Industrial control systems are essential to the smooth operation of various national critical infrastructure. While once segmented from the web, these systems are now becoming increasingly more networked and remotely accessible as organizations transform to meet the digital age. This development potentially exposes industrial control systems to digital threats.
A cyber attack (or cyberattack) is any attempt to expose, alter, disable, destroy, steal or gain unauthorized access to a computer system, infrastructure, network, or any other smart device. In some cases, cyber attacks can be part of a nation-states cyber warfare or cyber terrorism efforts, while other cybercrimes can be employed by individuals, activist groups, societies or organizations. Strong organizational wide cyber security controls are now more important than ever.
The cyber kill chain illustrates the structure of a successful cyber attack. It is effectively the hacker’s process from beginning to end, from scoping a target (reconnaissance) all the way to achieving their objective, whether that’s data theft or dropping and executing malware. When approaching your cyber security strategy, you should align your defences to the cyber kill chain. Like Batman becoming fear, to defeat the hacker, you must become a hacker.
The North American Electic Reliability Corporation (NERC) is an international regulatory organization that works to reduce risks to power grid infrastructure. They do this through the continual development of a set of regulatory standards in addition to education, training, and certifications for industry personnel.
Digital attacks targeting water facilities are on the rise. In its 2016 Data Breach Investigations Report, for instance, Verizon Enterprise disclosed an incident in which bad actors breached a water treatment plant and altered the levels of chemicals used to treat tap water at that facility. News of this incident came approximately two years after the ONWASA water facility revealed it had suffered a ransomware attack that had disrupted its internal computer system in the wake of Hurricane Florence.
Messages are one of the most popular ways of communication today. Most organizations and firms accept that the simplest method for transferring data is through Emails. According to Business Matters, a leading business magazine in the UK, there are plenty of vital areas in the business world, but there aren’t many more essential or important than Emails.
Have you ever seen the bridge of a commercial cargo shipping vessel? It is like a dream come true for every kid out there–a gigantic PlayStation. Unfortunately, maritime computer systems are also attractive to malicious cyber actors. Illustrating this interest by malicious individuals, the U.S. Coast Guard issued a safety alert warning all shipping companies of maritime cyber attacks.
Today, the majority of our critical systems are intertwined with each other and are administrated by/through computers. Many decisions are automated and our lives are to some extent reliant on IoT connected devices. A great deal of our data is on cloud storage facilities and almost all of our personal data is stored in a device that has internet connection. The connectivity and complexity of these systems make them vulnerable. That is why cybersecurity has been gaining more and more importance.
HTTP Response Splitting is a type of attack that occurs when an attacker can manipulate the response headers that will be interpreted by the client. This article goes into details on how this can be abused by an attacker to insert arbitrary headers and the impact of this type of attack.
Cybersecurity professionals know what they’re up against. The type, number and severity of cyberattacks grows with time. Hackers display no shortage of cunning and ingenuity in exploiting security vulnerabilities, compromising important data and inflicting damage to both individuals and organizations. Cybersecurity professionals also know that their defenses must evolve along with the attacks, requiring them to display even more ingenuity than hackers when creating security tools.
