Critical Infrastructure Protection


Today’s interdependent and interconnected world requires joint efforts and holistic approaches to protect critical infrastructure assets from the growing number of attacks and to address ever-evolving cyber threats to government, energy, healthcare, education, banking, transportation, telecommunication and other critical sectors.

With a dedicated section focusing on Critical Infrastructure protection, we aim to enhance cooperation and engage security professionals through news, articles and in-depth analysis of emerging threats and technologies.


NEWS

  • Fleeceware Apps Bank $400M in Revenue

    March 25, 2021

    About 204 different “fleeceware” applications with a combined billion+ downloads have raked in more than $400 million in revenue so far, via the Apple App Store and Google Play, analysis has revealed. Fleeceware apps generally offer users a free trial to “test” the app, before commencing automatic payments that can be exorbitant. In an analysis from ...

  • Threat landscape for industrial automation systems. Statistics for H2 2020

    March 25, 2021

    There is no longer a downward trend in the percentage of ICS computers on which malicious objects were blocked. Starting with the second half (H2) of 2019, we observed a decline in the percentages of ICS computers on which malicious objects were blocked. This was observed in industrial control systems (ICS) as well as in corporate ...

  • Fake Websites Used in COVID-19 Themed Phishing Attacks, Impersonating Brands Like Pfizer and BioNTech

    March 25, 2021

    In April 2020, we reported on a large influx of COVID-19 themed phishing attacks starting in February 2020. With March 2021 marking the one-year anniversary that the World Health Organization declared COVID-19 a pandemic, we revisited the phishing trends we observed in the past year to gain deeper insight into the various COVID-related topics that ...

  • EU, Japan, and the US Conducted Joint Cybersecurity Training

    March 24, 2021

    Early this month, the EU, Japan, and the US recently conducted a joint cybersecurity training program as part of a series of dialogues on digital policies held last February 2021. The dialogues led to an agreement to strengthen the countries’ partnership on issues like platform regulation and industrial research. The training program was developed over the ...

  • Thousands of UK taxpayers’ personal details potentially exposed online through councils’ debt-chasing texts

    March 23, 2021

    Bulk SMS messages sent by local councils across the UK contained weblinks leading to pages that freely exposed to the public thousands of taxpayers’ names, addresses, and outstanding debts, The Register can reveal. Text messages sent by Telsolutions Ltd on behalf of a dozen local authorities contained shortlinks to webpages urging council tax defaulters to pay ...

  • Ransomware gang leaks data stolen from Colorado, Miami universities

    March 23, 2021

    Grades and social security numbers for students at the University of Colorado and University of Miami patient data have been posted online by the Clop ransomware group. Starting in December, threat actors affiliated with the Clop ransomware operation began targeting Accellion FTA servers and stealing the data stored on them. Companies use these servers to share ...

  • Energy Giant Shell Is Latest Victim of Accellion Attacks

    March 23, 2021

    Energy giant Royal Dutch Shell is the latest victim of a series of attacks on users of the Accellion legacy File Transfer Appliance (FTA) product, which already has affected numerous companies and been attributed to the FIN11 and the Clop ransomware gang. “Shell has been impacted by a data-security incident involving Accellion’s File Transfer Appliance,” the ...

  • UK colleges and unis urged to prepare for ransomware before it’s too late

    March 23, 2021

    Britain’s National Cyber Security Centre (NCSC) has urged universities, schools, and colleges to be vigilant following an increase in ransomware attacks targeting educational institutions. “While operational details cannot be disclosed, the NCSC has dealt with a significant increase in the number of attacks since late February, when establishments were preparing to welcome students back to the ...

  • China takes aim at ‘spying’ Tesla cars, bans military staff use

    March 22, 2021

    Elon Musk has said Tesla would be “shut down” if accusations that the firm’s cars could be used for spying purposes were true. Last week, the Wall Street Journal reported that the Chinese government has restricted the use of Tesla vehicles in military and key, state-owned company settings. Military and government staff are reportedly not permitted to ...

  • How Can the Trucking Industry Secure Their Telematics?

    March 22, 2021

    The trucking sector is essential to countless other industries. Without reliable transportation, supply chains would crumble, and companies and consumers would face shortages. With so much riding on it, it’s no wonder why the industry has fully embraced technology like telematics in recent years. Telematics refers to the suite of technologies fleets use to share data ...

  • CISA: Detecting Post-Compromise Threat Activity Using the CHIRP IOC Detection Tool

    March 18, 2021

    This Alert announces the CISA Hunt and Incident Response Program (CHIRP) tool. CHIRP is a forensics collection tool that CISA developed to help network defenders find indicators of compromise (IOCs) associated with activity detailed in the following CISA Alerts: AA20-352A: Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations, which primarily focuses ...

  • SolarWinds-linked hacking group SilverFish abuses enterprise victims for sandbox tests

    March 18, 2021

    Cyberattackers involved in worldwide hacking campaigns are using the compromised systems of high-profile victims as playgrounds to test out malicious tool detection rates. On Thursday, Swiss cybersecurity firm Prodaft said that SilverFish (.PDF), an “extremely skilled” threat group, has been responsible for intrusions at over 4,720 private and government organizations including “Fortune 500 companies, ministries, airlines, ...

  • FBI Releases the Internet Crime Complaint Center 2020 Internet Crime Report, Including COVID-19 Scam Statistics

    March 17, 2021

    The FBI’s Internet Crime Complaint Center has released its annual report. The 2020 Internet Crime Report includes information from 791,790 complaints of suspected internet crime—an increase of more than 300,000 complaints from 2019—and reported losses exceeding $4.2 billion. State-specific statistics have also been released and can be found within the 2020 Internet Crime Report and ...

  • FBI warns of rise in PYSA ransomware operators targeting US, UK schools

    March 17, 2021

    The FBI has warned of a surge in attacks against schools in which ransomware operators are stealing data to pile on the pressure for payment. In a joint FBI and DHS-CISA flash industry alert (.PDF) this week, law enforcement said a recent increase in attacks leveraging PYSA ransomware, also known as Mespinoza, has been traced to ...