a thing 20 - 30+ years ago, many utilities are now faced with having to replace those aged, insecure, and obsolete systems and devices. However, after such longevity, could there be a concern that once systems start being replaced, these new OT devices will follow a similar fate as their IT counterparts and commence on a path of having to be replaced every 5 years or less? Not necessarily.

Cybersecurity Awareness – National Computer Security Day, November 30, 2021

November 30, 2021 is National Computer Security Day, a yearly reminder to implement cybersecurity best practices to ensure your device and your organization’s network are secured against malicious threats. The pandemic has led to many employees using their home computers for remote work, leading to an expanding attack surface for threat actors to exploit. Despite the threats, there are a number of steps you can implement to ensure your home computer is secure.

Ransomware Resilience – Unpacking a Typical Ransomware Attack

Based on extensive experience, security researchers at IBM’s Security X-Force Incident Response team have discerned a predictable pattern that ransomware attacks follow. IBM researchers utilized this predictable pattern to break down a ransomware attack into five stages: Initial Access, Post-Exploitation, Understand and Expand, Data Collection and Exfiltration, and Ransomware Deployment. Initial access is gained most commonly through phishing or vulnerability exploitation.

BazarLoader Incorporates New Delivery Technique

The malware family BazarLoader has new tricks up its sleeves. The data theft motivated threat actors have updated BazarLoader’s delivery methods used to gain access to a victim’s network or device. BazarLoader’s new tactics include convincing victims to download compromised software installers such as TeamViewer, and delivering malware by exploiting ISO files. Experts believe these new delivery methods are likely an attempt to evade detection. Additionally, BazarLoader is known to be used for initial access by prominent ransomware families such as Conti.

Reminder for Critical Infrastructure to Stay Vigilant Against Threats During Holidays and Weekends

As the holiday season approaches, many are focused on shopping, cooking, and visiting relatives – cybersecurity is often forgotten. Cybercriminals, however, are aware of and regularly leverage these distractions to conduct attacks while our minds are elsewhere. This year, the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI are making sure stakeholders are aware of the potential risks going into the holiday season, in a newly released advisory.

Incident Notification – New GoDaddy Breach Impacts WordPress Data

Yesterday, GoDaddy filed a report with the Securities and Exchange Commission (SEC) for a security incident it discovered on November 17, 2021. The filing describes the discovery of unauthorized third-party access to their Managed WordPress hosting environment. According to the report, beginning on September 6, 2021 an unauthorized third party leveraged the vulnerability to gain access to the following customer information:

Think Tank Makes Far Reaching Federal Policy Recommendations for Water Sector Cybersecurity

Today, the Foundation for Defense of Democracies (FDD), a think tank aligned with the congressional Cyberspace Solarium Commission, released a research memo recommending a wide range of federal cybersecurity policy changes to improve water and wastewater cybersecurity. The memo, “Poor Cybersecurity Makes Water a Weak Link in Critical Infrastructure,” is expected to be translated into legislation for Congress to consider next year.

Pages

Subscribe to Cybersecurity