The Biden administration's focus on addressing long-standing vulnerabilities in IT and OT at U.S. ports is a step in the right direction, and new incident reporting mandates could significantly benefit smaller, resource-strapped ports, experts told ISMG.
U.S. President Joe Biden is set Wednesday to sign an executive order aimed at bolstering cybersecurity in maritime ports, including a directive for the Coast Guard to develop minimum cybersecurity standards for the marine transportation system.
Threats to critical infrastructure are on the rise, as threat actors continue to scan networks, attack networks and devices, and try to get past access controls. At the same time, according to a new report, sectors such as manufacturing have experienced a 230% increase in vulnerabilities.
Here's one reason why Iranian state hackers may have been able to target Israeli-made pressure-monitoring controllers used by American water systems: Nearly 150 of the controllers are exposed to the internet - and some still use the default password 1111.
The U.S. Cybersecurity and Infrastructure Security Agency urged critical infrastructure owners to patch systems after publishing a warning that Chinese hackers are evading detection and maintaining persistent unauthorized access in U.S. information technology environments.
The United States sanctioned senior leaders of the Iranian government cyber unit responsible for carrying out malicious cyber campaigns against American critical infrastructure sectors. The sanctions are a direct response to hacks against water system operators that use Israeli systems and software.
Leaders from the U.S. water sector testified to the House Subcommittee on Environment, Manufacturing and Critical Materials that entities across the country face funding and resource disparities as emerging threats from domestic and foreign cyber actors target the increasingly vulnerable industry.
The FBI launched a court-authorized sting operation against a Chinese hacking group known as Volt Typhoon, partnering with the Cybersecurity and Infrastructure Security Agency and a cohort of U.S. cyber agencies to prevent a major attack on the nation's critical infrastructure sectors.
The FBI and the U.S. Department of Justice used a court order to disrupt a Chinese hacking operation that compromised thousands of internet-connected devices and targeted sensitive areas of U.S. critical infrastructure, according to media reports.
Two major water providers in the U.S. and U.K. report that they recently fell victim to ransomware attacks. In both cases, attackers appear to have stolen employee or customer data that they're now holding to ransom. Ransomware trackers say known attacks, affecting all sectors, have been surging.
As cyberthreats evolve, mobile network operators need offensive security to maintain resilience. Traditional security, such as firewalls and encryption, is not sufficient on its own. Offensive security is proactive; it mimics the strategies of real attackers to stay ahead of potential threats.
The U.S. Cybersecurity and Infrastructure Security Agency published guidance for water and wastewater sector owners and operators to bolster their cyber defenses with comprehensive incident response plans and enhanced practices for sharing information with the federal government.
A December cyberattack on Ukraine's top telecom operator, which authorities in Kyiv attribute to the Russian military, will cost the parent company nearly $100 million. Ukraine in mid-December accused the Russian General Staff Main Intelligence Directorate of perpetuating the incident.
A U.S. federal agency tasked with ensuring the secure transportation of energy and hazardous materials is launching a series of initiatives to address an increase in cyberattacks, a top official said. Watchdogs have warned for years that action is urgently needed to better protect U.S. pipelines.
Switzerland's federal government reports that multiple federal agencies' public-facing sites were temporarily disrupted by distributed denial-of-service attacks perpetrated by a self-proclaimed Russian hacktivist group "as a means of gaining media attention for their cause."
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.