Could cyberattacks leave Europe in the dark?


A new report highlights how growing reliance on digital technologies across Europe, combined with geopolitical tensions and sophisticated threat actors, is creating a perfect storm that could put energy stability at risk and lead to the lights going out.
The study from security awareness training platform KnowBe4 shows the average number of cyberattacks against utilities more than doubled between 2020 and 2022. Specifically across Europe, cyber threats to the energy sector have surged, driven by an epidemic of under-reporting and lack of detection, with recent attacks disrupting operations, compromising sensitive data, and highlighting the urgent need for stronger cybersecurity measures.
Over half of organizations experience incidents involving industrial control or operational tech


Over the past year, more than 50 percent of organizations have experienced at least one security incident involving ICS/OT systems. Among the top vulnerabilities exploited are internet-accessible devices (33 percent) and transient devices (27 percent), often used to bypass traditional defenses.
A new report from the SANS Institute, in partnership with OPSWAT, shows that while 55 percent of organizations reported increased ICS/OT cybersecurity budgets over the past two years, much of that investment remains heavily skewed toward technology, with limited focus on operational resilience.
Thousands of industrial control devices exposed online


Recent attacks have highlighted the vulnerability of industrial control systems to attack and a new report has found 18,000 exposed devices that are likely used to control industrial systems.
The report, from internet intelligence platform Censys, focuses on ICS devices in the US and UK and also finds that almost 50 percent of the human-machine interfaces associated with water and wastewater systems (WWS) identified could be manipulated without any authentication required.
Increase in third-party access puts OT environments at risk


A new report from Cyolo and the Ponemon Institute reveals that third-party access to operational technology environments is significantly expanding the attack surface.
According to the study, 73 percent permit third-party access to OT environments, with an average of 77 third parties per organization granted such access.
Why building management system cybersecurity is critical [Q&A]


Building management systems (BMS) are responsible for controlling and monitoring various building services such as HVAC, energy, elevators, escalators, surveillance and access control.
They're crucial for service delivery across industries, including critical infrastructure such as energy, utilities, and healthcare. But they're also a significant of an organization's cyber risk due to their integration with IT networks and the internet.
The key threats facing ICS/OT environments


Industrial control system and operational technology environments are becoming increasingly interconnected and complex, offering efficiency and innovation. However, this also exposes organizations to heightened vulnerabilities from relentless cyber threats.
The latest SANS 2023 ICS/OT Cybersecurity Survey, sponsored by critical infrastructure protection specialist OPSWAT, shows the three items of utmost importance for ICS security programs in 2023 have been identified as network visibility, risk assessments, and transient device threat detection.
Over a third of ICS vulnerabilities have no patch available


New research from SynSaber, along with the ICS Advisory Project, into industrial control operational technology system vulnerabilities finds that 34 percent of the CVEs reported in the first half of 2023 currently have no patch or remediation available from the vendor.
This compares to the 35 percent that had no fixes in the second half of 2022 but is a significant increase from the 13 percent in the first half of last year.
Training makes critical infrastructure employees better at spotting phishing attacks


New research from security behavior change specialist Hoxhunt shows that 66 percent of active participants in security behavior training programs at critical infrastructure organizations detect and report at least one real malicious email attack within a year.
The report -- based on analysis of over 15 million phishing simulations and real email attacks reported in 2022 by 1.6 million people participating in security behavior change programs -- shows the effectiveness of training in making staff more engaged in organizational security.
The devices that pose a threat to critical infrastructure


Operational technology and industrial control system devices represent an attractive target for cybercriminals attempting to access networks, and for nation state actors looking to disrupt infrastructure.
Asset visibility and security company Armis is releasing new research identifying the riskiest devices that pose threats to critical infrastructure industries: manufacturing, utilities and transportation.
Multiple-threat ransomware attacks become more common


It used to be the case that all you had to worry about with ransomware was encrypted data, but the latest Cyberthreat Defense Report (CDR) from CyberEdge Group reveals that last year 78 percent of ransomware victims faced the consequences of one, two or three additional threats unless they paid the ransom.
Additional threats include launching distributed denial of service (DDoS) attacks (42 percent), notifying customers or the media of the data breach (42 percent), and publicly releasing exfiltrated data (40 percent).
A third of ICS vulnerabilities have no patch available


New research, from ICS/OT cybersecurity firm SynSaber, has analyzed over 900 CVEs reported in industrial control systems in the second half of 2022 and finds that 35 percent have no patch or remediation available.
Only 56 percent of the CVEs have been reported by the original equipment manufacturer (OEM), while 43 percent have been submitted by security vendors and independent researchers. A firmware update is required to fix 33 percent.
Why air-gapping may not be enough to protect your critical systems


The classic way of preventing critical systems, such as industrial controls, from attack is to air-gap them. That is to say ensure they don't have a connection to the internet.
But while they may not have a web connection they still often require DNS services in order to resolve a company's internal DNS records. New research from Pentera shows that this can provide a weak point to be exploited by attackers.
Industrial systems under threat from wipers and IoT botnets


The latest OT/IoT security report from Nozomi Networks shows that wiper malware and IoT botnets dominate threats to industrial control systems.
Researchers have observed the robust usage of wiper malware, and seen the emergence of an Industroyer variant, dubbed Industroyer2, developed to misuse the IEC-104 protocol, which is commonly used in industrial environments.
Get 'Industrial Cybersecurity -- Second Edition' ($51.99 value) FREE for a limited time


With Industrial Control Systems (ICS) expanding into traditional IT space and even into the cloud, the attack surface of ICS environments has increased significantly, making it crucial to recognize your ICS vulnerabilities and implement advanced techniques for monitoring and defending against rapidly evolving cyber threats to critical infrastructure.
Industrial Cybersecurity -- Second Edition covers the updated Industrial Demilitarized Zone (IDMZ) architecture and shows you how to implement, verify, and monitor a holistic security program for your ICS environment.
Recent Headlines
Most Commented Stories
BetaNews, your source for breaking tech news, reviews, and in-depth reporting since 1998.
Regional iGaming Content
© 1998-2025 BetaNews, Inc. All Rights Reserved. About Us - Privacy Policy - Cookie Policy - Sitemap.