Security News

The North Korean APT group 'Lazarus' is exploiting VMWare Horizon servers to access the corporate networks of energy providers in the United States, Canada, and Japan. Lazarus is a state-backed threat actor known for conducting espionage, data theft, and cryptocurrency stealing campaigns over the past decade.

The BlackCat/ALPHV ransomware gang claimed responsibility for an attack that hit the systems of Italy's energy agency Gestore dei Servizi Energetici SpA over the weekend. A GSE spokesperson disclosed that its website and systems were taken down to block the attackers from gaining access to the data after detecting the attack on Sunday night-GSE's website is still down, almost a week after the incident.

In this interview for Help Net Security, Katie Taitler, Senior Cybersecurity Strategista at Axonius, talks about cyber threats in the energy sector and what should be improved to make sure this sector is properly guarded. What are the reasons the energy sector is so unprepared for these growing cyber threats?

NET-based DNS backdoor to conduct attacks on companies in the energy and telecommunication sectors. A recent analysis by Zscaler presents a new DNS backdoor based on the DIG.net open-source tool to carry out "DNS hijacking" attacks, execute commands, drop more payloads, and exfiltrate data.

A research published by DNV reveals that energy executives anticipate life, property, and environment-compromising cyberattacks on the sector within the next two years. "It is concerning to find that some energy firms may be taking a 'hope for the best' approach to cybersecurity rather than actively addressing emerging cyber threats. This draws distinct parallels to the gradual adoption of physical safety practices in the energy industry over the past 50 years," said Solberg.

Vulnerabilities found in Bluetooth Low Energy gives hackers access to numerous devices. A critical flaw found in Bluetooth Low Energy receivers may grant cyber criminals entry to anything from personal devices, such as phones or laptops, to even cars and houses.

How password fatigue can cost organizations time, money and mental energy. For its study, "Measuring Password Fatigue: Usability and Cybersecurity Impacts," Beyond Identity surveyed 1,047 Americans, including more than 600 full-time employees, to determine how password fatigue is affecting their daily lives.

He asked Yubico for help deploying the security keys to the Ukrainian government. "We needed to have a lot of keys to deploy but we didn't have this amount of keys in our warehouse," he said.

The Russian state-sponsored hacking group known as Sandworm tried on Friday to take down a large Ukrainian energy provider by disconnecting its electrical substations with a new variant of the Industroyer malware for industrial control systems and a new version of the CaddyWiper data destruction malware. The threat actor used a version of the Industroyer ICS malware customized for the target high-voltage electrical substations and then tried to erase the traces of the attack by executing CaddyWiper and other data-wiping malware families tracked as Orcshred, Soloshred, and Awfulshred for Linux and Solaris systems.

The new FBI warning [PDF] came a day after the US Department of Justice unsealed a pair of indictments that detail alleged Russian government efforts to use supply chain attacks and malware in an attempt to compromise and control critical infrastructure. One of the two indictments involves Triton malware and its use in the 2017 attack.