Tag Archive for: Sector

European Electricity Sector Lacks Cyber Experts as Ukraine War Raises Hacking Risks

/in


Europe’s power-grid operators say they are struggling to hire cybersecurity experts at a time when the sector is especially vulnerable to hacking threats related to the war in Ukraine. 

The staff shortage is alarming executives, particularly after Ukraine disconnected from Russia’s electric grid in February and linked to continental Europe’s grid, adding new risks that a potential cyberattack could ripple across countries.

“The worry is about cascading effects,” said Gregorz Bojar, chief information officer at

Polskie Sieci Elektroenergetyczne SA,

the operator of Poland’s electricity-transmission system. 

European electricity operators and providers are on alert. The Covid-19 pandemic and Russia’s invasion of Ukraine have heightened cyber threats in recent years. Hackers hit three German wind-energy companies in the early months of the war, taking down some remote-control systems that monitor turbines. In one case, an attack launched one hour before Russia invaded Ukraine on Feb. 24 on a

Viasat Inc.

satellite providing internet connections in Ukraine disrupted those systems and took down internet service for thousands of Ukrainians and people in other parts of Europe.

“We can talk about a weaponization of the energy sector,” said Aurélio Blanquet, secretary general of the European Energy Information Sharing and Analysis Center, speaking at a conference in Brussels last month. The center helps energy companies exchange information about cyber threats.

New European laws set to come into force over the next few years will also heighten regulators’ scrutiny of cybersecurity processes at critical infrastructure operators. This, in…

Source…

HIPAA requires ‘timely response’ for security incidents, says alert to health sector

/in


People wait outside a hospital emergency room in Texas. (Photo by Brandon Bell/Getty Images)

Not only will a timely response to security incidents prevent and reduce recovery time from cyberattacks, the Health Insurance Portability and Accountability Act requires covered entities to implement policies to address incidents, according to the cyber bulletin from the U.S. Department of Health and Human Services’ Office for Civil Rights.

To OCR, the rise of hacking incidents across all sectors is cause for concern. About 74% of all healthcare data breaches reported to the agency in 2021 involved hacking or IT incidents, which makes hacking “the greatest threat to the privacy and security of protected health information.”

Consider the latest spate of cyberattacks and related periods of electronic health record downtime in healthcare. The outage at OakBend Medical Center in Texas lasted for about three weeks and led to care diversion during the initial days, as well as the theft of patient data. Patients were also hit with fraud attempts in the wake of the incident.

Meanwhile, CommonSpirit Health was struck with ransomware on Oct. 3 and has led to care disruptions at a portion of its 700 care sites and 142 hospitals across the country. Local media outlets note that many of these impacted hospitals are still working to recover several weeks after the attack. CommonSpirit has not issued an update since Oct. 17.

Based on the financial reports of health systems following several weeks of network outages, cyberattacks can cost upwards of $1 million per each day of downtime. For Scripps Health, a month of downtime after its 2021 cyberattack cost $122.7 million in lost revenue and recovery.

“Security incidents will almost inevitably occur during the lifetime of a regulated entity,” OCR officials wrote. Adhering to the HIPAA-required security incident response plan can enable providers to effectively pivot and recover from potential cyber incidents.

These plans should include methods for identifying and responding to security incidents, as well as mitigating possible harmful impacts and documenting each incident and the outcomes.

Incident response processes should begin with forming a team with…

Source…

Defending Ukraine: SecTor session probes a complex cyber war

/in


It was a quick, but for a packed room of delegates attending a SecTor 2022 session in Toronto, an eye-opening 20-minute tutorial that explored the litany of Russian cyberattacks in Ukraine and what has been done to prevent them since the war broke out on Feb. 23.

The presentation on Wednesday from John Hewie, national security officer with Microsoft Canada, centred on a report issued in late June entitled Defending Ukraine: Early Lessons from the Cyber War, that was covered in IT World Canada the day it was released.

In a foreword to it, Brad Smith, president and vice chair at Microsoft, wrote that the invasion “relies in part on a cyber strategy that includes at least three distinct and sometimes coordinated efforts – destructive cyberattacks within Ukraine, network penetration and espionage outside Ukraine, and cyber influence operating targeting people around the world.

“When countries send code into battle, their weapons move at the speed of light. The internet’s global pathways mean that cyber activities erase much of the longstanding protection provided by borders, walls and oceans. And the internet itself, unlike land, sea and the air, is a human creation that relies on a combination of public and private-sector ownership, operation and protection.”

As Hewie pointed out to security professionals attending the conference, the feeling within Microsoft was that the cyber warfare and the attacks that were going on were being vastly underreported, “which is why we invested in the work that I am sharing with you today.”

He said that when the war began, there were cyberattacks on upwards of 200 different systems in the Ukraine: “We initially saw the targeting of government agencies in those early days, as well as the financial sector and IT sector.”

Prior to the invasion, added Hewie, Microsoft security professionals had already established a line of communication with senior officials in government and other sectors, and threat intelligence was shared back and forth.

“And then as the war went on, we saw continued expansion of those attacks in the critical infrastructure space – nuclear, for example – and continuing in the IT sector. When the…

Source…

Chinese Hackers Target Energy Sector in Australia, South China Sea

/in


The Chinese state-aligned threat actor TA423 (aka Leviathan/APT40) is behind a sustained cyber-espionage campaign against countries and entities operating in the South China Sea, including organizations involved in an offshore wind farm in the Taiwan Strait.

The threat actor’s most recent campaigns used malicious emails impersonating Australian media organizations, including the fake Australian Morning News, to deliver ScanBox malware for reconnaissance, according to a report drafted by cybersecurity firm Proofpoint, working in collaboration with PwC.

Researchers also observed phishing activity targeting governmental agencies, media companies, and South China Sea wind turbine operators, as well as a European manufacturer supplying equipment for the Yunlin Offshore Windfarm in the Taiwan Strait.

The espionage campaign was active from April through June, with URLs delivered in phishing emails that redirected victims to a malicious website, where the landing page delivered a JavaScript ScanBox malware payload to selected targets.

“The ScanBox-related phishing campaigns identified in April through June 2022 originated from Gmail and Outlook email addresses which Proofpoint assess with moderate confidence were created by the threat actor, and utilized a variety of subject [lines] including ‘Sick Leave,’ ‘User Research,’ and ‘Request Cooperation,'” a blog post on the campaign noted, adding that the phishing campaign is currently ongoing.

ScanBox is a reconnaissance and exploitation framework designed to harvest several types of information, such as the target’s public-facing IP address, the type of Web browser they use, and their browser configuration (language or plugin information, for example). It allows threat actors to profile victims, and to deliver further carefully crafted malware to selected targets of interest.

This serves as a setup for the following stages of information gathering and potential follow-on exploitation or compromise, where malware could be deployed to gain persistence on the victim’s systems and allow the attacker to perform espionage activities.

“It creates an impression of the victim’s network that the actors then study and decide the best route to take to…

Source…