US Utilities Targeted with LookBack RAT in a new phishing campaign

Security Affairs

Security experts at Proofpoint observed a new wave of phishing attacks aimed at US Utilities in an attempt to deliver the LookBack RAT. In early August, the expert reported that between July 19 and July 25, 2019, several spear-phishing emails were identified?

Why Russian APT Fancy Bear hacked the Ukrainian energy firm Burisma?

Security Affairs

Russia-linked cyber-espionage group hacked the Ukrainian energy company Burisma at the center of the impeachment trial of US President Donald Trump. Once credentials are phished, attackers are able to operate covertly within an organization in pursuit of their goal.”

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

FERC issues notice of proposed rulemaking to extend reporting requirements for cyberattacks targeting the energy sector

Data Protection Report

DHS’ webinar explained that the hackers obtained access to vendors providing computer services to electric utilities companies. The hackers used tactics such as phishing emails and watering-hole attacks. In response to such concerns, regulatory agencies are increasing reporting requirements for cyberattacks targeting the energy sector. Compliance and risk management cybercrime Data breach cyber attack data breach Energy FERC regulationOn July 23 and 25, 2018, the U.S.

The Growing Presence (and Security Risks) of IoT

Thales eSecurity

That pace is unlikely to slow down over the coming years; Pagely noted that organizations are still turning to IoT devices as a way to automate and optimize their business processes as well as save on energy costs. As most of us know, IoT devices are on the rise in enterprise networks.

IoT 127

Scanning for Flaws, Scoring for Security

Krebs on Security

But in a marketing email sent to FICO members on Tuesday advertising its new benchmarking feature, FICO accidentally exposed the FICO Cyber Risk Score of energy giant ExxonMobil.

US Cyber Command warns of Iran-linked hackers exploiting CVE-2017-11774 Outlook flaw

Security Affairs

The APT33 group has been around since at least 2013, since mid-2016, the group targeted the aviation industry and energy companies with connections to petrochemical production. These executables are both downloaders that utilize powershell to load the PUPY RAT.

MY TAKE: Memory hacking arises as a go-to tactic to carry out deep, persistent incursions

The Last Watchdog

In fact, memory attacks have quietly emerged as a powerful and versatile new class of hacking technique that threat actors in the vanguard are utilizing to subvert conventional IT security systems. Allegedly developed by US and Israeli operatives, Stuxnet was discovered circulating through Iranian nuclear energy facilities in 2010. Today, if you examine any high-profile data breach, you’re likely to find memory-hacking techniques utilized at multiple key stages of the attack.

Weekly podcast: ICS attacks, Reddit and SIM swap arrests

IT Governance

A new report from Cybereason has highlighted the alarming scale and variety of attacks faced by ICS or industrial control systems, and it seems that it’s not only nation-state attackers but also opportunistic traditional cybercriminals that are now targeting utility providers.