CISA stresses that "significant" Log4j breaches have not yet been found in the networks of federal agencies or critical infrastructure, but that it is not yet possible to assess whether the vulnerability is present across all of these disparate systems.
Manufacturers are introducing remote operations capacity for OT systems, allowing employees, contractors, and trusted third parties to operate on-site infrastructure from anywhere in the world. While the benefits are multifaceted, the risks to critical infrastructure are real.
Leveraging the Hancitor malware, the ransomware gang earned $43.9 m after compromising 49 critical infrastructure entities in finance, government, healthcare, manufacturing, and IT.
Iranian APT groups targeted critical infrastructure entities by exploiting known Microsoft Exchange Server and Fortinet vulnerabilities using malicious and legitimate tools.
A cybersecurity advisory by CISA, the FBI, and the NSA warned that BlackMatter ransomware is actively targeting critical infrastructure entities and food organizations in the US.
Australian companies that have connections to the country's critical infrastructure might have no choice but to allow the government to step in during cyber attacks, if new legislation proposed by the Morrison government is approved.
ICS vulnerabilities affecting critical infrastructure increased by 41% within 6 months, with most rated high/critical, having low attack complexity, and remotely exploitable.
With the executive order signed, leading industry standards organizations should be heavily involved to help apply standards and regulations to make sure all connected devices have a proper level of security to create a secure ecosystem and prevent further critical infrastructure attacks.
Recent cyber attacks that have done damage to critical infrastructure could be a pretext for a "real shooting war," according to Joe Biden, as the president addressed the growing threats to national security in the cyber sphere.
A set of documents obtained by Sky News, allegedly obtained from the Iranian cyber command, details plans by Iran to do advanced real-world damage with cyber attacks. Targets include retail fuel pumps and container ships.