Cyberattacks on Critical Infrastructures Witness Sharp Rise During the Pandemic

CISA | June 05, 2020

  • The coronavirus pandemic has spawned a huge increase in cyberthreats and attacks. While much of this is aimed at consumers, a lot has also targeted companies whose employees must now access critical infrastructure.

  • CISA published a set of cybersecurity best practices for ICS, which the agency acknowledges are important for supporting critical infrastructure and maintaining national security.

  • IT security professionals are much more worried about cyberattacks on critical infrastructure than they are about data breaches in the enterprise.


The coronavirus pandemic has spawned a huge increase in cyberthreats and attacks. While much of this is aimed at consumers, a lot has also targeted companies whose employees must now access critical infrastructure, such as industrial control systems (ICS) and operational technology (OT) networks, from home.But that critical infrastructure, which keeps modern society going even during a pandemic, is seriously under-protected against cyberattacks, say recent reports from cybersecurity companies.“Critical infrastructure” means more than the obvious utility companies, water systems, and transportation networks. In defining essential workers during Covid-19-related lockdowns, the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) lists 16 categories of critical infrastructure.


Last month, CISA published a set of cybersecurity best practices for ICS, which the agency acknowledges are important for supporting critical infrastructure and maintaining national security. These attacks have been building for some time. A Siemens/Ponemon Institute study last October found that 56% of gas, wind, water and solar utilities around the world had experienced at least one cyberattack within the previous year that caused a shutdown or loss of operation data. Only 42% of respondents — those responsible for OT cybersecurity — said their cyber readiness was high, and only 31% said their readiness to respond to or to contain a breach was high. Smaller organizations were much less confident about their ability to take action.



Read more: CISCO'S 6 UNPATCHED INTERNAL SERVERS COMPROMISED

Our survey found the more integrated IT, OT, IoT and physical systems are, the greater the degree of security, but because they are so integrated, these systems are more vulnerable to attack.

~ said Carcano


Since last year, a growing number of known threat groups have been specifically targeting electric utilities in North America, according to a January report from ICS/OT cybersecurity firm Dragos. In February, IT/OT cybersecurity firm Claroty discovered a new vulnerability related to the notorious Industroyer malware, used in the 2016 attack on the Ukraine power grid. Especially disturbing, the new vulnerability allows a DOS (denial of service) attack against protection relays used in electrical substations. A report Claroty published in March found that a clear majority of IT security professionals are much more worried about cyberattacks on critical infrastructure than they are about data breaches in the enterprise. That’s consistent among respondents in the U.S., the UK, Germany, France and Australia.

CISA published a set of cybersecurity best practices for ICS, which the agency acknowledges are important for supporting critical infrastructure and maintaining national security.


What’s less consistent is the gloomier outlook U.S. respondents have compared to their international counterparts about how much protection is still needed: more than half say U.S. critical infrastructure is vulnerable to attacks, versus 40% of international respondents. But all respondents agreed that electric power is by far the most vulnerable sector. Although some responses vary between domestic and international cybersecurity pros, “They’re more alike than they are different,” Claroty’s co-founder and chief business development officer Galina Antova, told EE Times. “There are some differences based on the vertical sectors, but even within them, a lot depends on the maturity of the security team. At the end of the day, what counts is the maturity of the security systems that team is implementing. On average, U.S. companies are ahead in the security curve when it comes to awareness and starting the implementation steps.”


In the last three years, more companies have become actively engaged in implementing OT cybersecurity, said Antova. Organizational changes that give responsibility for OT security to the chief information security officer will mean that necessary alignments between IT and OT teams happen faster, and these are happening faster in the U.S. than in Europe. However, local legal structures also play a part. For example, in some verticals in Europe, the head of production for certain types of facilities has legal responsibility for the cybersecurity of those facilities, so there are some stricter regulations in Europe compared to the US. The joint survey by OT and IoT cybersecurity company Nozomi Networks and Newsweek Vantage interviewed C-level executives at critical infrastructure companies in North America, Europe, and the Asia/Pacific region. It found that 85% of respondents had experienced security incursions into OT networks. Of those, 36% began as incursions in IT or data systems and 32% were physical incursions into OT systems.


Read more: GOOGLE TOP CHOICE FOR CYBERCRIMINALS FOR BRAND-IMPERSONATION SPEAR-PHISHING CAMPAIGNS

Spotlight

Cyber crime only affects big organisations . You only need antivirus and firewall software 31% of micro and small businesses reported breaches in 2018. Meanwhile, 60% of medium firms were attacked – just 1% less than large companies. Antivirus is important, but it’s difficult to defend against new threats before they make into malware databases. Software firewalls, meanwhile, are okay for home computers, but businesses need to protect whole networks, and hardware firewalls are the most effective, efficient way of doing so.


Other News
DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Veristor Partners with SANS Security Awareness to Deliver Employee Security Awareness Training

Veristor Systems, Inc. | September 28, 2022

Veristor Systems, Inc., a trusted provider of transformative business technology solutions, and SANS Security Awareness, the global leader in providing security awareness training, today announce that Veristor has become a certified provider of SANS Security Awareness' comprehensive suite of products to enable a data-driven approach to cybersecurity training for an organization's end users. "Researchers from Stanford University found that as much as 88% of all data breaches are caused by an employee mistake. "This shows that end users are the most critical vulnerability gap in today's enterprise. Yet if properly trained, they can also be the most resilient security defense – a human firewall. Together with the experts from SANS Security Awareness we are helping customers guard their environments with an army of well-trained employees. With proven training to spot and act when suspicious activity arises, users can take an active role in preventing the growing wave of cyberattacks." Daniel Martin, Principal Security Consultant, vCISO, Veristor The SANS Security Awareness suite of dynamic multilingual computer-based training, games, phishing simulations, and engagement materials teach vital security behaviors to effectively manage human cyber risk. With different training styles to match different corporate cultures, employee comprehension levels, and learning preferences, SANS Security Awareness training equips workforces to recognize and prevent current cyberattacks, including work-from-home threats. The platform delivers valuable metrics to measure the effectiveness of each program, and customization features to tailor training to meet specific organizational needs." With some groups requiring even greater specialized training, in addition to addressing core human behavior risk topics, SANS Security Awareness also offers secure development and coding techniques, understanding NERC CIP compliance requirements, and handling Industrial Control Systems (ICS) incidents. "We are very pleased to be partnering with the cybersecurity experts at Veristor to provide the SANS Security Awareness program to their customers," said Brad Stilling, Director of Global Sales for SANS Security Awareness. "Regular awareness training is an essential activity for organizations looking to ensure security and compliance. When employees feel informed and empowered to recognize and address cyber risks, they can protect the organization. With SANS Security Awareness, Veristor customers are now better positioned to detect and prevent cyber-attacks." For organizations starting their awareness training journey, Veristor delivers a SANS Human Risk Insight assessment to identify program cost reductions, eliminate unneeded staff training, and create risk metrics to baseline and benchmark an organization's human cyber risk. The SANS Security Awareness training solutions are now offered as a part of Veristor's suite of security solutions that are designed to solve business challenges through the intelligent application of next-generation security technology. About Veristor Systems, Inc. Veristor, which recently announced a merger with Anexinet, is a leading provider of transformative business technology solutions that helps its customers accelerate the time-to-value for the software, infrastructure and systems they deploy. We do this by harnessing deep expertise in today's most advanced data center, security, networking, hybrid cloud, and big data technologies and guiding businesses to the right solutions for their most pressing challenges. And with a full suite of design, deployment, support, and managed service offerings, we work shoulder-to-shoulder with our customers at every step of their technology journey to make technology truly work for them. About SANS Security Awareness SANS Security Awareness provides organizations with a complete and comprehensive security awareness solution, enabling them to easily and effectively manage their human cybersecurity risk. SANS Security Awareness has worked with over 1,300 organizations and trained over 6.5 million people around the world. The SANS Security Awareness program offers globally relevant, expert authored tools and training to enable individuals to shield their organization from attacks and a fleet of savvy guides and resources to work with you every step of the way.

Read More

DATA SECURITY,ENTERPRISE IDENTITY,SOFTWARE SECURITY

Wib Raises $16 Million Investment to Accelerate Growth and Tackle Rising API Security Problem

Wib | November 08, 2022

Wib, the fast-growth cybersecurity startup pioneering a new era in API security, today announced a $16 million investment led by Koch Disruptive Technologies (KDT), the growth and venture arm of Koch Industries, Inc, with participation from Kmehin Ventures, Venture Israel, Techstars and existing investors. The investment will be used to enhance Wib's pioneering holistic API security platform and accelerate international growth as it expands operations across the Americas, UK and EMEA. API security is one of the biggest challenges facing CIOs today. Traditional API security solutions are siloed and fragmented, leaving CIOs with a choice of multiple point products or bolt-on integrations to create a patchworked solution. This results in increased cost and complexity, reduced visibility and control, and greater exposure to risk. Wib's holistic API security platform is the only solution to provide complete visibility across the entire API landscape, from code to production, helping unify software developers, cyber defenders, and CIOs around a single holistic view of their complete API domain. By delivering rigorous real-time inspection, management, and control at every stage of the API lifecycle, Wib can automate inventory and API change management; identify rogue, zombie and shadow APIs and analyse business risk and impact, helping organisations to reduce and harden their API attack surface. "APIs have become the Achilles heel of cyber defenses and the number one threat vector for cyber-attacks. "APIs account for 91% of today's internet traffic with over 50% being invisible to business IT and security teams. These unknown, unmanaged, and unsecured APIs are creating massive blind spots for CIOs that expose critical business logic vulnerabilities and increase risk. Gil Don, CEO and Co-Founder of Wib "What's more, traditional and legacy web security approaches, like WAFs and API Gateways, were never designed to protect against modern logic-based vulnerabilities. The Wib platform has been purposely built for an API driven world creating a new category of API native security." A recent report by industry research firm GigaOm, placed Wib as a "fast mover" in the "leaders" category, stating, "Wib is a new company but brings a strong enough offering to jump straight into the leaders category" and "Wib is a new entrant in this space, but it offers a comprehensive solution." Wib was also called out for its capability in "source code analysis with an eye toward API weaknesses is Wib's greatest strength." The report ranks Wib's API Runtime Protection, Monitoring and Reporting as exceptional in its focus and execution. This is a real testament to the Wib's innovative API security platform and approach. About Wib Wib is pioneering a new era in API security with its industry first holistic API security platform. Providing continuous and complete visibility and control across the entire API ecosystem, Wib enables developers to code with confidence and security teams to secure with surety.

Read More

PLATFORM SECURITY, SOFTWARE SECURITY

Netpluz strengthens cybersecurity offerings for SME customers across the Asia Pacific

Netpluz | October 12, 2022

Netpluz, a one-stop Managed Communications Service Provider in the region, has teamed up with two leading security platforms, Stellar Cyber and Ridge Security, to provide more comprehensive cybersecurity services for Small and Medium-sized Enterprises (SMEs) across the Asia Pacific. Netpluz eSentinel™ is a cloud-based, all-in-one managed cybersecurity platform that offers comprehensive protection of confidentiality, integrity, and availability of computer systems and networks against cyber-attacks and unauthorized access. The partnerships with Stellar Cyber and Ridge Security will significantly enhance the cyber defence capabilities of eSentinel™ in two main areas, namely Managed SOC (Security Operations Centre) and VAPT (Vulnerability Assessment and Penetration Testing). With the adoption of Stellar Cyber's Open XDR platform and ingestion of data from multiple different sources, eSentinel™ Managed SOC service will offer high-fidelity threat detection and incident correlation through AI, automated threat hunting and response. MTTD (Mean Time to Detect) and MTTR (Mean Time to Respond) will also improve tremendously by more than eight and twenty times, respectively. Ridge Security's pioneering product, RidgeBot®, is an intelligent risk-based vulnerability management and automated pentest robot that value-adds to eSentinel™ VAPT service. RidgeBot® acts like human attackers, relentlessly locating exploits and documenting the findings. Unlike humans, RidgeBot® comes armed with dynamic attack strategies to exploit before moving on to the next target. "With digitalization accelerated by the pandemic, adopting technology as part of strategic growth is now at the forefront of many organizational agendas, even for SMEs. In fact, we see SMEs looking at digitalization for business and growth opportunities in the long term – driving stronger demand for managed cybersecurity services. "Responding to this demand, we are thrilled to work with Stellar Cyber and Ridge Security to deliver enterprise-grade and cost-effective managed cybersecurity services to businesses in the Asia Pacific." Mr Lau Leng Fong, Chief Executive Officer of Netpluz Such collaborations extend Netpluz's comprehensive selection of business-focused solutions and align with the company's vision to be the top Managed Communications Service Provider in the Asia Pacific. With the evolving digital landscape, cybersecurity is now an integral part of communication services and an even more significant concern for SMEs. Unlike large enterprises, SMEs are often more vulnerable to cyber-attacks due to the lack of strong technological defences, less awareness of threats, and a shortage of talents and resources to invest in cybersecurity. This is where Netpluz comes in. With an increasing focus on offering managed cybersecurity services, Netpluz has established a high-availability Security Network Operation Centre (SNOC) spanning its regional operations, to provide round-the-clock monitoring, detection and response of its customers' IT devices, systems, and network infrastructure. To further strengthen its cybersecurity capabilities and processes, Netpluz has also attained certifications, including CREST Certification, CSA Cyber Trust mark (Advocate), ISO/IEC: 27001:2013, and MTCS Standard. Netpluz is also a Cybersecurity Service Provider (CSP) licensed by the Cyber Security Agency of Singapore (CSA), enabling the company to provide secure and reliable services to customers in Singapore and across the Asia Pacific region. About Netpluz Netpluz is a transforming Managed Communications Service Provider that helps clients become more agile by simplifying their Information and Communications Technology (ICT) needs. With humble beginnings in 2015 serving business internet connectivity, acquisition of MediaRing business assets and merger of Y5Zone Singapore in 2016, Netpluz has evolved from an Internet Service Provider (ISP) to providing Managed Data, Cloud, Cybersecurity, Voice, Video, and Mobility services to over 2,000 clients over a single, converged network with uncompromising availability, scalability and service standards. Backed by decades of industry expertise, experience and global technology partners, Netpluz managed services are designed and operationalized with cost efficiency to fit business needs. With an unwavering dedication to delivering quality services to its clients, Netpluz aspires to become the top Managed Communications Service Provider in the Asia Pacific. About Stellar Cyber Stellar Cyber's Open XDR platform delivers Everything Detection and Response by ingesting data from all tools, automatically correlating alerts into incidents across the entire attack surface, delivering fewer and higher-fidelity incidents, and responding to threats automatically through AI and machine learning. Its XDR Kill Chain™, fully compatible with the MITRE ATT&CK framework, is designed to characterize every aspect of modern attacks while remaining intuitive to understand. This reduces enterprise risk through early and precise identification and remediation of all attack activities while slashing costs, retaining investments in existing tools and accelerating analyst productivity. The company is based in Silicon Valley. About Ridge Security Ridge Security enables enterprise and web application teams, ISVs, governments, education, DevOps, anyone responsible for ensuring software security to affordably and efficiently test their systems. The management team has years of networking and security experience. Ridge Security's robotic security validation system RidgeBot, fully automates the penetration testing process and emulates adversary attacks to validate an organization's cybersecurity posture.

Read More

DATA SECURITY, SOFTWARE SECURITY, WEB SECURITY TOOLS

Legit Security Discovers and Helps Remediate Software Supply Chain Vulnerabilities in Google Firebase & Apache Open-Source Projects

Legit Security | September 16, 2022

Legit Security, a cyber security company with an enterprise platform to secure an organization’s software supply chain, today announced that it discovered software supply chain attack vulnerabilities in popular open-source projects from Google and Apache. The discovered vulnerability affects GitHub, an extremely popular Source Code Management (SCM) system at the heart of many organization’s software supply chains and used by software developers globally. The Legit Security research team found a new type of CI/CD vulnerability called “GitHub Environment Injection” that allows attackers to take control of the vulnerable project's GitHub Actions CI/CD pipeline. Any GitHub user could exploit this vulnerability to modify the project’s source code, steal secrets, move laterally and attack inside the organization, and ultimately initiate a SolarWinds-like supply chain attack. The vulnerability was found in the Google Firebase project and in a very popular integration framework project from Apache. Both Google and Apache acknowledged and fixed the vulnerabilities after an initial disclosure by Legit Security. Legit Security has published a technical disclosure blog on their website including guidance for organizations to remediate this vulnerability. Legit Security’s Research Team discovered that a specially crafted payload written to a GitHub environment variable called “GITHUB_ENV” could allow an attacker to execute code on the target pipeline and thereby modify the source code or compromise the repository itself. This attack can be initiated by any GitHub user and is very easy to implement just by creating a “pull request” or a proposed change to the source code. The mere act of submitting the pull request will trigger the vulnerable build action and carry out a successful compromise and the attacker does not need to be subjected a code review approval from the source code maintainer for it to take effect. The Legit Security team disclosed these issues to Google and Apache project maintainers, along with remediation guidelines, and verified that these vulnerabilities weren’t exploited by a malicious actor. Both projects have been fixed and are now safe. However, these are not the only projects susceptible to this kind of attack. Since using the GITHUB_ENV file is currently considered the “safe” way to change environment variables in GitHub Actions, many repositories are using workflows that write untrusted data into this file, leaving them exposed to supply chain attacks. “This type of vulnerability joins many other software supply chain vulnerabilities and attacks targeting popular open-source projects, including GitHub, which is the largest and the de facto host of most open-source projects. “We, as a security community, must build the tools and processes to address these threats and allow organizations to trust software and use it safely. Here at Legit Security our mission is to secure every organization’s software supply chain and we are active conducting security research and collaborating on initiatives to achieve this goal." Liav Caspi, CTO and co-founder of Legit Security According to Gartner®, nearly half of organizations worldwide will experience an attack on their software supply chains by 2025, a three-fold increase from 2021. There has been a huge rise in attempts to compromise open-source projects and CI/CD build services, including GitHub Actions, to enable wide ranging attacks through software supply chains. For in-depth analysis of the GitHub Environment Injection vulnerability, along with broader information and guidance on how to protect your organization from software supply chain attacks, please visit the Legit Security website and blog. About Legit Security Legit Security protects software supply chains from attack by automatically discovering and securing the pipelines, infrastructure, code and people so that businesses can stay safe while releasing software fast. Legit provides an easy to implement SaaS platform that supports both cloud and on-premises resources and combines automated discovery and analysis capabilities with hundreds of security policies developed by industry experts with real-world SDLC security experience. This integrated platform keeps your software factory secure and provides continuous assurance that your applications are released without vulnerabilities.

Read More

Spotlight

Cyber crime only affects big organisations . You only need antivirus and firewall software 31% of micro and small businesses reported breaches in 2018. Meanwhile, 60% of medium firms were attacked – just 1% less than large companies. Antivirus is important, but it’s difficult to defend against new threats before they make into malware databases. Software firewalls, meanwhile, are okay for home computers, but businesses need to protect whole networks, and hardware firewalls are the most effective, efficient way of doing so.

Resources