On March 15, 2018, US CERT (U.S. Computer Emergency Readiness Team) issued a Technical Alert about “Russian government cyber actors” conducting a concerted cyberattack campaign against energy companies. Specifically, they gained access through small organizations connected to the target companies and then “conducted network reconnaissance, moved laterally, and collected information pertaining to Industrial Control Systems (ICS).”
As we survey the threat landscape, two things are certain—targeted attacks and advanced persistent threats (APTs) are here to stay, and organizations face increased risk from advanced attacks compared to the past two years. Several existing trends will continue, and we’re seeing attackers refine their tools in ways that will drive new trends in the coming months.
*This blog was originally posted on Dark Reading
In discussions about cyber attacks, “when, not if” has become overused. We all know attacks are going to happen to every organization that depends on the Internet—which of course, is nearly every one. The risk of an attack is always present—and, in fact, malicious actors or software are probably present at most times in most environments.
Have you ever realized that some words completely lose their meaning because they’re so overused? In the cybersecurity world, “hack” is a word that seems completely benign now that terms like “life hack” and “dinner hack” have become so popular.
Recently, it feels as if security breaches are running rampant throughout the business world – and it’s costing companies billions.