One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 2884727 |
| Date de publication | 2021-06-03 10:00:00 (vue: 2021-06-07 11:05:45) |
| Titre | Ransomware and Energy and Utilities (Recyclage) |
| Texte | This is a blog series focused on providing energy and utility industries with helpful insights and practical, helpful information on cybersecurity. Intro The exponential growth of IoT devices in the energy and utilities industry has greatly increased focus on cybersecurity. Focus on cybersecurity across industries has increased recently, no doubt due to factors like COVID-19 forcing a jump in remote work. In 2020, we saw cybersecurity move from being a technical problem to a business issue. Along with the recognition that businesses really need to lead with a security-first mindset to be resilient, the CISO was elevated to a seat at the proverbial table as a true C-suite leader and trusted board advisor. Energy and utilities face unique challenges compared to other industries. According to McKinsey: “In our experience working with utility companies, we have observed three characteristics that make the sector especially vulnerable to contemporary cyberthreats. First is an increased number of threats and actors targeting utilities: nation-state actors seeking to cause security and economic dislocation, cybercriminals who understand the economic value represented by this sector, and hacktivists out to publicly register their opposition to utilities’ projects or broad agendas. The second vulnerability is utilities’ expansive and increasing attack surface, arising from their geographic and organizational complexity, including the decentralized nature of many organizations’ cybersecurity leadership. Finally the electric-power and gas sector’s unique interdependencies between physical and cyber infrastructure make companies vulnerable to exploitation, including billing fraud with wireless “smart meters,” the commandeering of operational-technology (OT) systems to stop multiple wind turbines, and even physical destruction.” Let’s look at one type of common and profitable attack that could impact energy and utility companies – ransomware. What is ransomware? Ransomware is exactly as the name implies – something valuable to your business is being kept from you until a ransom is paid for its return. In simple terms, ransomware is extortion. Ransomware, a form of malicious software, blocks you from accessing your computer systems or files until you pay the cyber adversary to allow you access to your information. The ransom is typically requested in crypto currency because of its anonymity and ease of online payment – this translates to no tracing of the origin or destination of the funds, a common tactic of cyber criminals. Knowingly infecting a system with ransomware and requesting payment to unlock the system is a crime. Law enforcement agencies recommend not paying the ransom associated with ransomware. The thought is that if the ransom is paid, you as the victim of ransomware are then identified as an easy target for further cybercrime and the ransomware attack is perpetuated against others. Who is the target of ransomware? Cyber criminals seek the path of least resistance in their targets and strike against businesses that are easy targets. Ransomware is a business and the perpetrators, like any good businessperson, are looking for a strong ROI. The C |
| Envoyé | Oui |
| Condensat | “in “smart “your abruptly seemingly 2020 access accessing according across actors additional address adversary advisor again against age agencies agendas allocated allow along always analog and…backup anonymity anti any applications are arising around assets associated attachment attack attacks avoid aware back backups backups: bait because become becoming begin being better between billing bitcoin blocks blog board broad browse budget business businesses businessperson but campaign campaigns can cannot catastrophes catastrophic cause challenges chance characteristics churches ciso clean clearly click clicked commandeering common companies company compared complete complexity compliance computer constantly consultants contemporary continue control copies copy could covid create crime criminals critically crypto currency current cyber cybercrime cybercriminal cybercriminals cybersecurity cyberthreats daily data date day decentralized delete/release delivered departments destination destruction devices did different digital disguises disguising dislocation document does doubt downloading drive due ease easily easy economic effect electric elevated email emotions energy enforcement enter especially essential even events every exactly expansive expensive experience experienced expertise exploitation exponential extortion face factors failure falling file files files” fill finally first focus focused follow force forcing form forward fraud from funds further gaps gas general geographic get getting good greatly growth hacktivists has have help helpful hiring hope hospitals how identified impact implies important include: including increase increased increasing industries industry infect infected infecting information infrastructure innocuous insights install installation interdependencies intro introduce iot issue its jump just keep kept know knowingly known lacks launch law lead leader leadership least lesson let’s like link links locked look looking make makes making malicious malware management many marches may mckinsey: mean means mercy meters method methods midst mindset minimizes money more most move movie movies multiple name nation natural nature navigating navigation need new news not number observed offsite once one online open opening openings operate operational opposition organizational organizations’ origin original other others out page paid pandemic patch patched path pay paying payment pdf perpetrators perpetuated phishing physical place play plays power practical prevent prey primarily proactively probably problem productivity profitable projects protect protecting proved proverbial providing publicly quite radar ransom ransomware realistic really reason recently recognition recommend register regulatory remote represented reputable requested requesting requirements resilient resistance return risk roi roles ruthless saw says scan scenario schools screen seat second sector sector’s security seek seeking seem send series seriously service should show shows simple site small software some something specific state stop stoppage stopping storage strike strong such suite sure surface system systems table tactic take taken target targeting targets tasks technical technology terms themselves then these think though thought threats three through through: tied time too tool tools tracing translates true trusted turbines two type types typically understand unfortunately unique unlock until updates use used uses usually utilities utilities’ utilities: utility valuable value victim visit volume vulnerability vulnerable want way ways web website websites what when who why will wind wireless without word work working works world worthwhile xxxx your |
| Tags | Ransomware Malware Tool Vulnerability Guideline |
| Stories | Deloitte |
| Notes | |
| Move | 
|
Les reprises de l'article (1):
| Source | AlienVault Blog |
|---|---|
| Identifiant | 2870813 |
| Date de publication | 2021-06-03 10:00:00 (vue: 2021-06-03 10:05:56) |
| Titre | Ransomware and energy and utilities |
| Texte | This is a blog series focused on providing energy and utility industries with helpful insights and practical, helpful information on cybersecurity. Intro The exponential growth of IoT devices in the energy and utilities industry has greatly increased focus on cybersecurity. Focus on cybersecurity across industries has increased recently, no doubt due to factors like COVID-19 forcing a jump in remote work. In 2020, we saw cybersecurity move from being a technical problem to a business issue. Along with the recognition that businesses really need to lead with a security-first mindset to be resilient, the CISO was elevated to a seat at the proverbial table as a true C-suite leader and trusted board advisor. Energy and utilities face unique challenges compared to other industries. According to McKinsey: “In our experience working with utility companies, we have observed three characteristics that make the sector especially vulnerable to contemporary cyberthreats. First is an increased number of threats and actors targeting utilities: nation-state actors seeking to cause security and economic dislocation, cybercriminals who understand the economic value represented by this sector, and hacktivists out to publicly register their opposition to utilities’ projects or broad agendas. The second vulnerability is utilities’ expansive and increasing attack surface, arising from their geographic and organizational complexity, including the decentralized nature of many organizations’ cybersecurity leadership. Finally the electric-power and gas sector’s unique interdependencies between physical and cyber infrastructure make companies vulnerable to exploitation, including billing fraud with wireless “smart meters,” the commandeering of operational-technology (OT) systems to stop multiple wind turbines, and even physical destruction.” Let’s look at one type of common and profitable attack that could impact energy and utility companies – ransomware. What is ransomware? Ransomware is exactly as the name implies – something valuable to your business is being kept from you until a ransom is paid for its return. In simple terms, ransomware is extortion. Ransomware, a form of malicious software, blocks you from accessing your computer systems or files until you pay the cyber adversary to allow you access to your information. The ransom is typically requested in crypto currency because of its anonymity and ease of online payment – this translates to no tracing of the origin or destination of the funds, a common tactic of cyber criminals. Knowingly infecting a system with ransomware and requesting payment to unlock the system is a crime. Law enforcement agencies recommend not paying the ransom associated with ransomware. The thought is that if the ransom is paid, you as the victim of ransomware are then identified as an easy target for further cybercrime and the ransomware attack is perpetuated against others. Who is the target of ransomware? Cyber criminals seek the path of least resistance in their targets and strike against businesses that are easy targets. Ransomware is a business and the perpetrators, like any good businessperson, are looking for a strong ROI. The C |
| Envoyé | Oui |
| Condensat | “in “smart “your abruptly seemingly 2020 access accessing according across actors additional address adversary advisor again against age agencies agendas allocated allow along always analog and…backup anonymity anti any applications are arising around assets associated attachment attack attacks avoid aware back backups backups: bait because become becoming begin being better between billing bitcoin blocks blog board broad browse budget business businesses businessperson but campaign campaigns can cannot catastrophes catastrophic cause challenges chance characteristics churches ciso clean clearly click clicked commandeering common companies company compared complete complexity compliance computer constantly consultants contemporary continue control copies copy could covid create crime criminals critically crypto currency current cyber cybercrime cybercriminal cybercriminals cybersecurity cyberthreats daily data date day decentralized delete/release delivered departments destination destruction devices did different digital disguises disguising dislocation document does doubt downloading drive due ease easily easy economic effect electric elevated email emotions energy enforcement enter especially essential even events every exactly expansive expensive experience experienced expertise exploitation exponential extortion face factors failure falling file files files” fill finally first focus focused follow force forcing form forward fraud from funds further gaps gas general geographic get getting good greatly growth hacktivists has have help helpful hiring hope hospitals how identified impact implies important include: including increase increased increasing industries industry infect infected infecting information infrastructure innocuous insights install installation interdependencies intro introduce iot issue its jump just keep kept know knowingly known lacks launch law lead leader leadership least lesson let’s like link links locked look looking make makes making malicious malware management many marches may mckinsey: mean means mercy meters method methods midst mindset minimizes money more most move movie movies multiple name nation natural nature navigating navigation need new news not number observed offsite once one online open opening openings operate operational opposition organizational organizations’ origin original other others out page paid pandemic patch patched path pay paying payment pdf perpetrators perpetuated phishing physical place play plays power practical prevent prey primarily proactively probably problem productivity profitable projects protect protecting proved proverbial providing publicly quite radar ransom ransomware realistic really reason recently recognition recommend register regulatory remote represented reputable requested requesting requirements resilient resistance return risk roi roles ruthless saw says scan scenario schools screen seat second sector sector’s security seek seeking seem send series seriously service should show shows simple site small software some something specific state stop stoppage stopping storage strike strong such suite sure surface system systems table tactic take taken target targeting targets tasks technical technology terms themselves then these think though thought threats three through through: tied time too tool tools tracing translates true trusted turbines two type types typically understand unfortunately unique unlock until updates use used uses usually utilities utilities’ utilities: utility valuable value victim visit volume vulnerability vulnerable want way ways web website websites what when who why will wind wireless without word work working works world worthwhile xxxx your |
| Tags | Ransomware Malware Tool Vulnerability Guideline |
| Stories | Deloitte |
| Notes | |
| Move |
|
L'article ne semble pas avoir été repris sur un précédent.