Security Affairs

OCTOBER 4, 2021

ChamelGang APT is a new cyberespionage group that focuses on fuel and energy organizations and aviation industry in Russia. ChamelGang is a new APT group that was first spotted in March by researchers at security firm Positive Technologies, it targets Russian companies in the energy and aviation industry. ” concludes the report.

Energy and Utilities 123

Energy and Utilities Malware Technology Antivirus 123

SecureList

NOVEMBER 29, 2024

The malware utilizes cloud resources for its C2 (command and control) servers, which it accesses via APIs using authentication tokens. The campaign, which we dubbed EastWind , used phishing emails with malicious shortcuts attached to deliver malware to target computers. CloudSorcerer also employs GitHub as its initial C2 server.

Energy and Utilities 101

Energy and Utilities Ransomware Malware Government 101

Security Affairs

MAY 19, 2020

Spear-phishing is a rapidly emerging threat. It’s more specific than generic phishing attempts and often targets a single person or company. Data from Barracuda cybersecurity researchers identified a 667% increase in spear-phishing attacks between the end of February and the following month.

Energy and Utilities 122

Energy and Utilities Phishing Advertising Technology 122

SecureWorld News

APRIL 10, 2025

Organizationsparticularly those in critical sectors such as energy, healthcare, and financerely on CISA for guidance on emerging threats and best practices. Innovation and collaboration impact: Reduced internal capacity may spur CISA to lean more heavily on technology and external partnerships to uphold national security standards.

Energy and Utilities 88

Energy and Utilities Backups Healthcare Cybersecurity 88

Joseph Steinberg

MAY 12, 2021

And, just before the COVID-19 pandemic hit the United States, the Department of Homeland Security alerted information security professionals that a ransomware attack delivered via phishing emails had adversely impacted operations at one of the country’s natural gas processors. Nor were those isolated incidents.

Energy and Utilities 219

Energy and Utilities Ransomware Artificial Intelligence Cyber Attacks 219

Krebs on Security

DECEMBER 12, 2018

But in a marketing email sent to FICO members on Tuesday advertising its new benchmarking feature, FICO accidentally exposed the FICO Cyber Risk Score of energy giant ExxonMobil. The October analysis by the Chamber and FICO gives U.S. businesses an overall score of 687 on a scale of 300-850. ARE YOU EXPERIANSED?

Cyber Risk 247

Cyber Risk Energy and Utilities Risk Marketing 247

Security Affairs

MARCH 25, 2022

has indicted four Russian government employees for their role in cyberattacks targeting hundreds of companies and organizations in the energy sector worldwide between 2012 and 2018. According to the indictment, the campaigns against the energy sector campaign involved two phases. and international Energy Sector organizations. .

Government 115

Government Energy and Utilities Malware Hacking 115

SecureList

AUGUST 19, 2024

They have been targeting entities in multiple sectors, including governmental institutions, financial companies, energy and oil and gas companies, among others. The eagle goes phishing The spreading method used by BlindEagle is via phishing emails. Spam campaigns impersonating financial and banking entities are also common.

Phishing 131

Phishing Energy and Utilities Malware Banking 131

The Last Watchdog

JULY 13, 2023

Bantick “As the MOVEit hack has proved, the bad actors are always looking for new ways to attack with tactics ranging from third party supplier attacks to more sophisticated social engineering and phishing attack techniques.

Cyber Risk 189

Cyber Risk Risk Insurance Energy and Utilities 189

Security Affairs

FEBRUARY 28, 2024

“As early as 2022, APT28 actors had utilized compromised EdgeRouters to facilitate covert cyber operations against governments, militaries, and organizations around the world.” The webmail account credentials were collected via cross-site scripting and browser-in-the-browser spear-phishing campaigns.

Energy and Utilities 132

Energy and Utilities Government Firewall Malware 132

SecureList

DECEMBER 16, 2021

of all computers attacked by the PseudoManuscrypt malware are part of industrial control systems (ICS) used by organizations in various industries, including Engineering, Building Automation, Energy, Manufacturing, Construction, Utilities, and Water Management. According to our telemetry, at least 7.2%

Spyware 135

Spyware Energy and Utilities Malware VPN 135

CyberSecurity Insiders

OCTOBER 26, 2021

Industries such as healthcare and energy and utilities are susceptible and arguably the most vulnerable to ransomware or other cybersecurity incidents. Phishing incident. The AT&T Managed Threat Detection and Response (MTDR) analyst team was notified that a user fell victim to a phishing email.

Cybersecurity 128

Cybersecurity Threat Detection Energy and Utilities Ransomware 128

Security Affairs

MAY 9, 2020

The attacks targeted a major utility provider, a university, and a government agency in the United States, a health agency in Canada, a health insurance provider, an energy company in Australia, and a European medical publishing company to deliver various malware families. 111 for command and control.

Healthcare 100

Healthcare Government Energy and Utilities Insurance 100

eSecurity Planet

SEPTEMBER 14, 2022

As a matter of fact, the most-reported crime in the 2021 Internet Crime Report report was phishing , a social engineering scam wherein the victim receives a deceptive message from someone in an attempt to get the victim to reveal personal information or account credentials or to trick them into downloading malware. Technological tactics.

Social Engineering 121

Social Engineering Energy and Utilities Phishing Internet 121

SecureList

APRIL 27, 2023

Middle East We have identified ongoing spear-phishing campaigns targeting Middle Eastern countries dating back to July 2021. The group went after high-profile entities operating in the government, aviation, energy, telecoms and banking sectors. The threat actor utilized embedded Proton Mail and Gmail addresses for data exfiltration.

Energy and Utilities 145

Energy and Utilities Malware Government Manufacturing 145

SecureList

MARCH 13, 2025

Additionally, Head Mare attacks utilized command-and-control (C2) servers exclusively linked to Twelve prior to these incidents. The attackers also exploited software vulnerabilities, most commonly CVE-2023-38831 in WinRAR through phishing emails. This suggests potential collaboration and joint campaigns between the two groups.

Energy and Utilities 75

Energy and Utilities Software Accountability Phishing 75

The Last Watchdog

MARCH 4, 2019

In fact, memory attacks have quietly emerged as a powerful and versatile new class of hacking technique that threat actors in the vanguard are utilizing to subvert conventional IT security systems. Allegedly developed by US and Israeli operatives, Stuxnet was discovered circulating through Iranian nuclear energy facilities in 2010.

Hacking 212

Hacking Energy and Utilities System Administration Accountability 212

Thales Cloud Protection & Licensing

NOVEMBER 6, 2019

That pace is unlikely to slow down over the coming years; Pagely noted that organizations are still turning to IoT devices as a way to automate and optimize their business processes as well as save on energy costs. billion in number and generate 79.4 zettabytes (ZB) of data by 2025. Healthcare is in Need of a Check-Up.

IoT 122

IoT Risk Energy and Utilities Healthcare 122

Security Affairs

SEPTEMBER 9, 2020

K-Electric (KE) (formerly known as Karachi Electric Supply Company / Karachi Electric Supply Corporation Limited) is a Pakistani investor-owned utility managing all three key stages – generation, transmission and distribution – of producing and delivering energy to consumers. million customers and around 10,000 people.

Ransomware 145

Ransomware Energy and Utilities VPN Advertising 145

SecureList

NOVEMBER 22, 2022

Decreasing CTI quality – unfounded politically motivated cyberthreat attribution, exaggerated threats, lower statement validity criteria due to political pressure and in an attempt to utilize the government’s political narrative to earn additional profits.

Energy and Utilities 130

Energy and Utilities Marketing Government Phishing 130

Security Affairs

APRIL 19, 2023

Mint Sandstorm also used custom tools in selected targets, notably organizations in the energy and transportation sectors. Microsoft also observed The Iran-linked APT group using another attack chain involving low-volume phishing campaigns and a different custom implant. ” concludes Microsoft.

Energy and Utilities 98

Energy and Utilities Accountability Education Media 98

SecureList

NOVEMBER 23, 2021

For example, a popular tactic in spyware attacks is now to send phishing e-mails from compromised corporate mail accounts of a partner organization of the intended victim. In particular, we have seen more than a few poorly crafted phishing e-mails full of clearly visible blunders in campaigns associated with well-known APTs.

Spyware 137

Spyware Phishing Cybercrime Energy and Utilities 137

Security Affairs

JULY 2, 2019

The APT33 group has been around since at least 2013, since mid-2016, the group targeted the aviation industry and energy companies with connections to petrochemical production. These executables are both downloaders that utilize powershell to load the PUPY RAT. Most of the targets were in the Middle East, others were in the U.S.,

Energy and Utilities 109

Energy and Utilities Malware Advertising InfoSec 109

CyberSecurity Insiders

FEBRUARY 1, 2022

Most of our current online privacy protocols utilize cryptography to maintain privacy and data integrity. Quantum computing focuses on developing computer technology based on principles that describe how particles and energy react at the atomic and subatomic levels. Phishing and spoofing attacks can be highly covert.

Risk 134

Risk Social Engineering Threat Detection Encryption 134

CyberSecurity Insiders

JUNE 3, 2021

This breach, like every major ransomware attack, was likely because of spear phishing, where someone either received the malware via an emailed attachment or clicked on a link that took them to a website that hosted it. It triangulates my work and underscores its validity for solving the problem of spear phishing.

Cybersecurity 136

Cybersecurity Energy and Utilities Social Engineering Phishing 136

Security Affairs

AUGUST 31, 2022

“The joint efforts of Proofpoint and PwC researchers provide a moderate confidence assessment that recent campaigns targeting the federal government, energy, and manufacturing sectors globally may represent recent efforts by TA423 / Red Ladon.” ” read the report published by the experts.

Energy and Utilities 98

Energy and Utilities Manufacturing Government Media 98

IT Security Guru

JUNE 16, 2021

In addition to hacking efforts, businesses reported increased pressure from phishing (44%), fake contact tracing apps and calls (43%) and ransomware (43%), with the greatest increase in incidents in the energy, oil, gas and utilities sector (80%).

CISO 104

CISO Energy and Utilities Phishing Ransomware 104

IT Security Guru

OCTOBER 24, 2024

This attack method utilizes a “clean” URL within the body of the email before redirecting the user to a malicious one upon clicking it. Manufacturing (27%) suffered the most from BEC, phishing, and malspam emails this quarter. These links bypass traditional email defenses because threat actors use URL detection to great effect.

Energy and Utilities 73

Energy and Utilities Scams Manufacturing Malware 73

eSecurity Planet

MARCH 14, 2022

Cobalt Strike – now owned by HelpSystems – provides various packages and tools to detect outdated software, generate malware , test endpoints , or run spear phishing campaigns that maximize success rate. While that’s true, it requires time, effort, and energy. Threat actors manage to grab these tools (e.g.,

Energy and Utilities 132

Energy and Utilities DNS Penetration Testing Ransomware 132

SecureList

NOVEMBER 9, 2022

Phishing attacks are going to become even more sophisticated, since a lot of basic tactics have already been tried this year, and businesses learned to repel those. The economic downturn (caused by energy prices, inflation, sanctions, etc.) Yury Slobodyanuk , head of content filtering research, Kaspersky.

Cybersecurity 144

Cybersecurity Cyber Insurance Cybercrime IoT 144

Thales Cloud Protection & Licensing

JULY 21, 2022

The threat of attacks against Critical National Infrastructure (CNI) – energy, utilities, telecommunications, and transportation – is now front of mind for many. This includes using easily guessed passwords and falling victim to phishing and socially engineered techniques such as business email compromise.

Cyber threats 71

Cyber threats Energy and Utilities Ransomware IoT 71

CyberSecurity Insiders

OCTOBER 28, 2022

In another example from this year, a version of the Industroyer malware that spreads via spear phishing emails which are part of cloud-based email systems, got access to power grids and almost shut down power supply to a portion of Ukraine’s capital (lack of or poor implementation of cloud native controls to detect and avoid phishing).

IoT 134

IoT Architecture Energy and Utilities Firewall 134

Centraleyes

JANUARY 21, 2024

The transition to remote work during the pandemic has also exposed new vulnerabilities, increasing susceptibility to phishing attacks. Essential entities ” span sectors such as energy, healthcare, transport, and water. Action Steps: Utilize assessment insights to craft short-term and long-term action plans.

Cybersecurity 110

Cybersecurity Energy and Utilities Cyber threats Risk 110

SecureList

NOVEMBER 26, 2021

The attackers obtain initial access to a system by sending a spear-phishing email to the victim containing a Dropbox download link. That library was then loaded by the legitimate MsMpEng.exe by utilizing the DLL side-loading technique. The link leads to a RAR archive that masquerades as a Word document. cents per record).

Malware 133

Malware Banking Energy and Utilities Accountability 133

BH Consulting

SEPTEMBER 24, 2024

For example, the Commission for the Regulation of Utilities (CRU) will become the ‘competent authority’ for the energy, drinking water and wastewater sectors. MORE Fast-thinking Ferrari staffer red flags a phishing attempt. The National Cyber Security Bill 2024 is the legislative vehicle for transposing NIS2 into Irish law.

Energy and Utilities 69

Energy and Utilities Penetration Testing Banking Spyware 69

Security Boulevard

APRIL 28, 2021

A few years ago, a group of attackers used the Trojan to deploy SCADA-related plugins against victims in energy and ICS/SCADA networks in Ukraine and around the world. In later rounds, the Trojan spread through spear-phishing emails with malicious Excel or Word files. Webinar: Analysis of the Florida Water Utility Cyberattack .

Energy and Utilities 72

Energy and Utilities Malware DDOS Internet 72

SecureList

NOVEMBER 25, 2024

In general, we’ve observed hacktivists in the Russo-Ukrainian conflict become more skilled and more focused on attacking large organizations such as government, manufacturing and energy entities. However, one especially notable supply chain attack in 2024 was the XZ Utils backdoor, which we covered in a three-part blog post.

IoT 116

IoT Energy and Utilities Phishing Cryptocurrency 116