Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Breaches. Show all posts
Vendors
Breaches Clean Energy Cyber Security Energy IT Security Ransomware resilience Risks Supply Chain Vendors

Energy Sector Faces Heightened Supply Chain Risks Amid Growing Dependence on IT and Software Vendors

 

The energy industry is experiencing a sharp increase in supply chain risks, largely driven by its growing reliance on external vendors. According to a recent report, two-thirds of security breaches in this sector now originate from software and IT vendors.

The study, conducted by SecurityScorecard and KPMG, titled "A Quantitative Analysis of Cyber Risks in the U.S. Energy Supply Chain," draws attention to frequent threats, including ransomware attacks targeting traditional IT systems.

Researchers have emphasized that as the transition to cleaner energy picks up pace, and as the grid becomes more interconnected and software-reliant, vulnerabilities in the energy sector are expected to increase.

Ryan Sherstobitoff, senior vice president of threat research and intelligence at SecurityScorecard, stated, “The energy sector's rising dependence on third-party vendors exposes a significant vulnerability—its security is only as robust as its weakest link."

He added that this growing reliance on external vendors introduces considerable risks, urging the industry to strengthen cybersecurity defenses before a breach escalates into a national crisis.

The report highlighted that third-party risks account for nearly half of all breaches in the energy sector—significantly higher than the global average of 29%. Over 90% of organizations that experienced multiple breaches were attacked through third-party vendors.

Additionally, the report found that software and IT vendors were responsible for 67% of third-party breaches, while only a small number were linked to other energy companies. A notable portion of these incidents stemmed from the MOVEit file transfer software vulnerability, which was exploited by the Clop ransomware group last year.

The report also pointed out application security, DNS health, and network security as some of the most significant weaknesses in the sector.

The findings come at a time when the U.S. Department of Energy is convening with energy sector leaders to promote the Supply Chain Cybersecurity Principles, urging companies to focus on reducing risks posed by software and IT vendors, which represent the highest third-party threats.

As part of this effort, energy operators are encouraged to ensure new technology purchases are secure by incorporating initiatives like CISA’s "Secure by Design" and following the Department of Energy’s Supply Chain Cybersecurity Principles. The industry must also bolster security programs to defend against supply chain risks and geopolitical threats, especially from nation-state actors, and analyze ransomware attacks affecting foreign counterparts to improve resilience.

“The energy sector is a complex system undergoing a significant generational shift, heavily reliant on a stable supply chain," said Prasanna Govindankutty, KPMG's principal and cybersecurity leader for the U.S. sector.

He further explained that with rising geopolitical and technology-based threats, the industry is facing a level of risk exposure that could negatively impact both businesses and citizens. Organizations that can quantify these risks and implement mitigation strategies will be better equipped to navigate the energy transition.
Read more »
Security
Breaches Cyber Security Data Data Breaches data security Safety Security

Exfiltration Malware: At the Forefront of Cybersecurity Issues

 

While massive public security breaches are understandably concerning, the increase in malware designed to exfiltrate data directly from devices and browsers is a significant contributor to continued user exposure, according to SpyCloud . Last year, over 22 million unique devices were infected by malware, according to the 2023 report. 
SpyCloud recovered 721.5 million exposed credentials, roughly half of which came from botnets, tools commonly used to deploy highly accurate information-stealing malware. These infostealers allow cybercriminals to operate on a large scale, stealing valid credentials, cookies, auto-fill data, and other highly valuable information for use in targeted attacks or sale on the darknet.

“The pervasive use of infostealers is a dangerous trend because these attacks open the door for bad actors like Initial Access Brokers, who sell malware logs containing accurate authentication data to ransomware syndicates and other criminals,” said Trevor Hilligoss, Director of Security Research at SpyCloud. “Infostealers are easy, cheap, and scalable, creating a thriving underground economy with an ‘anything-as-a-service’ model to enable cybercrime. This broker-operator partnership is a lucrative business with a relatively low cost of entry.”

Critical business applications are easily accessible to cybercriminals

 Cybercriminals have doubled down and taken advantage of the economic downturn, expanding their hybrid workforce, creating ghost accounts from terminated employees, and rising outsourcing.

When employees enter corporate networks using malware-infected unmanaged or undermanaged devices, threat actors have a simple route into important company applications such as single sign-on platforms and virtual private networks.

In 2022, SpyCloud researchers recovered millions of credentials stolen from popular third-party business applications that had been impacted by malware. The data stolen from these apps, which include code repositories, customer databases, messaging platforms, and HR systems, provides bad actors with the information they need to launch damaging follow-up attacks such as ransomware.

If these credentials are not properly remediated and remain active, they will continue to pose a threat to organisations even after the malware has been removed from the device.

Organizations are oblivious to the threat of sophisticated malware-based attacks

“Organizations are overlooking the mounting threat of sophisticated malware-based attacks and the protracted business impact of infected devices. Leaders need a new approach that disrupts the flow of stolen authentication data and mitigates the ongoing threat of these exposures,” said Hilligoss.

“Collectively, we need to start thinking about protecting digital identities using a Post-Infection Remediation approach, rather than solely focusing on cleaning individual infected devices. Taking action on exposed employee data before it can be used by criminals is paramount to preventing account takeover, fraud, ransomware, and other forms of cybercrime,” concluded Hilligoss.

By resetting application credentials and invalidating session cookies syphoned by infostealer malware, security teams can supplement their traditional cyber incident response playbooks with additional steps to fully negate opportunities for ransomware and other cyberattacks.

Password hygiene remains a problem

Session hijacking enabled by stolen cookies is becoming more common: In 2022, SpyCloud researchers recovered nearly 22 billion device and session cookies. These records allow criminals to gain access to sensitive information by bypassing MFA and hijacking an active session, effectively turning bad actors into employee clones.

Users' personally identifiable information (PII) is as appealing as it has always been: In 2022, SpyCloud researchers found 8.6 billion PII assets, including 1.4 billion full names, 332 million national IDs/full social security numbers, and 67 million credit card numbers.

Despite increased cybersecurity training emphasis, password hygiene remains poor: 72% of users exposed in breaches in 2022 continued to use previously compromised passwords. SpyCloud recovered over 327,000 passwords related to artists Taylor Swift and Bad Bunny, over 261,000 passwords associated with streaming services such as Netflix and Hulu, and over 167,000 passwords related to Queen Elizabeth's death and the British royal family.

The government sector is more vulnerable to malware-infected devices than the private sector: In 2022, SpyCloud discovered 695 breaches containing.gov emails, a nearly 14% increase from 2021. Password reuse rates among government employees continue to be high, with 61% of users having more than one password exposed in the previous year.

123456, 12345678, and password are the three most commonly exposed plaintext passwords associated with government emails. Malware exfiltrated nearly 74% of exposed government credentials globally in 2022 (compared to 48.5% globally).
Read more »
Subscribe to: Posts (Atom)