energy cybersecurity – WindowsTechs.com

Hacker honeypot shows even amateurs are going after ICS systems

Posted on August 7, 2018 by Sean Lyngaas

While stories of nation-state backed hackers threatening the U.S. power sector garner regular headlines, a new experiment highlights the risk of unintended consequences when less-skilled adversaries target the sector. Researchers from Cybereason, a Boston-based company, set up a honeypot in mid-July that mimicked a utility substation’s network environment, drawing the attention of a determined attacker that repeatedly disabled the honeypot’s security system. The hacker’s attempts to be conspicuous, coupled with some sloppy work, told researchers that they were not part of any advanced persistent threat (APT) group that is linked with a nation-state. “It’s not script kiddies, but I’m not convinced that it’s APT either,” said Ross Rustici, senior director of intelligence at Cybereason. “[That] is a red flag for me because they’re very focused, but they’re making mistakes.” While the spotlight has been on nation-state threats to the energy grid, Rustici told CyberScoop, “one of the more concerning and […]

The post Hacker honeypot shows even amateurs are going after ICS systems appeared first on Cyberscoop.

Continue reading Hacker honeypot shows even amateurs are going after ICS systems→

Rick Perry: U.S. must use technology prowess to defend power grid

Posted on June 4, 2018 by Sean Lyngaas

The United States must harness its technical know-how to defend energy infrastructure from advanced hacking, Energy Secretary Rick Perry said Monday, touting his department’s investments in cybersecurity research and development. Cyberattacks have gotten easier to carry out and their sophistication, scale and frequency have increased, Perry said in a speech at a Department of Energy conference in Austin. “The sustained and growing threat of cyberattacks to our energy infrastructure requires us to think differently, to act proactively,” the former Texas governor said. That means investing in new technologies to fortify the grid against hackers whose toolkits are only expanding, according to Perry. DOE in April announced $25 million in funding for research and development to boost cybersecurity in energy delivery systems. Last September, the department awarded $50 million through its national laboratories to improve energy-sector resiliency, including about $20 million in cybersecurity projects. With the unveiling of a new cybersecurity strategy […]

The post Rick Perry: U.S. must use technology prowess to defend power grid appeared first on Cyberscoop.

Continue reading Rick Perry: U.S. must use technology prowess to defend power grid→

Rick Perry: U.S. must use technology prowess to defend power grid

Posted on June 4, 2018 by Sean Lyngaas

The post Rick Perry: U.S. must use technology prowess to defend power grid appeared first on Cyberscoop.

Continue reading Rick Perry: U.S. must use technology prowess to defend power grid→

New vuln discovered in Schneider Electric software, patches already issued

Posted on May 2, 2018 by Sean Lyngaas

A significant vulnerability in Schneider Electric software used at manufacturing and energy facilities could allow hackers to execute arbitrary code and,”in a worst-case scenario, disrupt or cripple plant operations,” cybersecurity firm Tenable announced Wednesday. According to the Maryland-based company, an attacker without credentials could use the vulnerability to compromise Schneider Electric software used to develop – and build applications for – the human machine interfaces (HMIs) and supervisory control and data acquisition (SCADA) systems that drive industrial automation. After compromising a machine, a hacker could move laterally within an organization’s network to carry out other attacks, according to Tenable. Schneider Electric issued patches for the software – versions of InduSoft Web Studio and InTouch Machine Edition – and urged affected customers to swiftly apply them lest an attacker use the vulnerability to “remotely execute code with high privileges.” “This Schneider Electric vulnerability is particularly concerning because of the potential access it grants […]

The post New vuln discovered in Schneider Electric software, patches already issued appeared first on Cyberscoop.

Continue reading New vuln discovered in Schneider Electric software, patches already issued→

Energy sector hacking campaign targeted more than 15 U.S. firms

Posted on July 17, 2017 by Chris Bing

More than 15 different U.S. energy companies received phishing emails as part of a recently uncovered hacking operation, based on a list of targeted organizations provided to CyberScoop by a person familiar with the ongoing investigation. While evidence exists that ties these attackers to similar, past intrusion attempts against energy firms in Ireland and Turkey, the most recent wave of phishing emails — which began around early May — appears to have only been sent to U.S. companies, cybersecurity researchers and one government official told CyberScoop. As this story was being published, there were reports of a fresh attack in Ireland that had similarities to what happened in the U.S. Sources told CyberScoop that approximately 18 companies had received the phishing emails, with other incidents being investigated for ties to the same attackers. The number of facilities affected is currently unclear, as the targeted email accounts could be tied to […]

The post Energy sector hacking campaign targeted more than 15 U.S. firms appeared first on Cyberscoop.

Continue reading Energy sector hacking campaign targeted more than 15 U.S. firms→