More than half of utilities have suffered an outage or data loss in the last 12 months, but only a minority of organizations seem ready for an attack that could affect operations, a survey finds. A large proportion of the utility companies responsible for power generation, water supply, and other critical civil functions are unprepared
An email phishing attack, thought to be from a nation-state actor, claims that engineers have failed licensing exams. A new phishing attack is hitting US utilities with threats that their engineers could be in danger of losing their professional licenses. But in reality, the only danger comes from panicked employees clicking on the embedded Word
Threat actors are increasingly ‘living off the land,’ using publicly available management and administration tools to conceal malicious activity.
1 of 9 Image Source: Shutterstock Cybercriminals have long used legitimate management and administration tools to break into enterprise networks, move laterally within them, and maintain persistence. Lately, though, use of these so-called
The attackers behind the Triton, or Xenotime, intrusions into critical infrastructure (CI) safety systems are testing their skills against electric power companies. Options for defense are still limited, however. In February 2019, the group behind the Triton attack on oil and gas companies changed their tactics: The group started scanning electric utility companies for vulnerabilities,