Security News

In this Help Net Security interview, Aaron Crow, Senior Director at MorganFranklin Consulting, discusses critical infrastructure cybersecurity strategies, barriers to threat information sharing, and innovative technologies enhancing resilience against cyberattacks. How do current cybersecurity strategies address the critical infrastructure sectors' unique needs and vulnerabilities?

The U.S. Treasury Department has sanctioned a Wuhan-based company used by the Chinese Ministry of State Security as cover in attacks against U.S. critical infrastructure organizations. The Office of Foreign Assets Control has also designated two Chinese nationals linked to the APT31 Chinese state-backed hacking group and who worked as contractors for the Wuhan Xiaoruizhi Science and Technology Company, Limited MSS front company for their involvement in the same attacks and "Endangering U.S. national security."

The use of hybrid multicloud models is forecasted to double over the next one to three years as IT decision makers are facing new pressures to modernize IT infrastructures because of drivers like AI, security, and sustainability, according to Nutanix. "Whether it be because of AI, sustainability, or security imperatives, IT organizations are facing ever-increasing pressure to modernize their IT infrastructure quickly," said Lee Caswell, SVP, Product and Solutions Marketing at Nutanix.

The US government has recommended a series of steps that critical infrastructure operators should take to prevent distributed-denial-of-service attacks. The joint guide, entitled Understanding and Responding to Distributed Denial-Of-Service Attacks [PDF], distinguishes between denial-of-service and DDoS attacks.

CISA, the NSA, the FBI, and several other agencies in the U.S. and worldwide warned critical infrastructure leaders to protect their systems against the Chinese Volt Typhoon hacking group. Together with the NSA, the FBI, other U.S. government agencies, and partner Five Eyes cybersecurity agencies, including cybersecurity agencies from Australia, Canada, the United Kingdom, and New Zealand, it also issued defense tips on detecting and defending against Volt Typhoon attacks.

With temporary failures of critical infrastructure on the rise in the recent years, 81% of US residents are worried about how secure critical infrastructure may be, according to MITRE and The Harris Poll. Public views cyberattacks as greatest risk to critical infrastructure.

In this Help Net Security video, Mike Britton, CISO at Abnormal Security, discusses how energy and infrastructure organizations face an increased risk of business email compromise and vendor email compromise attacks. According to Abnormal Security data, from February 2023 to July 2023, the average number of BEC weekly attacks was 0.53 per 1,000 mailboxes.

"Our Web-Based PLC malware resides in PLC memory, but ultimately gets executed client-side by various browser-equipped devices throughout the ICS environment. From there, the malware uses ambient browser-based credentials to interact with the PLC's legitimate web APIs to attack the underlying real-world machinery," the researchers explained. "While previous attacks on PLCs infect either the control logic or firmware portions of PLC computation, our proposed malware exclusively infects the web application hosted by the emerging embedded webservers within the PLCs," the researchers noted.

In this Help Net Security video, Michelle Alvarez, Strategic Threat Analysis Manager at IBM X-Force, discusses the 2024 X-Force Threat Intelligence Index, revealing top threats and trends the team observed last year across its global engagements and how these shifts are forming the threat landscape in 2024 and beyond. X-Force observed shifts toward credential-driven attacks with a 71% increase in attacks caused by using valid accounts.

"Cybercriminals continue to adjust their tactics, and the FBI has observed emerging ransomware trends, such as the deployment of multiple ransomware variants against the same victim and the use of data-destruction tactics to increase pressure on victims to negotiate," according to the IC3 report. Crooks had no qualms about infecting critical infrastructure organizations with ransomware.