Cyberattacks on Critical Infrastructures Witness Sharp Rise During the Pandemic

CISA | June 05, 2020

  • The coronavirus pandemic has spawned a huge increase in cyberthreats and attacks. While much of this is aimed at consumers, a lot has also targeted companies whose employees must now access critical infrastructure.

  • CISA published a set of cybersecurity best practices for ICS, which the agency acknowledges are important for supporting critical infrastructure and maintaining national security.

  • IT security professionals are much more worried about cyberattacks on critical infrastructure than they are about data breaches in the enterprise.


The coronavirus pandemic has spawned a huge increase in cyberthreats and attacks. While much of this is aimed at consumers, a lot has also targeted companies whose employees must now access critical infrastructure, such as industrial control systems (ICS) and operational technology (OT) networks, from home.But that critical infrastructure, which keeps modern society going even during a pandemic, is seriously under-protected against cyberattacks, say recent reports from cybersecurity companies.“Critical infrastructure” means more than the obvious utility companies, water systems, and transportation networks. In defining essential workers during Covid-19-related lockdowns, the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) lists 16 categories of critical infrastructure.


Last month, CISA published a set of cybersecurity best practices for ICS, which the agency acknowledges are important for supporting critical infrastructure and maintaining national security. These attacks have been building for some time. A Siemens/Ponemon Institute study last October found that 56% of gas, wind, water and solar utilities around the world had experienced at least one cyberattack within the previous year that caused a shutdown or loss of operation data. Only 42% of respondents — those responsible for OT cybersecurity — said their cyber readiness was high, and only 31% said their readiness to respond to or to contain a breach was high. Smaller organizations were much less confident about their ability to take action.



Read more: CISCO'S 6 UNPATCHED INTERNAL SERVERS COMPROMISED

Our survey found the more integrated IT, OT, IoT and physical systems are, the greater the degree of security, but because they are so integrated, these systems are more vulnerable to attack.

~ said Carcano


Since last year, a growing number of known threat groups have been specifically targeting electric utilities in North America, according to a January report from ICS/OT cybersecurity firm Dragos. In February, IT/OT cybersecurity firm Claroty discovered a new vulnerability related to the notorious Industroyer malware, used in the 2016 attack on the Ukraine power grid. Especially disturbing, the new vulnerability allows a DOS (denial of service) attack against protection relays used in electrical substations. A report Claroty published in March found that a clear majority of IT security professionals are much more worried about cyberattacks on critical infrastructure than they are about data breaches in the enterprise. That’s consistent among respondents in the U.S., the UK, Germany, France and Australia.

CISA published a set of cybersecurity best practices for ICS, which the agency acknowledges are important for supporting critical infrastructure and maintaining national security.


What’s less consistent is the gloomier outlook U.S. respondents have compared to their international counterparts about how much protection is still needed: more than half say U.S. critical infrastructure is vulnerable to attacks, versus 40% of international respondents. But all respondents agreed that electric power is by far the most vulnerable sector. Although some responses vary between domestic and international cybersecurity pros, “They’re more alike than they are different,” Claroty’s co-founder and chief business development officer Galina Antova, told EE Times. “There are some differences based on the vertical sectors, but even within them, a lot depends on the maturity of the security team. At the end of the day, what counts is the maturity of the security systems that team is implementing. On average, U.S. companies are ahead in the security curve when it comes to awareness and starting the implementation steps.”


In the last three years, more companies have become actively engaged in implementing OT cybersecurity, said Antova. Organizational changes that give responsibility for OT security to the chief information security officer will mean that necessary alignments between IT and OT teams happen faster, and these are happening faster in the U.S. than in Europe. However, local legal structures also play a part. For example, in some verticals in Europe, the head of production for certain types of facilities has legal responsibility for the cybersecurity of those facilities, so there are some stricter regulations in Europe compared to the US. The joint survey by OT and IoT cybersecurity company Nozomi Networks and Newsweek Vantage interviewed C-level executives at critical infrastructure companies in North America, Europe, and the Asia/Pacific region. It found that 85% of respondents had experienced security incursions into OT networks. Of those, 36% began as incursions in IT or data systems and 32% were physical incursions into OT systems.


Read more: GOOGLE TOP CHOICE FOR CYBERCRIMINALS FOR BRAND-IMPERSONATION SPEAR-PHISHING CAMPAIGNS

Spotlight

Sensor nodes in military environments such as a battlefield or a hostile region are likely to suffer from intermittent network connectivity and frequent partitions. Disruption-Tolerant Network (DTN) technologies are becoming successful solutions that allow wireless devices carried by soldiers to communicate with each other and access the confidential information or command reliably by exploiting external storage nodes. Some of the most challenging issues in this scenario are the enforcement of authorization policies and the policies update for secure data retrieval. Ciphertext - Policy Attribute-Based Encryption (CP-ABE) is a promising cryptographic solution to the access control issues. 


Other News
SOFTWARE SECURITY

Noetic Cyber Delivers Platform Update to Bring Data Science into Cyber Asset Management

Noetic Cyber | June 06, 2022

Noetic Cyber, an innovator in Cybersecurity Asset Attack Surface Management (CAASM), today announced the availability of a new version of its Continuous Cyber Asset Management and Controls platform. The latest version of the Noetic platform is focused on delivering immediate time to value for security teams by identifying high priority security gaps and exploitable vulnerabilities, using innovative data science techniques. Since its public launch in July 2021, Noetic has been working with security leaders in the United States and the United Kingdom to help them reduce their growing attack surface and improve their cybersecurity posture. The challenge these cyber leaders often face is to understand cyber risk across complex environments, where assets can exist for a short period of time in public or private cloud platforms, as well as having to manage legacy on-premises workloads. To gain the insights needed to be effective, they need confidence in their data quality, full visibility across all assets and contextual intelligence to help prioritize decision making. "The continued innovation we are delivering reflects the expanding use cases we see across our customer base. "Security teams are putting cyber asset intelligence at the heart of their security programs and our ability to continuously adapt and respond to changing environments is critical to their success." Paul Ayers, CEO and co-founder, Noetic Cyber Delivering Immediate Time to Value Security teams need to know what assets they have, and understand which ones are creating the most cyber risk. Noetic is delivering innovative cyber asset intelligence to help customers assess their current cyber posture readiness and focus the security team's efforts on the highest priority activities. The Noetic platforms helps customers successfully do this with: External Cyber Asset Intelligence – Mapping industry data including CISA's Known Exploited Vulnerabilities catalog, MITRE ATT&CK® mitigations and others to provide greater context on asset risk and exposure. Coverage Gap dashboards –Helping security teams quickly identify common and easily resolved security coverage gaps. Support for ad-hoc security data – Many organizations keep important information on critical applications or security risks in spreadsheets. Noetic's new data ingestion capability supports importing ad-hoc data into the model. Simplifying and Extending Cyber Asset Management use cases The Noetic platform uses Graph database technology to map cyber relationships between assets. This innovative technology approach enables Noetic to navigate deep hierarchies and find hidden connections, providing the context to help security teams to make more informed decisions. The latest release of the Noetic platform builds on native Graph capabilities to deliver additional value such as: Understanding & improving data quality –Noetic's new data analytics feature automatically and continuously analyzes data for each different source for completeness and accuracy, providing a data quality score. Simplifying Graph queries – Noetic has adopted openCypher, a widely used open query language. Noetic has developed a graphical point-and-click UI to guide security analysts through the steps of creating powerful relationship-based queries with little or no training. Supporting Cloud and On-premises applications – Organizations need to protect assets across public and private clouds, as well as traditional on-premises networks. Noetic Outpost supports secure ingestion from behind the corporate firewall, and private clouds. "The challenge of identifying and managing assets in the context of cybersecurity has grown considerably in recent years," said Dr. Ed Amoroso, CEO of TAG Cyber. "Noetic's innovations are important as their ability to prioritize and automate helps security teams to focus on critical areas of cyber risk." About Noetic Cyber Noetic provides a proactive approach to cyber asset and controls management, empowering security teams to see, understand, fix and improve their security posture and enterprise ecosystem. Our goal is to improve security tools and control efficacy by breaking down existing siloes and improving the entire security ecosystem. Founded in 2019, Noetic is based in Boston and London.

Read More

DATA SECURITY

Netskope Revolutionizes Data Protection with Patented Lightweight, Cloud-Powered Endpoint Data Loss Prevention

Netskope | May 24, 2022

Netskope, the leader in Security Service Edge (SSE) and zero trust,announced a key expansion of data protection capabilities to endpoint devices and private apps. The introduction of a patented endpoint data loss prevention (DLP) solution will enable Netskope Intelligent SSE customers to protect data everywhere it moves across the hybrid enterprise. Zero trust principles are critical to SSE, which describes the security stack needed to enable a modern Secure Access Service Edge (SASE) architecture. Data protection is of utmost importance throughout a SASE architecture—specifically, the need for security to move with data wherever it is accessed, and apply zero trust to determine the right level of access. Additionally, legacy and endpoint DLP offerings have failed enterprises by being siloed, complicated, and intrusive, hindering user productivity. Netskope has been consistently recognized by top industry analysts for its advanced data protection capabilities. With today's continued expansion of the Netskope Intelligent SSE platform, Netskope customers will be able to protect data across SaaS, IaaS, private applications, web, e-mail, and endpoint devices from a single converged data protection solution, leveraging machine learning, user and entity behavior analytics (UEBA), and insider threat mitigation capabilities to improve security efficacy, efficiency, and agility. Notable features of Endpoint DLP include: Context-aware, zero trust data protection on local peripherals and devices, such as USB drives and printers Unified data classification, policy enforcement, and incident management for DLP across SaaS, IaaS, private apps, web, e-mail, and endpoint devices A patented lightweight endpoint agent with cloud-based inspection and contextual data protection policies that enhance the user experience Machine learning and Advanced Analytics to help simplify data classification and policy definition, lowering operational overhead UEBA, which makes it possible to identify and stop complex data loss scenarios such as insider risk, where users are unintentionally or even maliciously abusing their access to data "No SASE or zero trust journey will be successful without data protection capabilities that can address all critical use cases in a way that is easy to deploy and doesn't slow down users, The introduction of Endpoint DLP extends Netskope's award-winning data protection capabilities that much further, to critical use cases with endpoint devices. While some competitors may offer unified policy and management or provide data protection for certain vectors, Netskope is the only vendor that can provide truly converged data protection across the full IT environment. We are very excited to deliver Endpoint DLP to customers as another Netskope game-changer." John Martin, Chief Product Officer, Netskope "With Netskope's new eDLP, we can now offer single-pass data protection —across all vectors, from the cloud to the endpoint —with unified policies, within a single management console," said Mick Coady, Global Vice President CyberSecurity Solutions, World Wide Technology. "As a Platinum Partner in Netskope's Evolve partner program, we're seeing the huge growth opportunity that Netskope's Intelligent SSE approach represents. This new addition will accelerate that growth." A work-from-anywhere, or "hybrid," environment makes it increasingly difficult to maintain security models based on implicit trust in any entity that wants to connect. Zero trust principles enable organizations to govern access to data based on behavior by users, devices, networks, and applications— increasing confidence in policy enforcement everywhere. By evaluating several contextual elements—user identity, device identity and security posture, time of day, geolocation, business role, sensitivity level of the data, and more—the resource itself can determine an appropriate level of confidence, or trust, only for that specific interaction and only for that specific resource. Using Netskope Intelligent SSE with zero trust principles applied throughout the environment, businesses become more agile, reduce risk, and streamline solution deployment and maintenance. "DLP has been extremely complicated and cumbersome, and that's before you factor in cloud, web, email, private apps, and endpoints," said Frank Dickson, IDC Group Vice President, Security & Trust. "Netskope looks to address complexity with integration, providing a unified cloud delivered solution. Compared to old school network and endpoint-based DLP solutions, having DLP in this integrated solution makes it dramatically easier to protect data wherever it may be and in a manner that is frictionless for end users. It is a win-win." About Netskope Netskope, a global cybersecurity leader, is redefining cloud, data, and network security to help organizations apply zero trust principles to protect data. The Netskope Intelligent Security Service Edge (SSE) platform is fast, easy to use, and secures people, devices, and data anywhere they go. Netskope helps customers reduce risk, accelerate performance, and get unrivaled visibility into any cloud, web, and private application activity. Thousands of customers, including more than 25 of the Fortune 100, trust Netskope to address evolving threats, new risks, technology shifts, organizational and network changes, and new regulatory requirements.

Read More

DATA SECURITY

Futurex Announces Support for Google Cloud External Key Manager

Futurex | October 12, 2021

Futurex’s key management technology and Google Cloud EKM give customers more control over encryption keys to maximize data security, privacy, and compliance BULVERDE, Texas, October 12, 2021 — Futurex, a leader in hardened, enterprise-class data security solutions, today announced support for Google Cloud External Key Manager (EKM), giving customers more control over encryption keys. Google Cloud EKM gives users full separation between their data and encryption keys, enabling users to create, store, and manage their encryption keys in a third-party key management service (KMS) — such as Futurex’s key management servers (KMES). Users can turn to Futurex KMES Series 3, a FIPS 140-2 Level 3-validated key management enterprise server, or Futurex's VirtuCrypt cloud service to handle all cryptographic key lifecycle management to maximize data security, privacy, and compliance. “We continue to add security and flexibility for Google Cloud users, giving them full control of the location, distribution, and access of their externally-managed keys,” said Bahul Harikumar, Head of Infrastructure Security Partnerships at Google Cloud. “Google Cloud EKM and Futurex give users more security options and more control.” Futurex’s robust key management platform is globally available and highly scalable, providing a versatile, external key service using fully-validated HSM and cloud technology. In addition to solutions for Google Cloud External Key Manager, Futurex’s KMES Series 3 offers: Cloud key management Data protection Public key infrastructure (PKI) Certificate Authority (CA) Code signing Vaultless tokenization Integration with numerous 3rd-party applications and services “Google Cloud’s commitment to encryption is evidenced by its support for external key management partners and we are thrilled to support Google Cloud EKM with our FIPS 140-2 Level 3-validated systems,” said Ryan Smith, vice president, global business development, at Futurex. “Futurex’s centralized encryption makes everything easier by fulfilling multiple key management use cases in a single platform.” Futurex’s Google Cloud EKM can be deployed via Futurex on-premises key management servers, Futurex’s VirtuCrypt Cloud, or an on-premises/cloud hybrid. For more information on Futurex’s support for Google Cloud EKM, visit futurex.com. Google Cloud will be showcasing its Cloud EKM at its Google Cloud Next ‘21 conference, taking place October 12-14, 2021. About Futurex For more than 40 years, Futurex has been a trusted provider of hardened, enterprise-class data security solutions. More than 15,000 organizations worldwide, including financial services providers and corporate enterprises, have used Futurex’s innovative hardware security modules, key management servers, and enterprise-class cloud solutions to address their mission-critical systems, data security, and cryptographic needs. This includes the secure encryption, storage, transmission, and certification of sensitive data. For more information, please visit futurex.com.

Read More

PLATFORM SECURITY

OpenText Security Cloud Powers and Protects Businesses

OpenText | June 03, 2022

OpenText™ , a global leader in information management, today announced an expanded suite of security solutions to address the heightened state of cyber security in today's vulnerable world. With OpenText, organizations of every size can protect their data and systems against evolving threats. OpenText is showcasing new and enhanced security offerings that strengthen cyber resilience for SMBs, government agencies, and enterprises at this year's RSA Conference in San Francisco at booths #4214, #4221 and #1535. Real-time threat intelligence is an essential component of a business's cyber resilience strategy. Further to the findings from the 2022 BrightCloud Threat Report, new quarterly findings released today from BrightCloud® Threat Intelligence show: 1122% increase in phishing in the first quarter of 2022 compared to 2021 Q1 phishing numbers, indicating a buck in the trend of hackers taking holiday in Q1; For the first time, Instagram broke into the top five most impersonated brands for phishing, demonstrating increased targeting of younger users; and 36.1% reduction in malware encounters for customers using both endpoint and DNS protection versus only endpoint protection, reinforcing the added efficacy benefit of securing DNS and using layered security. To ensure cyber resilience, organizations must deploy strong, multi-layered security and data protection policies to prevent, respond, and quickly recover from threats. OpenText has expanded its security offerings with new technology and increased capabilities that enable businesses to confidently power and protect information continuously at the data, application, infrastructure, and edge layers with intelligence and insights across the perimeter and endpoints. "With security risks escalating worldwide and a persistent state of evolving threats, compromises are inevitable, security remains job number one," said Mark J. Barrenechea, OpenText CEO and CTO. "Through our breadth of OpenText Security Cloud, we make it easier for businesses to increase their cyber resilience posture and protect themselves against threats. And if a vulnerability unfortunately leads to a breech, our solutions enable quick detection, response, and recovery to minimize disruption." "Texas Tech University Health Sciences Center, (TTUHSC), a large medical school serving more than 100 counties in the western portion of Texas, needed a trusted partner to help us protect our operations from cyberattacks. OpenText MxDR has been responding to our needs effectively and because it is a 24X7X365 service, our experience has been seamless," said TTUHSC, ISO, Lane Timmons. About OpenText OpenText, The Information Company™, enables organizations to gain insight through market leading information management solutions, powered by OpenText Cloud Editions.

Read More

Spotlight

Sensor nodes in military environments such as a battlefield or a hostile region are likely to suffer from intermittent network connectivity and frequent partitions. Disruption-Tolerant Network (DTN) technologies are becoming successful solutions that allow wireless devices carried by soldiers to communicate with each other and access the confidential information or command reliably by exploiting external storage nodes. Some of the most challenging issues in this scenario are the enforcement of authorization policies and the policies update for secure data retrieval. Ciphertext - Policy Attribute-Based Encryption (CP-ABE) is a promising cryptographic solution to the access control issues. 

Resources