30 Jan 2019

Medical devices are woefully insecure. This public-private partnership working to fix that.

The Healthcare Sector Coordinating Council, a public-private partnership of hospitals and medical devices working on critical infrastructure security and resilience, has published a joint security plan document outlining a series of vulnerabilities and needed improvements in the industry. Essentially a “to-do list” for manufacturers, it highlights the current vulnerabilities of

Read More
08 Jan 2019

Pamex adjusts logistics to combat $3 billion/yr in stolen fuel; shortages occur across Mexico

In an effort to reduce gasoline theft, State oil company Petroleos Mexicanos (Pamex) has changed their distribution methods, resulting in shortages and long lines at refueling stations across 6 states. Fuel theft in the country had risen from around $500,000 USD per year in the early 2000s to around $3

Read More
21 Dec 2018

With eye on China, Germany toughens rules for foreign buyouts

“Germany was Wednesday set to toughen rules on non-EU share purchases and acquisitions of its strategic companies, amid growing disquiet about takeovers by Chinese firms. It plans to lower the threshold where reviews apply to foreign purchase offers of 10 percent of companies, down from 25 percent now. Germany and

Read More
21 Dec 2018

Plan to Dumb-Down the Power Grid In Name of Cybersecurity Passes Senate

The Senate passed a measure to establish a two-year pilot program to investigate the possibilities of analog systems to be integrated into the U.S. power grid in order to prevent cyber vulnerabilities. Introduced in 2017 and approved by the Energy and Natural Resources Committee, a mirror version of the “retro

Read More
14 Dec 2018

Operation Sharpshooter Takes Aim at Global Critical Assets

“Operation Sharpshooter uses a new implant to target mainly English-speaking nuclear, defense, energy and financial companies. Researchers have detected a widespread reconnaissance campaign using a never-before-seen implant framework to infiltrate global defense and critical infrastructure players — including nuclear, defense, energy and financial companies. The campaign, dubbed Operation Sharpshooter, began

Read More
13 Dec 2018

Russian Critical Infrastructure Targeted by Profit-Driven Cybercriminals

“Several critical infrastructure organizations in Russia have been targeted by hackers believed to be financially-motivated cybercriminals rather than state-sponsored cyberspies. An analysis of malicious Word documents led researchers at endpoint security firm Cylance to discover fake websites set up to impersonate the legitimate sites of Russian oil giant Rosneft and

Read More
06 Dec 2018

FBI: Watch out for Iranian SamSam malware

DHS and the FBI shared a joint alert on December third regarding the critical infrastructure threat posed by the Iranian SamSam virus. The ultimate purpose of the virus is the successful intrusion and takeover of a network for the purpose of extorting a ransom (ransomware). The alert recommended strong passwords,

Read More
29 Nov 2018

Russian Hackers Haven’t Stopped Probing the US Power Grid

“At the CyberwarCon forum in Washington, DC on Wednesday, researchers from threat intelligence firm FireEye noted that while the US grid is relatively well-defended, and difficult to hit with a full-scale cyberattack, Russian actors have nonetheless continue to benefit from their ongoing vetting campaign. ‘There’s still a concentrated Russian cyber

Read More
14 Nov 2018

Pentagon Researchers Test ‘Worst-Case Scenario’ Attack on U.S. Power Grid

The Defense Advanced Research Projects Agency 7-day exercise that took place earlier this month saw over 100 cyber specialists gathering on Plumb Island, a federal research facility off of New York’s Long Island, to respond to a fictional cyber attack against the power grid. DARPA researchers were able to segregate

Read More
19 Oct 2018

3 Years After Attacks on Ukraine Power Grid, BlackEnergy Successor Poses Growing Threat

Researchers are calling “GreyEnergy,” an offshoot of the BlackEnergy group that conducted a massive cyberattack on the Ukrainian power grid in 2015, an emerging threat to the Central and Eastern European power grid. Security firm ESET has released a report describing the group’s activities as focused on reconnaissance and espionage

Read More