Critical Infrastructure Protection


Today’s interdependent and interconnected world requires joint efforts and holistic approaches to protect critical infrastructure assets from the growing number of attacks and to address ever-evolving cyber threats to government, energy, healthcare, education, banking, transportation, telecommunication and other critical sectors.

With a dedicated section focusing on Critical Infrastructure protection, we aim to enhance cooperation and engage security professionals through news, articles and in-depth analysis of emerging threats and technologies.


NEWS

  • Critical Infrastructure Protection & Resilience North America, March 11-13, 2025, Houston TX

    February 12, 2025

    Bringing together leading stakeholders from industry, operators, agencies, and governments to collaborate on securing North America See full speaker line-up here: https://ciprna-expo.com/speakers2025/ Register with promo code ‘CSR20’ to save 20% on delegate fees: https://ciprna-expo.com/buy-tickets/ There are 16 critical infrastructure sectors whose assets, systems, and networks, whether physical or virtual, are considered so vital to the United States that their ...

  • Ukraine’s defense intel launches cyber attack on Gazprom

    January 31, 2025

    On the anniversary of the Battle of Kruty, a cyber unit of Ukraine’s Main Intelligence Directorate launched a DDoS attack on the digital infrastructure of Russia’s Gazprom and Gazpromneft. In particular, Ukrainian cyber professionals attacked the online services of the enterprises that support the activities of the Russian army. From January 28, 2025, company clients were ...

  • Product Security Bad Practices

    January 17, 2025

    As outlined in the Cybersecurity and Infrastructure Security Agency’s (CISA’s) Secure by Design initiative, software manufacturers should ensure that security is a core consideration from the onset of software development and throughout the entirety of the development lifecycle. This voluntary guidance provides an overview of product security bad practices that are considered exceptionally risky, particularly for ...

  • China protests US sanctions for its alleged role in hacking, complains of foreign hacker attacks

    January 7, 2025

    China has slammed a decision by the U.S. Treasury to sanction a Beijing-based cybersecurity company for its alleged role in multiple hacking incidents targeting critical U.S. infrastructure, while the Chinese cyber security agency complained Monday of attacks on Chinese networks. Asked about the sanctions against Beijing-based Integrity Technology Group, Chinese Foreign Ministry spokesperson Guo Jiakun said ...

  • Ukraine Hit By Massive Cyber Attack

    December 20, 2024

    Ukraine government databases, described as critically important infrastructure, have been hit by a cyber attack that’s being blamed on Russia. Deputy prime minister Olha Stefanishyna said it was the largest external cyber attack on the state registers of Ukraine in recent times. “As a result of a targeted attack, the work of the Unified and State Registers, ...

  • Dragos Industrial Ransomware Analysis Q3 2024

    December 17, 2024

    The third quarter (July – September) of 2024 brought transformative shifts to the ransomware landscape, emphasizing its dynamic and continuously evolving nature. The ransomware threat ecosystem remained highly active in the third quarter, fueled by new groups, rebranding of existing entities, expansion of initial access broker operations, and proliferation of illicitly traded tools. Ransomware operators increasingly ...

  • US sanctions Chinese cybersecurity firm for firewall hacks targeting critical infrastructure

    December 10, 2024

    The U.S. sanctioned a Chinese cybersecurity company and one of its employees for exploiting a zero-day vulnerability in Sophos firewalls to target U.S. organizations. On Tuesday, the U.S. Treasury Department said Guan Tianfeng, an employee of Sichuan Silence, used the vulnerability to compromise approximately 81,000 firewalls in April 2020. The hacking campaign, detailed by Sophos in ...

  • NCIA experts enable Exercise Cyber Coalition 24

    December 6, 2024

    From 27 November to 6 December 2024, Exercise Cyber Coalition took place from the Cyber Range 14 in Tallinn, Estonia. Operating annually since 2008, Cyber Coalition is NATO’s flagship cyber defence exercise and one of the largest in the world. The 2024 edition of the exercise aims to further enhance NATO, Allies and partners’ resilience to ...

  • US critical infrastructure hit once again by a new group on the scene

    December 6, 2024

    Storm-0227, a Chinese state-sponsored advanced persistent threat (APT) actor started targeting critical infrastructure organizations, as well as government entities, in the United States. The group abuses software vulnerabilities and engages in spear phishing attacks to gain access to people’s devices. Once they get the access, they deploy different Remote Access Trojans (RAT) and other malware to ...