Construction and engineering firm Sargent & Lundy is informing more than 6,900 individuals that attackers stole their Social Security numbers through an Oct. 15 cyber incident. The firm has engineered 958 power plant units and more than 6,200 circuit miles of power delivery systems.
Information Security Media Group asked some of the industry's leading cybersecurity experts about the trends to watch in 2023. Responses covered a variety of emerging threats and evolving trends affecting security technologies, leadership and regulation. Here is a look at the year ahead.
Recorded Future has signed an agreement with Ukraine's Ministry of Digital Transformation to help protect the county's critical infrastructure against Russian physical and cyberattacks. The company can help detect novel strains of malware and command-and-control infrastructure run by the Russians.
Ukrainian President Volodymyr Zelenskyy made a historic visit to Washington in a bid to shore up support during a critical moment. Behind the scenes, U.S. assistance includes strengthening Ukrainian cyber resiliency. Russian cyber operations remain a threat.
Malware analysis and sandboxing solutions traditionally have been bound to operating systems and file types, but file types in the critical infrastructure world are different. Critical infrastructure cannot rely on standard malware analysis tools given the unique operating systems used in the space.
As the world looks into adapting 5G and studying 6G, satellite IoT is opening a new front for connectivity. There will be a demand for more LEO-based satellites for low-power communication, and these satellites will require completely new kinds of security, says Krishnamurthy Rajesh of GreyOrange.
A hacker selling a data set purportedly containing emails stripped from the FBI's InfraGard public-private cybersecurity forum obtained access by sending an application, which the bureau approved, reports independent cybersecurity journalist Brian Krebs.
The Conservative U.K. government said it will propose updates to the country's main cybersecurity regulation, including a requirement for the private sector to reimburse the public sector for enforcement activities. The government downplayed concerns that it could create perverse incentives.
The oil pipeline and rail sectors could be required to implement cyber risk management following the Transportation Security Administration's initiation of a rule-making process. The Biden administration is pressuring critical infrastructure operators through voluntary measures and new regulation.
U.S. federal authorities are warning critical infrastructure sectors including healthcare to be on the lookout for indicators of Hive ransomware. Healthcare is a particular favorite of Hive affiliates because hospitals and other medical providers often pay ransoms.
Operational technology will gain more malicious attention from state-backed hackers, warns the European Union Agency for Cybersecurity. Geopolitics is driving changes in the threat landscape and the agency predicts retaliatory attacks for Western support of Kyiv.
One of the world's largest copper smelters disclosed it underwent a cyberattack, stating that production "could largely be maintained." Germany-based Aurubis owns Europe's largest copper smelting facility, capable of refining 450,000 metric tonnes annually and located in Hamburg.
The Department of Homeland Security released a set of cybersecurity practices for critical infrastructure containing basic measures such as requiring multifactor authentication and disabling AutoRun. The word "voluntary" was in heavy rotation during the Thursday rollout.
The Biden administration will put more critical infrastructure sectors, such as water, under mandates to ensure minimal cybersecurity standards. The White House is also ramping up interest in consumer cybersecurity by initiating a labeling program for the internet of things.
Made up of 3,000 public utilities, the U.S. power grid has many weak links in its cyber defenses. Regulators can fine utilities for service outages, but a proposed federal program and recent Purdue University study say financial incentives will help firms make the right security investments.