Collaborate Disseminate
Industrial organizations face a growing list of digital threats these days. Back in April 2019, for instance, FireEye revealed that it had observed an additional intrusion by the threat group behind the destructive TRITON malware at another critical in… Continue reading NIST SP 1800-23, Energy Sector Asset Management: Securing Industrial Control Systems
If you worked in a US company in the utilities sector and received an email notification telling you that you’ve failed your “Fundamentals of Engineering” NCEES exam, would you download the attached Word file to check what’s up?… Continue reading US utilities targeted with spear-phishing emails impersonating engineering licensing board
Malicious actors are targeting critical infrastructure (CNI) sites and energy distribution facilities exponentially. Interconnected systems in the energy industry increase vulnerabilities, and cyber attacks often go undetected for some time. As energy … Continue reading Cyber espionage and sabotage attacks pose an increasing threat to the energy industry
The network of power plants and lines connecting to homes and businesses is widely considered to be among the most critical infrastructure in the world. It’s also one of the most frequently attacked, with consequences that could potentially reach… Continue reading Evaluating the biggest cyber threats to the electric power sector
The top Democrats on the House and Senate energy committees have urged the Department of Homeland Security to assess cyber and physical protections for natural gas and oil pipelines following an audit that criticized the department’s approach to the issue. “The results of this assessment will help policymakers evaluate the security of our nation’s energy assets,” Sen. Maria Cantwell, D-Wash., and Rep. Frank Pallone, Jr., D-N.J. wrote to Homeland Security Secretary Kirstjen Nielsen on Wednesday. Operators of the nation’s 2.7 million miles of pipelines for oil, natural gas, and other hazardous liquids have grappled with cybersecurity risk as their infrastructure becomes more digitized. Those pipelines are a natural target for nation-state hackers, a Federal Energy Regulatory Commission official said in August, according E&E News. Cantwell and Pallone, Jr., said much more needs to be done to counter the threat. They were reacting to a Government Accountability Office audit that found […]
The post Lawmakers ask DHS to take action on pipeline cybersecurity appeared first on CyberScoop.
Continue reading Lawmakers ask DHS to take action on pipeline cybersecurity
Stealing administrative credentials to carry out months-long spy campaigns is a top threat. Continue reading Utilities, Energy Sector Attacked Mainly Via IT, Not ICS
ESET researchers believe they have found evidence that the TeleBots APT was behind the December 2016 attacks against the Ukraine energy sector that resulted in blackouts throughout the country: a backdoor dubbed Exaramel. The missing evidence With APT … Continue reading Researchers link Industroyer to NotPetya
Energy-management software giant Schneider Electric has alerted customers that they may have received malware-laced USB drives in recent shipments of some of the company’s products. The USB drives contained product documentation and “non-essential software utilities” in support of Schneider Electric’s Conext Combox and Conext Battery Monitor solar-power-related products, the company said in a security advisory dated Aug. 24. Some USB drives shipped with the products “were contaminated with malware during manufacturing by one of our suppliers,” the advisory states. The USB drives do not contain operational software and the products’ operational security is therefore unaffected, according to Schneider Electric. “All major anti-malware” scanners can detect and block the malware, the company said. “Users are strongly encouraged to securely discard any USB removable media provided with these products,” the advisory says. “Users who believe they may have used one of the potentially-affected USB removable media are encouraged to perform a full scan […]
The post Schneider Electric snafu shows the need to stay vigilant over supply chain appeared first on Cyberscoop.
Continue reading Schneider Electric snafu shows the need to stay vigilant over supply chain
US cities using smart meters narrowly escaped a legal problem this month when a court decided that the benefits of these IoT devices outweighed the privacy issues created by collecting detailed home energy data. Continue reading Using smart meter data constitutes a search, but court allows them anyway
Iranian hackers might be the next criminal group to be worried about, after the country has joined the ranks of Russia, North Korea, the US and African countries when it comes to cyberespionage operations. Research carried out by Accenture Security iDe… Continue reading Middle Eastern energy sector at risk, top target of Iranian hackers