Tag Archive for: threat

The biggest threat to operations


Victor Lough, Cybersecurity Business Lead at Schneider Electric, speaks to The Manufacturer about the new NIS 2 legislative changes and the impact of this on the supply chain.

Victor’s role is to ensure that Schneider’s solutions and services are being delivered to the UK and Ireland business sector from a security perspective, as well as collaboratively with the government and market peers. Alongside this, he is raising awareness of ransomware and it being the current biggest threat to company operations.

In the UK industrial sector, there is currently a lot of collaborative work taking place around the government’s objective to make the UK the most secure location in the world to do business with. “In the last couple of years, the industry has seen a drive to ensure that everyone is pulling in the same direction. And the government is revising its Network and Information Security Directive-related legislation, aligning with the EU’s own NIS 2 update.”

The changes will have implications for the whole supply chain, requiring a wide ecosystem of essential service providers and manufacturers to rapidly advance cyber security maturity to minimise risk. In both the UK and EU, connected businesses throughout the supply chain will be expected to be cyber secure, with responsibility extending to friendly third-parties connected to systems through remote access. For utilities, this is especially crucial as any business involved in the supply chain risk huge fines.

There have been numerous changes that have impacted the sector over the last five years, specifically geopolitics, and they have influenced how businesses operate.

Because of the recent disruption, the sector has seen a stark increase in the level of ransomware attacks. “Ransomware is the biggest threat to operations right now and it is making annual profits of over $1bn per year, with more money being made from ransomware than narcotics,” Victor commented. He emphasised the call for regulation due to the fact that ransomware is being run like a business; sophisticated operations with product managers, technicians and specialists who are often backed by nation states.

Ransomware and a risk-based approach

To…

Source…

WatchGuard Threat Lab Analysis Shows Surge in Evasive Malware


WatchGuard® Technologies, a unified cybersecurity company, has announced the findings of its latest Internet Security Report, detailing the top malware trends and network and endpoint security threats analysed by WatchGuard Threat Lab researchers. Key findings from the data show a dramatic surge in evasive malware that fueled a large increase of total malware, threat actors targeting on-premises email servers as prime targets to exploit, and ransomware detections continuing to decline, potentially as a result of law enforcement’s international takedown efforts of ransomware extortion groups.

“The Threat Lab’s latest research shows threat actors are employing various techniques as they look for vulnerabilities to target, including in older software and systems, which is why organisations must adopt a defense-in-depth approach to protect against such threats,” said Corey Nachreiner, chief security officer at WatchGuard. “Updating the systems and software on which organisations rely is a vital step toward addressing these vulnerabilities. Additionally, modern security platforms that are operated by managed service providers can deliver the comprehensive, unified security that organisations need and enable them to combat the latest threats.”

Among the key findings, the latest Internet Security Report featuring data from Q4 2023 showed:

Evasive, basic, and encrypted malware all increased in Q4, fueling a rise in total malware. The average malware detections per Firebox rose 80% from the previous quarter, illustrating a substantial volume of malware threats arriving at the network perimeter. Geographically, most of the increased malware instances affected the Americas and Asia-Pacific.

TLS and zero-day malware instances also rise. Approximately 55% of malware arrived over encrypted connections, which was a 7% increase from Q3. Zero-day malware detections jumped to 60% of all malware detections, up from 22% the previous quarter. However, zero-day malware detections with TLS fell to 61%, which was a 10% decrease from Q3, showing the unpredictability of malware in the wild.

Two top 5 malware variants redirect to DarkGate network. Among the top 5 most-widespread malware…

Source…

WatchGuard Threat Lab Analysis Shows Surge in Evasive Malware Supercharging an Already Powerful Threat Wave


Notable findings from the research also show resurgence of living-off-the-land attacks, continued cyberattack commoditization, and ransomware decline

SEATTLE, March 27, 2024 (GLOBE NEWSWIRE) — WatchGuard® Technologies, a global leader in unified cybersecurity, today announced the findings of its latest Internet Security Report, detailing the top malware trends and network and endpoint security threats analyzed by WatchGuard Threat Lab researchers. Key findings from the data show a dramatic surge in evasive malware that fueled a large increase of total malware, threat actors targeting on-premises email servers as prime targets to exploit, and ransomware detections continuing to decline, potentially as a result of law enforcement’s international takedown efforts of ransomware extortion groups.

“The Threat Lab’s latest research shows threat actors are employing various techniques as they look for vulnerabilities to target, including in older software and systems, which is why organizations must adopt a defense-in-depth approach to protect against such threats,” said Corey Nachreiner, chief security officer at WatchGuard. “Updating the systems and software on which organizations rely is a vital step toward addressing these vulnerabilities. Additionally, modern security platforms that are operated by managed service providers can deliver the comprehensive, unified security that organizations need and enable them to combat the latest threats.”

Among the key findings, the latest Internet Security Report featuring data from Q4 2023 showed:

  • Evasive, basic, and encrypted malware all increased in Q4, fueling a rise in total malware. The average malware detections per Firebox rose 80% from the previous quarter, illustrating a substantial volume of malware threats arriving at the network perimeter. Geographically, most of the increased malware instances affected the Americas and Asia-Pacific.

  • TLS and zero-day malware instances also rise. Approximately 55% of malware arrived over encrypted connections, which was a 7% increase from Q3. Zero-day malware detections jumped to 60% of all malware detections, up from 22% the previous quarter. However, zero-day malware detections with TLS…

Source…

The ELD Hacking Threat: Q&A with Serjon’s Urban Johnson – Safety & Compliance



ELDs are an easy gateway for hackers to get into a fleet's IT network and do major damage, warns Serjon's Urban Johnson.  -  HDT Graphic/Serjon headshot

ELDs are an easy gateway for hackers to get into a fleet’s IT network and do major damage, warns Serjon’s Urban Johnson.

HDT Graphic/Serjon headshot


Did you know your fleet’s electronic logging devices may be vulnerable to hackers?

It’s true. Serjon, a cybersecurity firm specializing in fleet transportation security, held a press conference during the Technology & Maintenance Council annual meeting in New Orleans in early March. Urban Johnson, senior vice president, information technology and cybersecurity services for Serjon, briefed media on the threats facing fleets with compromised ELDs.

ELDs are essentially communication devices used to record and report truck driver hours of service. Due to certain technical requirements of the regulations, ELDs require the ability to “write” messages to the truck’s network to obtain information, such as engine hours. The ELD also requires internet access to report the HOS information.

This creates a truck network-to internet communication bridge that introduces significant cybersecurity concerns.

We sat down with Johnson to learn more about this new cybersecurity threat to North American fleets and what they can do to protect themselves. (This interview has been lightly edited for clarity)

HDT: Many fleets aren’t aware that ELDs can be hacked. Talk a little about how hackers can gain access to an ELD.

Johnson: Different ELD vendors use different designs to deliver the functionality required by the ELD mandate. A common design is a hardware device that connects to the vehicle’s on-board diagnostics (OBD) port and then uses a Bluetooth or Wi-Fi connection to a cellular device, such as a tablet or cellphone, to collect the ELD information and report it.

That ELD information can be attacked by hackers locally (close to the truck) or remotely across the internet.

In a recent paper presented at VehicleSec’241, the researchers were able to compromise an ELD device locally by simply connecting to the ELD Wi-Fi connection point, which had a predictable SSID [network name] and a weak default password….

Source…