critical infrastructure | Breaking Cybersecurity News | The Hacker News

The IT threat landscape has changed dramatically over the last three-four years. With no shortage of threat actors, from hacktivists to nation-states, criminals to terrorists, all of them are now after something new. It's no more just about stealing your money, credit cards and defacing websites, as now they are after the intellectual property, mass attacks and most importantly, our critical infrastructures. We have long-discussed nightmare scenarios of cyber attacks against nation's critical infrastructure, but now these scenarios have come to the real world, and we have seen many such incidents in the past years. The latest example is cyber attacks against Ukrainian power grid . Just two weeks back, Ukraine's national power company Ukrenergo confirmed that electricity outage on 17-18th December last year was caused by a cyber attack. Such sophisticated cyber attacks have revealed the extent of vulnerabilities in the systems that are operating the most critic

Security researchers have discovered a new campaign targeting energy companies in Western Europe with a sophisticated malware that almost goes to great lengths in order to remain undetected while targeting energy companies. Researchers from SentinelOne Labs discovered the malware, which has already infected at least one European energy company, is so sneaky and advanced that it is likely believed to be the work of a wealthy nation. The malware, dubbed ' SFG ', contains about 280 kilobytes of code, featuring a vast arsenal of tools rarely seen in ordinary malware samples. It takes " extreme measures " to cleverly and stealthily evade a large number of security defenses before it drops its payload. The malware dismantles antiviruses processes one-by-one until the malware is finally safe to uninstall them all. It also encrypts key features of its code so that it could not be discovered and analyzed. It'll not execute itself if it senses it's being run in

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,