#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cloud Security

critical infrastructure | Breaking Cybersecurity News | The Hacker News

U.S. EPA Forms Task Force to Protect Water Systems from Cyberattacks

U.S. EPA Forms Task Force to Protect Water Systems from Cyberattacks

Mar 20, 2024 Critical Infrastructure / Network Security
The U.S. Environmental Protection Agency (EPA) said it's forming a new "Water Sector Cybersecurity Task Force" to devise methods to counter the threats faced by the water sector in the country. "In addition to considering the prevalent vulnerabilities of water systems to cyberattacks and the challenges experienced by some systems in adopting best practices, this Task Force in its deliberations would seek to build upon existing collaborative products," the EPA  said . In a letter sent to all U.S. Governors, EPA Administrator Michael Regan and National Security Advisor Jake Sullivan highlighted the need to secure water and wastewater systems (WWS) from cyber attacks that could disrupt access to clean and safe drinking water. At least two threat actors have been linked to intrusions targeting the nation's water systems, including those by an Iranian hacktivist group named  Cyber Av3ngers  as well as the China-linked  Volt Typhoon , which has targeted commu
Chinese Hackers Operate Undetected in U.S. Critical Infrastructure for Half a Decade

Chinese Hackers Operate Undetected in U.S. Critical Infrastructure for Half a Decade

Feb 08, 2024 Critical Infrastructure / Network security
The U.S. government on Wednesday said the Chinese state-sponsored hacking group known as  Volt Typhoon  had been embedded into some critical infrastructure networks in the country for at least five years. Targets of the threat actor include communications, energy, transportation, and water and wastewater systems sectors in the U.S. and Guam. "Volt Typhoon's choice of targets and pattern of behavior is not consistent with traditional cyber espionage or intelligence gathering operations, and the U.S. authoring agencies assess with high confidence that Volt Typhoon actors are pre-positioning themselves on IT networks to enable lateral movement to OT assets to disrupt functions," the U.S. government  said . The idea is to pre-position themselves on IT networks by maintaining persistence and understanding the target environment over time for disruptive or destructive cyber attacks against U.S. critical infrastructure in the event of a major crisis or conflict with the coun
Timing is Everything: The Role of Just-in-Time Privileged Access in Security Evolution

Timing is Everything: The Role of Just-in-Time Privileged Access in Security Evolution

Apr 15, 2024Active Directory / Attack Surface
To minimize the risk of privilege misuse, a trend in the privileged access management (PAM) solution market involves implementing just-in-time (JIT) privileged access. This approach to  privileged identity management  aims to mitigate the risks associated with prolonged high-level access by granting privileges temporarily and only when necessary, rather than providing users with continuous high-level privileges. By adopting this strategy, organizations can enhance security, minimize the window of opportunity for potential attackers and ensure that users access privileged resources only when necessary.  What is JIT and why is it important?   JIT privileged access provisioning  involves granting privileged access to users on a temporary basis, aligning with the concept of least privilege. This principle provides users with only the minimum level of access required to perform their tasks, and only for the amount of time required to do so. One of the key advantages of JIT provisioning
5 Reasons Why IT Security Tools Don't Work For OT

5 Reasons Why IT Security Tools Don't Work For OT

Jun 06, 2023 Operational Technology Security
Attacks on critical infrastructure and other OT systems are on the rise as digital transformation and OT/IT convergence continue to accelerate. Water treatment facilities, energy providers, factories, and chemical plants — the infrastructure that undergirds our daily lives could all be at risk. Disrupting or manipulating OT systems stands to pose real physical harm to citizens, environments, and economies. Yet the landscape of OT security tools is far less developed than its information technology (IT) counterpart. According to a recent  report from Takepoint Research and Cyolo , there is a notable lack of confidence in the tools commonly used to secure remote access to industrial environments.  Figure 1: New research reveals a large gap across industries between the level of concern about security risks and the level of confidence in existing solutions for industrial secure remote access (I-SRA). The traditional security strategy of industrial environments was isolation – isolatio
cyber security

WATCH: The SaaS Security Challenge in 90 Seconds

websiteAdaptive ShieldSaaS Security / Cyber Threat
Discover how you can overcome the SaaS security challenge by securing your entire SaaS stack with SSPM.
New COSMICENERGY Malware Exploits ICS Protocol to Sabotage Power Grids

New COSMICENERGY Malware Exploits ICS Protocol to Sabotage Power Grids

May 26, 2023 ICS/SCADA Security
A new strain of malicious software that's engineered to penetrate and disrupt critical systems in industrial environments has been unearthed. Google-owned threat intelligence firm Mandiant dubbed the malware  COSMICENERGY , adding it was uploaded to the VirusTotal public malware scanning utility in December 2021 by a submitter in Russia. There is no evidence that it has been put to use in the wild. "The malware is designed to cause electric power disruption by interacting with IEC 60870-5-104 (IEC-104) devices, such as remote terminal units ( RTUs ), that are commonly leveraged in electric transmission and distribution operations in Europe, the Middle East, and Asia," the company  said . COSMICENERGY is the latest addition to  specialized   malware  like Stuxnet, Havex, Triton, IRONGATE, BlackEnergy2, Industroyer, and PIPEDREAM, which are capable of sabotaging critical systems and wreaking havoc. Mandiant said that there are circumstantial links that it may have bee
China's Stealthy Hackers Infiltrate U.S. and Guam Critical Infrastructure Undetected

China's Stealthy Hackers Infiltrate U.S. and Guam Critical Infrastructure Undetected

May 25, 2023 Cyber Threat / Espionage
A stealthy China-based group managed to establish a persistent foothold into critical infrastructure organizations in the U.S. and Guam without being detected,  Microsoft  and  the "Five Eyes" nations  said on Wednesday. The tech giant's threat intelligence team is tracking the activity, which includes post-compromise credential access and network system discovery, under the name  Volt Typhoon . The state-sponsored actor is  geared  towards espionage and information gathering, with the cluster active since June 2021 and obscuring its intrusion footprint by taking advantage of tools already installed or built into infected machines. Some of the prominent sectors targeted include communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education. The company further assessed with moderate confidence that the campaign is "pursuing development of capabilities that could disrupt critical communications i
Supply Chain Attacks and Critical Infrastructure: How CISA Helps Secure a Nation's Crown Jewels

Supply Chain Attacks and Critical Infrastructure: How CISA Helps Secure a Nation's Crown Jewels

Apr 06, 2023 SCADA / Network Security
Critical infrastructure attacks are a preferred target for cyber criminals. Here's why and what's being done to protect them. What is Critical Infrastructure and Why is It Attacked? Critical infrastructure is the physical and digital assets, systems and networks that are vital to national security, the economy, public health, or safety. It can be government- or privately-owned. According to Etay Maor, Senior Director Security Strategy at  Cato Networks , "It's interesting to note critical infrastructure doesn't necessarily have to be power plants or electricity. A nation's monetary system or even a global monetary system can be and should be considered a critical infrastructure as well." These qualities make critical infrastructure a preferred target for cyber attacks. If critical infrastructure is disrupted, the impact is significant. In some cases, such cyber attacks on critical infrastructure have become another means of modern warfare. But unlike
SYS01stealer: New Threat Using Facebook Ads to Target Critical Infrastructure Firms

SYS01stealer: New Threat Using Facebook Ads to Target Critical Infrastructure Firms

Mar 07, 2023 Data Safety / Cyber Threat
Cybersecurity researchers have discovered a new information stealer dubbed SYS01stealer targeting critical government infrastructure employees, manufacturing companies, and other sectors since November 2022. "The threat actors behind the campaign are targeting Facebook business accounts by using Google ads and fake Facebook profiles that promote things like games, adult content, and cracked software, etc. to lure victims into downloading a malicious file," Morphisec said in a report shared with The Hacker News. "The attack is designed to steal sensitive information, including login data, cookies, and Facebook ad and business account information." The Israeli cybersecurity company said the campaign was initially tied to a financially motivated cybercriminal operation  dubbed Ducktail  by Zscaler. However, WithSecure, which  first documented  the Ducktail activity cluster in July 2022, said the  two intrusion sets  are different from one another, indicating ho
Five Eyes Nations Warn of Russian Cyber Attacks Against Critical Infrastructure

Five Eyes Nations Warn of Russian Cyber Attacks Against Critical Infrastructure

Apr 21, 2022
The Five Eyes nations have released a  joint cybersecurity advisory  warning of increased  malicious attacks  from Russian state-sponsored actors and criminal groups targeting critical infrastructure organizations amidst the ongoing military siege on Ukraine. "Evolving intelligence indicates that the Russian government is exploring options for potential cyberattacks," authorities from Australia, Canada, New Zealand, the U.K., and the U.S.  said . "Russia's invasion of Ukraine could expose organizations both within and beyond the region to increased malicious cyber activity. This activity may occur as a response to the unprecedented economic costs imposed on Russia as well as material support provided by the United States and U.S. allies and partners." The  advisory  follows  another alert  from the U.S. government cautioning of nation-state actors deploying specialized malware to maintain access to industrial control systems (ICS) and supervisory control an
U.S. Charges 4 Russian Govt. Employees Over Hacking Critical Infrastructure Worldwide

U.S. Charges 4 Russian Govt. Employees Over Hacking Critical Infrastructure Worldwide

Mar 25, 2022
The U.S. government on Thursday released a cybersecurity advisory outlining multiple intrusion campaigns conducted by state-sponsored Russian cyber actors from 2011 to 2018 that targeted the energy sector in the U.S. and beyond. "The [Federal Security Service] conducted a multi-stage campaign in which they gained remote access to U.S. and international Energy Sector networks, deployed ICS-focused malware, and collected and exfiltrated enterprise and ICS-related data," the U.S. government  said , attributing the attacks to an APT actor known as  Energetic Bear . In addition, the Justice Department  charged  four Russian government employees, including three officers of the Russian Federal Security Service and a computer programmer at the Central Scientific Research Institute of Chemistry and Mechanics (TsNIIKhM), for their roles in carrying out the attacks on oil refineries, nuclear facilities, and energy companies. The four Russian nationals are Pavel Aleksandrovich Akul
U.S. Senate Passes Cybersecurity Bill to Strengthen Critical Infrastructure Security

U.S. Senate Passes Cybersecurity Bill to Strengthen Critical Infrastructure Security

Mar 03, 2022
The U.S. Senate unanimously  passed  the " Strengthening American Cybersecurity Act " on Tuesday in an attempt to bolster the cybersecurity of critical infrastructure owners in the country. The new  bipartisan legislation , among other things, stipulates entities that experience a cyber incident to report the attacks within 72 hours to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), in addition to alerting the agency about ransomware payments within 24 hours. Furthermore, affected organizations are required to preserve relevant data and promptly share updates "to a previously submitted covered cyber incident report if substantial new or different information becomes available or if the covered entity makes a ransom payment after submitting a covered cyber incident report." The Strengthening American Cybersecurity Act of 2022 combines three different bills: the Cyber Incident Reporting Act ( CIRA ), the Federal Information Security Management A
China-linked Daxin Malware Targeted Multiple Governments in Espionage Attacks

China-linked Daxin Malware Targeted Multiple Governments in Espionage Attacks

Mar 01, 2022
A previously undocumented espionage tool has been deployed against selected governments and other critical infrastructure targets as part of a long-running espionage campaign orchestrated by China-linked threat actors since at least 2013. Broadcom's Symantec Threat Hunter team characterized the backdoor, named  Daxin , as a technologically advanced malware, allowing the attackers to carry out a variety of communications and information-gathering operations aimed at entities in the telecom, transportation, and manufacturing sectors that are of strategic interest to China. "Daxin malware is a highly sophisticated rootkit backdoor with complex, stealthy command-and-control (C2) functionality that enables remote actors to communicate with secured devices not connected directly to the internet," the U.S. Cybersecurity and Infrastructure Security Agency (CISA)  said  in an independent advisory. The implant takes the form of a Windows kernel driver that implements an elabor
FBI, NSA and CISA Warns of Russian Hackers Targeting Critical Infrastructure

FBI, NSA and CISA Warns of Russian Hackers Targeting Critical Infrastructure

Jan 12, 2022
Amid renewed tensions between the U.S. and Russia over  Ukraine  and  Kazakhstan , American cybersecurity and intelligence agencies on Tuesday released a joint advisory on how to detect, respond to, and mitigate cyberattacks orchestrated by Russian state-sponsored actors. To that end, the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and National Security Agency (NSA) have laid bare the tactics, techniques, and procedures (TTPs) adopted by the adversaries, including spear-phishing, brute-force, and  exploiting known vulnerabilities  to gain initial access to target networks. The list of flaws exploited by Russian hacking groups to gain an initial foothold, which the agencies said are "common but effective," are below — CVE-2018-13379  (FortiGate VPNs) CVE-2019-1653  (Cisco router) CVE-2019-2725  (Oracle WebLogic Server) CVE-2019-7609  (Kibana) CVE-2019-9670  (Zimbra software) CVE-2019-10149  (Exim Simple Mail Transf
Multiple Critical Flaws Discovered in Honeywell Experion PKS and ACE Controllers

Multiple Critical Flaws Discovered in Honeywell Experion PKS and ACE Controllers

Oct 06, 2021
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday  released  an advisory regarding multiple security vulnerabilities affecting all versions of Honeywell Experion Process Knowledge System C200, C200E, C300, and ACE controllers that could be exploited to achieve remote code execution and denial-of-service (DoS) conditions. "A Control Component Library (CCL) may be modified by a bad actor and loaded to a controller such that malicious code is executed by the controller," Honeywell  noted  in an independent security notification published earlier this February. Credited with discovering and reporting the flaws are Rei Henigman and Nadav Erez of industrial cybersecurity firm Claroty. Experion Process Knowledge System (PKS) is a distributed control system ( DCS ) that's designed to control large industrial processes spanning a variety of sectors ranging from petrochemical refineries to nuclear power plants where high reliability and security is imp
Critical Flaws Discovered in Popular Industrial Remote Access Systems

Critical Flaws Discovered in Popular Industrial Remote Access Systems

Oct 01, 2020
Cybersecurity researchers have found critical security flaws in two popular industrial remote access systems that can be exploited to ban access to industrial production floors, hack into company networks, tamper with data, and even steal sensitive business secrets. The flaws,  discovered  by Tel Aviv-based OTORIO, were identified in B&R Automation's SiteManager and GateManager, and MB Connect Line's mbCONNECT24, two of the popular remote maintenance tools used in automotive, energy, oil & gas, metal, and packaging sectors to connect to industrial assets from anywhere across the world. Six Flaws in B&R Automation's SiteManager and GateManager According to an  advisory published by the US Cybersecurity and infrastructure Security Agency (CISA) on Wednesday, successful exploitation of the B&R Automation vulnerabilities could allow for "arbitrary information disclosure, manipulation, and a denial-of-service condition." The flaws, ranging from p
US Govt Warns Critical Industries After Ransomware Hits Gas Pipeline Facility

US Govt Warns Critical Industries After Ransomware Hits Gas Pipeline Facility

Feb 19, 2020
The U.S. Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) earlier today issued a warning to all industries operating critical infrastructures about a new ransomware threat that if left unaddressed could have severe consequences. The advisory comes in response to a cyberattack targeting an unnamed natural gas compression facility that employed spear-phishing to deliver ransomware to the company's internal network, encrypting critical data and knocking servers out of operation for almost two days. "A cyber threat actor used a spear-phishing link to obtain initial access to the organization's information technology network before pivoting to its operational technology network. The threat actor then deployed commodity ransomware to encrypt data for impact on both networks," CISA noted in its alert. As ransomware attacks continue to escalate in frequency and scale , the new development is yet another indication that p
DHS Orders Federal Agencies to Patch Critical Flaws Within 15 Days

DHS Orders Federal Agencies to Patch Critical Flaws Within 15 Days

May 01, 2019
In recent years, we have seen how hackers prey on those too lazy or ignorant to install security patches, which, if applied on time, would have prevented some devastating cyber attacks and data breaches that happened in major organisations. The United States Department of Homeland Security (DHS) has ordered government agencies to more swiftly plug the critical security vulnerabilities found on their networks within 15 calendar days since the initial detection, a reduction from 30 days. DHS's Cybersecurity and Infrastructure Security Agency (CISA) this week issued a new Binding Operational Directive (BOD) 19-02 instructing federal agencies and departments to address "critical" rated vulnerabilities within 15 days and "high" severity flaws within 30 days of initial detection. The countdown to patch a security vulnerability will start when it was initially detected during CISA's weekly Cyber Hygiene vulnerability scanning, rather than it was the firs
FireEye: Russian Research Lab Aided the Development of TRITON Industrial Malware

FireEye: Russian Research Lab Aided the Development of TRITON Industrial Malware

Oct 24, 2018
Cybersecurity firm FireEye claims to have discovered evidence that proves the involvement of a Russian-owned research institute in the development of the TRITON malware that caused some industrial systems to unexpectedly shut down last year, including a petrochemical plant in Saudi Arabia. TRITON , also known as Trisis, is a piece of ICS malware designed to target the Triconex Safety Instrumented System (SIS) controllers made by Schneider Electric which are often used in oil and gas facilities. Triconex Safety Instrumented System is an autonomous control system that independently monitors the performance of critical systems and takes immediate actions automatically if a dangerous state is detected. Since malware of such capabilities can't be created by a computer hacker without possessing necessary knowledge of Industrial Control Systems (ICS), researchers believe with "high confidence" that Moscow-based lab Central Scientific Research Institute of Chemistry and
Cybersecurity Resources