Tag Archive for: Sector

Manufacturing sector top target for ransomware attacks last year

/in


Palo Alto said UK manufacturers and professional and legal services are most at risk of ransomware attacks.

The UK’s manufacturing sector is the prime target for ransomware attacks, according to data from Palo Alto Networks’ threat intelligence arm, Unit 42, seen by City A.M.

In 2023, manufacturers bore the brunt of ransomware assaults, accounting for 17.2 per cent of all attacks recorded in the UK, totalling 45 incidents.

They are particularly at risk due to their low tolerance for operational disruption, which can negatively impact production, cyber security company Palo Alto said.

With only one fewer incident last year, professional and legal services followed closely behind, suffering 16.9 per cent of ransomware attacks, as cyber criminals targeted sensitive data.

In 2023, the first year the study has been conducted, 261 ransomware attacks targeted UK organisations.

The UK’s technology and education sectors both experienced 8.4 per cent of attacks.

A ransomware attack is when hackers use malicious software to encrypt files or systems, demanding payment, often in cryptocurrency, for their release. The impact on businesses can include loss of data, reputational damage, regulatory penalties and higher insurance premiums.

Palo Alto Networks recently released a separate report, revealing that the frequency of cyber assaults on UK companies has surged, with attacks occurring on a monthly, weekly, and even daily basis for 76 per cent of respondents.

Amid the rise, regulatory pressure is mounting on companies, particularly in critical infrastructure sectors, to enhance their cyber security measures.

For example, the Product Security and Telecommunications Infrastructure (PSTI) Act is coming into force on 29 April. It will require manufacturers of internet-connected or ‘smart’ products to ensure they meet minimum security requirements, protecting consumers.

Similarly tagged content:

Source…

How can the energy sector bolster its resilience to ransomware attacks?

/in


Since it plays a vital role in every functioning society, the energy sector has always been a prime target for state-backed cybercriminals. The cyber threats targeting this industry have grown significantly in recent years, as geopolitical tensions have fueled an increase in state-sponsored cyber espionage. According to one report on OT/ICS cyber security incidents, the energy sector recorded 39% of all attacks, with nearly 60% of these attacks attributed to state-affiliated groups.

energy sector attacks

As well as the threat of politically motivated attacks aimed at gaining a strategic advantage, threat actors are also attracted to the potential financial gains from accessing vast stores of sensitive Information. Attackers have also seized the opportunity to cause significant operational disruption as leverage in ransoms. A recent high-profile example is the ransomware attack against Schneider Electric, in which the Cactus ransomware gang claimed to have stolen 1.5 TB of data after breaching their systems.

As cyberattacks and ransomware rates continue to increase, there is a real concern among energy providers about the operational resilience of the industry, especially since the risks are compounded by the growing economic challenges and shifting regulatory demands.

So how can the sector navigate these challenges successfully?

Understanding the risk factors

The energy sector’s risks are partly driven by its reliance on outdated and legacy technologies. Many of the technologies and systems used by the industry have long life ratios, so over time they become more vulnerable and difficult to patch. Moreover, energy providers still rely on ageing OT assets like industrial control systems (ICS), supervisory control and data acquisition (SCADA) systems, and programmable logic controllers (PLCs).

At the same time, the deployment of Internet of Things (IoT) devices, including smart sensors within energy grids and automated systems in distribution facilities, has introduced an additional layer of complexity to security. These IoT devices are not typically designed to integrate seamlessly with conventional security protocols and often come with insufficient security protections, such as…

Source…

IoT Botnets and Infostealers Frequently Target Retail Sector

/in


New research by Netskope Threat Labs has revealed that IoT botnets, remote access tools and infostealers were the key malware families deployed by attackers targeting the retail sector in the past year. The findings were revealed in a new report on the retail sector.



Retail has also undergone a shift in the past 12 months from predominantly Google Cloud-based applications towards Microsoft apps like Outlook. In last year’s report, Google applications were far more popular in the retail sector than in other industries, but over the past year the researchers have seen a resurgence of Microsoft’s popularity. This is particularly evident for storage with the gap between OneDrive and Google Drive widening over the past year, with the average percentage of users shifting from 43% to 51% for OneDrive and falling from 34% to 23% for Google Drive. Similar trends were observed with Outlook (21%) supplanting Gmail (13%) as the most popular email app.

Microsoft OneDrive remains the most popular cloud application for malware delivery across all sectors including retail. Attackers gravitate towards tactics that capitalise on users’ trust and familiarity with OneDrive, increasing the likelihood they will click on the links and download the malware. In retail, attacks via Outlook are more successful than in other sectors – retail sees twice as many malware downloads via Outlook (10%) as other industry averages (5%).

The research also found that botnets and trojans are targeting network devices. Specifically, the Mirai botnet family has increasingly been seen to target exposed networking devices running Linux such as routers, cameras, and other IoT devices in the retail environment. Similarly, remote access trojans (RAT) were popular as they allow access to browsers and remote cameras, sending information to attackers or receiving commands. Since the leak of Mirai malware’s source code, the number of variants of this malware has increased considerably and poses a risk to retail as a sector with multiple vulnerable endpoints.

Paolo Passeri, Cyber Intelligence Principal at Netskope said: “It’s surprising that the retail sector still finds itself specifically targeted with botnets…

Source…

Report Says Iranian Hackers Targeting Israeli Defense Sector

/in


Cyberwarfare / Nation-State Attacks
,
Fraud Management & Cybercrime
,
Next-Generation Technologies & Secure Development

Hackers Are Leveraging Israel-Hamas War to Carry Out Attacks, Researcher Tells ISMG

Chris Riotta (@chrisriotta) •
February 27, 2024    

Report Says Iranian Hackers Targeting Israeli Defense Sector
Mandiant found suspected Iranian hackers targeting Middle Eastern defense workers. (Image: Shutterstock)

Cybersecurity researchers identified a suspected Iranian espionage campaign targeting aerospace, aviation and defense industries across the Middle East, including in Israel and the United Arab Emirates.

See Also: User Entity & Behavior Analytics 101: Strategies to Detect Unusual Security Behaviors


Threat intelligence firm Mandiant published a report Tuesday night that links a threat actor tracked as UNC1549, allegedly associated with the Iranian Revolutionary Guard Corps, to a series of coordinated attacks targeting Middle East entities affiliated with the aerospace and defense sectors.


Ofir Rozmann, a senior researcher for Mandiant and a coauthor of the report, told Information Security Media Group that hackers “used decoys and lures” to gain initial access into targeted systems. They primarily used Microsoft Azure cloud infrastructure to communicate with their deployed back doors – a technique used to evade detection.


Tehran-affiliated hackers “are growing overtime in sophistication and conducting tailored cyberespionage and destructive campaigns,” Rozmann said. This campaign’s primary purpose appears to be espionage but may also support other…

Source…