CyberX Blog

170

The CyberX-Files – Issue #5

Welcome to the 5th edition of the CyberX-Files! In this issue we discuss: VPNFilter malware that captures MODBUS traffic and destroys routers; how the Iranian government has contracted 50 separate hacking groups to strike Western targets; why North Korean hackers are treated like Olympic athletes by the DPRK; and the DHS’s new cyber strategy.

170

The CyberX-Files – Issue #4

Welcome to the 4th edition of the CyberX-Files. In this issue, we have a number of new stories about Dragonfly (aka Energetic Bear), the Russian threat group that’s targeted energy firms since at least 2013. You’ll also read about why Iran is now perceived as having an “A-Team” of cyberattackers, and several articles about why routers are now juicy targets for attackers.

170

The CyberX-Files – Issue #3

In our 3rd edition of The CyberX Files, we’ll cover a busy month for the ICS security community. The US DHS and FBI confirmed that Russian threat actors have successfully compromised US critical infrastructure networks and new information emerged that TRITON may be connected to a series of cyberattacks on Saudi Arabian petrochemical plants. We have been busy as well, announcing the largest Series B funding round to date for an ICS cybersecurity company.

170

DHS/FBI Alert: Russian Government Cyber Activity Targeting Energy and Other Critical Infrastructure Sectors

This post originally appeared on LinkedIn. Yesterday’s unprecedented DHS/FBI announcement states that, since at least March 2016, “Russian government cyber actors—hereafter referred to as “threat actors”—targeted government entities and multiple U.S. critical infrastructure sectors, including the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors.” The attackers demonstrated sophistication by using a variety of […]

170

A Cyberattack in Saudi Arabia Had a Deadly Goal. Experts Fear Another Try.

In August, a petrochemical company with a plant in Saudi Arabia was hit by a new kind of cyberassault. The attack was not designed to simply destroy data or shut down the plant. It was meant to sabotage the firm’s operations and trigger an explosion. The attack was a dangerous escalation in international cyberwarfare, as faceless enemies demonstrated both the drive and the ability to inflict serious physical damage.