What's Your IT Question?

Want to know more about this topic or about us? Contact us!

All posts in Critical Infrastructure

Cybercriminals Batter Automakers With Ransomware, IP Theft Cyberattacks

While the industry focus is on vehicle hacking, when it comes to the automotive industry cybercriminals are opting for less complex and sophisticated attacks – from phishing to ransomware. Cybercriminals are recognizing that the data that automotive companies have to offer – from customer and employee personal identifiable information (PII) . . . Read more

Multiple Industrial Control System Vendors Warn of Critical Bugs

Four industrial control system vendors each announced vulnerabilities that ranged from critical to high-severity. Industrial control system firms Real Time Automation and Paradox both warned of critical vulnerabilities Tuesday that opened systems up to remote attacks by adversaries. Flaws are rated 9.8 out of 10 in severity by the industry . . . Read more

Nation-State Attackers Are Actively Targeting COVID-19 Vaccine-Makers

Three major APTs are involved in ongoing compromises at pharma and clinical organizations involved in COVID-19 research, Microsoft says. Three nation-state cyberattack groups are actively attempting to hack companies involved in COVID-19 vaccine and treatment research. Russia’s APT28 Fancy Bear, the Lazarus Group from North Korea and another North Korea-linked . . . Read more

Digging into the Dark Web: How Security Researchers Learn to Think Like the Bad Guys

Hacker forums are a rich source of threat intelligence. The Dark Web/Darknet continues to be an environment for bad actors to share stolen credentials and discuss successful attacks. In fact, in recent weeks, personal information from places ranging from education organizations to voter databases in the U.S. have been found . . . Read more

Bugs in Critical Infrastructure Gear Allow Sophisticated Cyberattacks

Security problems in Schneider Electric programmable logic controllers allow compromise of the hardware, responsible for physical plant operations. Two security vulnerabilities in Schneider Electric’s programmable logic controllers (PLCs) could allow attackers to compromise a PLC and move on to more sophisticated critical infrastructure attacks. PLCs are key pieces of equipment . . . Read more

From Triton to Stuxnet: Preparing for OT Incident Response

Lesley Carhart, with Dragos, gives Threatpost a behind-the-scenes look at how industrial companies are faring during the COVID-19 pandemic – and how they can prepare for future threats. From an irked former contractor in Australia sabotaging a sewage plant in 2000, to the more high-level 2017 Triton malware attacks on . . . Read more

Crippling Cyberattacks, Disinformation Top Concerns for Election Day

Cyber-researchers weigh in on what concerns them the most as the U.S. heads into the final weekend before the presidential election — and they also highlight the positives. What keeps researchers up at night leading up to Nov. 3 isn’t election-day winners and losers. Most cite possible attacks on local . . . Read more

Lax Security Exposes Smart-Irrigation Systems to Attack Across the Globe  

Systems designed by Mottech Water Management were misconfigured and put in place and connected to the internet without password protections. More than 100 smart-irrigation systems deployed across the globe were installed without changing the factory’s default, passwordless setting, leaving them vulnerable to malicious attacks, according to recent findings from Israeli . . . Read more