Tag Archive for: Exposure

Mobile phishing exposure in the energy industry surged 161% in 2021

/in


Mobile phishing exposure surged 161% within the energy industry between the second half of 2020 and the first half of 2021, a Lookout report reveals.

mobile phishing exposure 2021

The research indicates that organizations in the energy industry experienced the following between July 1, 2020 and June 30, 2021:

  • 20% of energy employees were exposed to a mobile phishing attack in the first half of 2021, a 161% increase from the second half of 2020.
  • 17.2% of all cyberattacks originating on mobile endpoints targeted energy organizations, making the industry the biggest target of cybercriminals and nation-state sponsored attackers.
  • The average mobile app threat exposure rate was 7.6% — nearly double the average of all other industries combined.
  • 56% of Android users were exposed to nearly three hundred exploitable vulnerabilities by continuing to run out-of-date versions of Android OS.
  • Riskware and vulnerabilities were the cause of 95% of mobile app threats.
  • Regional mobile phishing exposure rates: North America (11.2%), APAC (13.2%) and EMEA (15.8%).
  • EMEA and APAC employees were 41% and 18% more likely to experience a mobile phishing attack than their North American peers.

Energy organizations provide the infrastructure essential for the safety and well being of society. Recent events such as the Colonial Pipeline breach demonstrate that the energy industry is particularly vulnerable to cyberattacks.

Securing mobile endpoints to prevent mobile phishing threats

Bad actors phish and exploit vulnerabilities in mobile endpoints to circumvent legacy security systems to gain access to corporate infrastructure, steal sensitive data and extort money.

Securing mobile endpoints that employees use to do their jobs is imperative to protect enterprise data as iOS, Android and ChromeOS devices are increasingly essential to digital transformation initiatives. Protecting against mobile phishing and app threats enables energy organizations to prevent cyberattackers who want to steal credentials and data, or halt operations with ransomware.

“As the energy industry modernizes and relies more heavily on mobile devices and cloud solutions, these insights into mobile phishing and app threats can help organizations…

Source…

Oldsmar water plant intrusion occurred after code exposure: firm

/in


The incident “highlights the importance of controlling access to untrusted websites,” security company Dragos wrote.

OLDSMAR, Fla. — A person on the city of Oldsmar’s computer network went to a website that had been compromised with malicious code on the same day someone accessed its water system and changed chemical levels to poisonous levels, security company Dragos said in a blog post.

Although the code likely did not lead to the actual intrusion, the company in part said the threat “does represent an exposure risk to the water industry and highlights the importance of controlling access to untrusted websites.”

Pinellas County Sheriff Bob Gualtieri announced Monday, Feb. 8, that on the previous Friday, an operator at Oldsmar’s water treatment plant noticed the cursor on his computer screen moving around. It was during this instance that the person on the other end was making changes to the facility’s systems and controls.

RELATED: ‘This is dangerous stuff’: Hacker increased chemical level at Oldsmar’s city water system, sheriff says

Those adjustments, if they weren’t caught in time, could have poisoned the water supply for a city of about 15,000 people. The intruder changed levels of sodium hydroxide, or lye, from 100 parts per million to 11,100 parts per million. The chemical helps to control pH levels in the water but at such a high level, it is considered corrosive to any human tissue it touches.

Author Kent Backman with Dragos wrote the company in its investigation discovered the malicious computer code on the website of an unnamed Florida water utility contractor. The code was placed seemingly to target water utilities and, as Dragos found, had been accessed more than 1,000 times during the course of a 58-day window starting in December 2020.

Source…

Cyber Security Today – US, Canada among top countries for data theft, careless employees lead to data exposure, and watch out for signs of cyber espionage

/in


US, Canada ranked among top countries for data theft, more careless employees lead to data exposure and watch for this possible sign of cyber espionage

Welcome to Cyber Security Today. It’s Wednesday December 2nd. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com. To hear the podcast click on the arrow below:


Cyber Security Today is brought to you by the new Cisco Security Outcomes Study, where we surveyed 4,800 cybersecurity and IT professionals.

Visit https://cisco.com/go/SecurityOutcomes to read the results.

 

You might expect the United States is the country affected most by data theft in the past seven years. A British consumer website called USwitch came up with that nugget by calculating the amount of publicly-announced data stolen per 100,000 of a country’s population. In second place, South Korea. And number three: Canada. The United Kingdom was in fourth place, followed by Australia. That ranking gives weight to big data thefts rather than the number of breaches. Canada has a lot fewer data breaches than the U.S., but many of them were big — for example last year’s hack of medical laboratory LifeLabs led to the exposure of personal data belonging to 15 million people in Ontario and B.C. The hack in 2015 of the Toronto-based adult dating website Ashley Madison exposed personal data of over 30 million people in several countries.

Employees are still being careless with corporate data. Here’s two of the latest examples: Reporters at the TechCrunch news site recently found unprotected data on a server holding thousands of patient records and lab reports for American psychiatrists and therapists. The data belonged to a customer of NTreatment, a San Francisco-based provider of a cloud-based medical practice management software suite. Not only was the database not password-protected, the data wasn’t encrypted. After being alerted NTreatment said the server was being used for general purpose storage by the user.

Meanwhile The Register reports that a Cayman Island investments fund left its entire data backups open to anyone after failing to properly configure data left on Microsoft Azure, a cloud-based storage service. The fund’s…

Source…

New smartphone-based notification tool alerts state residents of COVID-19 exposure

/in


Screen capture from the video explaining how WA Notify works.

Gov. Jay Inslee, along with the Washington State Department of Health on Monday announced the launch of WA Notify, a notification tool designed to help stop the spread of COVID-19. By adding WA Notify to their smartphones, Washington residents will be alerted if they spent time near another WA Notify user who later tests positive for COVID-19.

WA Notify uses privacy-preserving technology jointly developed by Google and Apple and works without collecting or revealing any location or personal data.

“Secure, private and anonymous exposure notification technology is an important tool for Washington,” Inslee said Monday. “We’ve deployed WA Notify in 29 languages so as many Washington residents as possible can protect themselves, their loved ones and their communities. I encourage everyone to start using WA Notify today so we can continue to work together to contain this virus.”

Data models for three counties in Washington found that COVID-19 infections and deaths could be reduced if even a small percentage of people enabled WA Notify. Studies from Oxford University and Stanford also show that the more people who use exposure notification technology, the more effective it is.

“WA Notify complements the actions Washington residents are already taking, like wearing masks, physical distancing and keeping gatherings small,” said Secretary of Health John Wiesman. “We’re excited to be joining the states already using this safe and secure technology and encourage all Washingtonians to join the effort.”

When voluntarily activated, phones with WA Notify use Bluetooth technology to exchange random codes with the phones of other users they are near. It does this without revealing a user’s identity or location. Users who test positive for COVID-19 can enter a verification code provided by public health into WA Notify, so that other users who have been near them within the last 14 days can be anonymously alerted and take appropriate action.

WA Notify is free and can be enabled in iPhone settings or downloaded as an app from the Google Play Store for Android phones. Users can opt out at any time. Several states…

Source…