By Ravindra Krishna, CISSP In a recent Operational Technology (OT) cyberattack, Monero Crypto-currency mining malware was discovered in the ICS network of a water utility company located in Europe. The company found the malware during a routine monitoring check of their OT network and confirmed that the malware infected five servers including the Human machine interface (HMI), which is used to control and manage physical components of OT networks. This attack provides further evidence that OT networks are not simply vulnerable, but actually easy targets. The Post-Stuxnet OT Cyberattack Era I believe that we can divide OT attacks into two... Read more →
85 posts categorized "Malware"
03 July 2018
Don't be a sitting duck in the next OT cyberattack
Posted by (ISC)² Management on 03 July 2018 at 08:30 AM in IT Security, Malware, Network Security, Operations Security, Ransomware, Risk | Permalink
|
Comments (2)
26 January 2018
(ISC)² Secure Summit UK Insights: The Future Impact of AI in Cybercrime
(ISC)²’s two-day Secure Summits bring multi-subject sessions from hands on practical workshops to keynotes and panel discussions, featuring local and international industry experts to maximise the learning experience and CPE opportunities. Serving the entire (ISC)² EMEA professional community with regional events, the Summits offer a wealth of educational value, networking opportunities, and a community forum for like-minded professionals, all of which are FREE to (ISC)² members & (ISC)² Chapter members. Read on for insights from one of our popular Secure Summit UK sessions... You’re the CEO of an international oil and gas company. Business risk and risk management planning is... Read more →
Posted by (ISC)² Management on 26 January 2018 at 04:00 AM in (ISC)² Events, Cybersecurity Training, Insider Risk, Malware, Ransomware | Permalink
|
Comments (0)
02 January 2018
Do You Feel What I Feel? Cybersecurity’s Impact of Humans and Machines
Organizations, individuals feel pain of breaches, critics silenced, and China outraged. As analysts and cybersecurity experts make predictions about the future of cyber and the advancements we can expect to see in artificial intelligence (AI), it’s worth taking a moment to think about the power of machines and their impact on human emotions. AI holds the promise that someday computers will possess emotional intelligence, but will computers ever really be able to mimic our natural human emotions? Everything from mere words, names, and numbers evokes strong feelings in people, and few names elicit the strong emotional response as that of... Read more →
Posted by (ISC)² Management on 02 January 2018 at 03:00 PM in Government , Malware, Ransomware | Permalink
|
Comments (1)
10 November 2017
Weekly Security Headlines: Hearings, guidelines and news
New guidelines, increased government oversight, and mounting stress in cybersecurity With the 4th quarter underway, we are starting to see lots of predictions about what the cybersecurity industry can expect to see come 2018. Thinking about the future makes it easy to forget about what is happening right now, though. Let’s take a look back at the news that happened this week to remind us of where we are, before we focus too much on where we’re going. Arguably the biggest industry-wide news of the week was the Senate Commerce Committee hearing, “Protecting Consumers in the Era of Major Breaches.... Read more →
Posted by (ISC)² Management on 10 November 2017 at 02:10 PM in Ethics, Government , IT Security, Malware, Privacy, Ransomware, Risk | Permalink
|
Comments (1)
27 October 2017
Security Headlines: Hopping Around
This week’s National Cybersecurity Awareness campaign focused on feeding the pipeline to narrow the skills gap in the cybersecurity workforce. While StaySafeOnline declared “The Internet Wants You: Consider a Career in Cybersecurity,” Ransomware hopped to the headlines. Rabbit on the run ‘Bad Rabbit’, the third global outbreak of the year with similarities to NotPetya, struck companies throughout Russia and Eastern Europe with file-encrypting malware. This strand of ransomware metaphorically knocks on the user’s door by way of a malicious pop-up offering a Flash update. Though the outbreak was first reported, it’s suspected that the group behind the attack has been... Read more →
Posted by (ISC)² Management on 27 October 2017 at 11:10 AM in Malware, Network Security, Ransomware | Permalink
|
Comments (0)
22 September 2017
Security Headlines: Do you know where your data records are?
It’s 2:00 pm. Do you know where your data records are? Here are the security headlines from the week of September 18, 2017. Say it ain’t so, SEC. Say it ain’t so! It looks like the U.S. Securities and Exchange Commission (SEC) suffered a cyber attack in 2016. Hackers have been trading using non-public information. In more cybercrime news, Help Net Security has a list of most wanted malware and mobile malware. We’re all hoping the risk of wearable devices is worth the health benefit – or is that just what I tell myself about my FitBit? But what if... Read more →
Posted by (ISC)² Management on 22 September 2017 at 02:00 PM in Malware, Privacy, Risk | Permalink
|
Comments (1)
01 September 2017
Security Headlines: Spying & Stealing
Spying, stealing, defacing. It’s been a busy week. These are the top security headlines for the week of August 28, 2017: The U.S. Navy says there’s no evidence of a cyber attack in the crash of the USS John S. McCain – but hypothetically, this is how it would work. Reuters reports cyber spies are using malware to target India and Pakistan – including decoy clickbait with Reuters reports. Yes, you read that right. Hurricane Harvey is a once in a 1,000 years disaster, but be careful before you donate. Scammers are registering domains to collect “donations” for bogus organizations.... Read more →
Posted by (ISC)² Management on 01 September 2017 at 11:14 AM in Ethics, Government , Malware, Ransomware | Permalink
|
Comments (0)
25 August 2017
Security Headlines: Word Malware, Cloud Disasters and More
Malware through Word, hacked robots and cloud disasters? No wonder we have anxiety. These are the top security headlines for the week of August 21, 2017: Clippy never warned us about this! Attackers are exploiting a Microsoft Word feature that auto-updates links to install malware. The financial impact of a breach is always being reported on, but what about the mental and emotional cost? What’s its mission? Collaborative and industrial robots are under the “hacker microscope” according to Dark Reading and could be vulnerable. Cloud causing more damage than a hurricane? It’s possible. Further proving the “it’s not if, but... Read more →
Posted by (ISC)² Management on 25 August 2017 at 02:30 PM in Cloud Security, Malware | Permalink
|
Comments (1)
11 August 2017
Security Headlines: Payouts and Panic
WannaCry and NotPetya aftermath means payouts and panic. Here are the top security headlines for the week of August 7, 2017: Big money, no whammies! It seems like the hackers behind WannaCry have cashed out their bitcoin into Monero, a harder to track cryptocurrency. Mo money means mo malware. The success – can we call it that? – of WannaCry and NotPetya means ransomware is not going away any time soon, because… well, people and businesses pay the ransom. What’s that definition of insanity? Oh yeah, doing the same thing and expecting a different result… Tripwire research indicates that two-thirds... Read more →
Posted by (ISC)² Management on 11 August 2017 at 11:28 AM in Government , Insider Risk, IT Security, Malware, Network Security, Operations Security, Ransomware | Permalink
|
Comments (0)
20 June 2017
Looking for cybersecurity job? Healthcare is hiring!
While the projected 1.8 million cybersecurity workforce gap is a staggering number, the Global Information Security Workforce Study did reveal which sectors are most aggressively looking to address this talent shortfall. Healthcare, retail and manufacturing top the list of industries looking to increase their cybersecurity workforce by more than 20% over the next year. Healthcare, in particular, is aiming for a 39% increase. It’s not surprising that they’re leading the charge to staff up, as Privacy Rights Clearninghouse reports that there were 223 known breaches to healthcare organizations in the United States in 2016 - and another 46 disclosed so... Read more →
Posted by (ISC)² Management on 20 June 2017 at 03:00 PM in Cybersecurity Certifications, Cybersecurity Training, Malware, Ransomware, Risk | Permalink
|
Comments (1)
17 June 2017
Security Headlines: Malware, Malware, Malware
From malware built to disrupt our critical infrastructure to front-line cyber soldiers, here are some of the top security headlines from the week of June 12: The malware cometh. The “nightmare” malware has been attacking power plants in Europe, causing blackouts and Daily Beast reports that U.S. companies have been warned. “I’m a Mac.” “You still might be in trouble.” That’s what security researchers are saying to Bleeping Computer after two new strains of Mac malware have been offered through the Dark Web over the last few weeks. Is the cloud really safer? Help Net Security found that most IT... Read more →
Posted by (ISC)² Management on 17 June 2017 at 09:30 AM in Cloud Security, Malware, Ransomware | Permalink
|
Comments (4)
02 June 2017
Weekly Security Headlines: Still Crying and Fireball
A holiday week in the U.S. and U.K. means five days worth of headlines in four business days. Here’s what we saw this week… Wanna move on from WannaCry? Not so fast, my friend. BitSight looks at the global impact of the ransomware that spread two weeks ago and found that the ransom collected is only around $100,000. Dark Reading reports on cyber criminals attacking each other on the dark web. Can’t we all just get along? No, apparently not. The price of a breach is high. Bitdefender looks at the Ponemon Institute’s study of the impact on stock prices.... Read more →
Posted by (ISC)² Management on 02 June 2017 at 03:09 PM in Malware, Ransomware | Permalink
|
Comments (2)
22 May 2017
Weekly Security Headlines: WannaCry Spillover, Mickey Mouse Hacked, DocuSign Phishing and 560 Million Passwords
Not surprisingly, WannaCry remained top of mind last week. We’re sure you’re doing everything you can to patch your environment and prevent similar ransomware attacks in the future. Here are some WannaCry headlines (and other security news) that caught our eye last week. WannaCry Rolls On According to the Dark Reading article WannaCry's 'Kill Switch' May Have Been a Sandbox-Evasion Tool, researchers early last week were looking into the “kill switch” and consensus seemed to be building that it was a poorly constructed VM analysis/sandbox evasion technique. WIRED went a bit deeper with their assessment The WannaCry Ransomware Hackers Made... Read more →
Posted by (ISC)² Management on 22 May 2017 at 10:37 AM in Malware, Network Security, Ransomware | Permalink
|
Comments (2)
18 May 2017
How to Stop and Remediate WannaCry
The effects of WannaCry, the ransomware dominating international headlines, continue to be felt by organizations and individuals alike. If you or anyone you know has had a device infected, (ISC)2 has advice for stopping and remediating the attack. View the video below to see how you can respond to WannaCry: Read more →
Posted by (ISC)² on 18 May 2017 at 06:45 PM in Malware, Ransomware | Permalink
|
Comments (1)
10 February 2017
Calling All Cybersecurity Experts!
This year’s (ISC)² Security Congress – with the theme “Leaders of Tomorrow” – will take place September 25-27 in Austin, Texas at the JW Marriott. For the first time, Security Congress will be a stand-alone event, without former partner ASIS International. “We value the partnership we had with ASIS International for the past six years, but it was time for Security Congress to stand on its own to address the programming needs expressed by our members,” says (ISC)² CEO David Shearer. The cybersecurity conference will host more than 90 educational sessions, as well as a town hall meeting, career center... Read more →
Posted by (ISC)² Management on 10 February 2017 at 09:25 AM in (ISC)² Events, Cloud Security, Cybersecurity Certifications, Digital Forensics, IT Security, Malware, Network Security, Privacy, Ransomware, Risk | Permalink
|
Comments (0)
24 October 2016
(ISC)² Security Congress EMEA Opened a Window to Our Future
A view from the Conference Chair, Dr. Adrian Davis, CISSP, Managing Director (EMEA) (ISC)² From an examination of how augmented humans will live, work and play, to policy commitments from the Irish government, (ISC)²’s Third Annual Congress EMEA delegates gained a comprehensive view of the changing world to be faced by cybersecurity professionals. The international community of 250 members and information security professionals started to gather the evening before the event for our member reception and Town Hall Q&A. These events presented a well appreciated opportunity to hear from four serving members of our Board of Directors from outside the... Read more →
Posted by (ISC)² Management on 24 October 2016 at 04:54 PM in (ISC)² Events, Center for Cyber Safety and Education, Cloud Security, Cybersecurity Certifications, IT Security, Malware, Network Security | Permalink
|
Comments (0)
09 March 2016
The Accidental Security Threat: Insiders
Insider threats can be malicious; but more commonly, they are accidental. The weakest point in any security program is people. They can have ill intent, they can also be manipulated or exploited, and they can simply make a mistake and email a spreadsheet full of client information to the wrong email address. These types of incidents are real and happen every day. They can lead to disastrous results on par with any major external cyberattack. Traditionally, these threats are overlooked by most businesses as they are more concerned with the unknown malicious actor than the known staff member or business... Read more →
Posted by (ISC)² Management on 09 March 2016 at 11:27 AM in Insider Risk, Malware, Network Security | Permalink
|
Comments (0)
22 March 2015
IT Security essentials for small and medium enterprises
It is no secret that the cyber criminals are where the money are. If the targets are easy to breach, it is even better since this improves the ratio effort/outcome for them. Usually, small to medium size companies are preferred targets because they fit in this category: they do have money, more than the private users, and are very easy to infiltrate. The tips below help these companies not only to survive in the cyber world, but also keep the attackers away. Read more →
Posted by Sorin Mustaca on 22 March 2015 at 05:45 PM in Malware, Network Security | Permalink
|
Comments (1)
17 September 2013
A Spook in the Wheel
It’s important to keep improving products as they move further and further away from static detection, but if we’re to counter misinformation from other security sectors, we also need to make it clearer to our audiences and customers – not necessarily the same thing - what we really do and what they can realistically expect from us. Read more →
Posted by David Harley on 17 September 2013 at 04:24 PM in IT Security, Malware | Permalink
|
Comments (0)
12 July 2013
Of Mice and Men
I’ve noticed a number of articles recently based on historical summaries of threats past – for instance, a ‘brief history of Apple hacking’ (see also my commentary for Infosecurity Magazine) and SC Magazine’s Ten Devastating Computer Viruses. In general, I’m more fascinated by the fact that the media and the reading public are so taken with top ten lists – in fact, I’ve considered the phenomenon a couple of times with some seriousness, as in Perfect Ten: Truth and Prognostication – than I am by the prospect of putting my own lists together. Though I have done from time to... Read more →
Posted by David Harley on 12 July 2013 at 07:35 AM in IT Security, Malware | Permalink
|
Comments (0)
Search
(ISC)² Links
Categories
- (ISC)² Chapters
- (ISC)² Events
- Center for Cyber Safety and Education
- Cloud Security
- Cybersecurity Certifications
- Cybersecurity Training
- Cybersecurity Workforce
- Digital Forensics
- Ethics
- Government
- Insider Risk
- IT Security
- Legal
- Malware
- Network Security
- Operations Security
- Privacy
- Ransomware
- Risk
- Software Development
- Spotlight