Wednesday , June 25 2025
Coding

80% of organizations faced an email-based security breach

Most critical infrastructure sectors have experienced an email security breach in the past year. A study by Osterman Research, commissioned by OPSWAT, found that 80% of organizations suffered an email-based security breach.

Even as criminal hackers target the sector, CI businesses appear to be failing to protect their systems. Osterman Research found that 75% of cyber-threats to critical infrastructure arrived by email.

WhatsApp banned on all US House of Representatives devices

The U.S. House of Representatives has banned congressional staff from using WhatsApp on government devices due to security concerns, as...
Read More
WhatsApp banned on all US House of Representatives devices

Kaspersky found “SparkKitty” Malware on Google Play, Apple App Store

Kaspersky found a new mobile malware dubbed SparkKitty in Google Play and Apple App Store apps, targeting Android and iOS....
Read More
Kaspersky found “SparkKitty” Malware on Google Play, Apple App Store

OWASP AI Testing Guide Launched to Uncover Vulns in AI Systems

OWASP has released its AI Testing Guide, a framework to help organizations find and fix vulnerabilities specific to AI systems....
Read More
OWASP AI Testing Guide Launched to Uncover Vulns in AI Systems

Axentec Launches Bangladesh’s First Locally Hosted Tier-4 Cloud Platform

In a major milestone for the country’s digital infrastructure, Axentec PLC has officially launched Axentec Cloud, Bangladesh’s first Tier-4 cloud...
Read More
Axentec Launches Bangladesh’s First Locally Hosted Tier-4 Cloud Platform

Hackers Bypass Gmail MFA With App-Specific Password Reuse

A hacking group reportedly linked to Russian government has been discovered using a new phishing method that bypasses two-factor authentication...
Read More
Hackers Bypass Gmail MFA With App-Specific Password Reuse

Russia detects first SuperCard malware attacks via NFC

Russian cybersecurity experts discovered the first local data theft attacks using a modified version of legitimate near field communication (NFC)...
Read More
Russia detects first SuperCard malware attacks via NFC

Income Property Investments exposes 170,000+ Individuals record

Cybersecurity researcher Jeremiah Fowler discovered an unsecured database with 170,360 records belonging to a real estate company. It contained personal...
Read More
Income Property Investments exposes 170,000+ Individuals record

ALERT (CVE: 2023-28771)
Zyxel Firewalls Under Attack via CVE-2023-28771 by 244 IPs

GreyNoise found attempts to exploit CVE-2023-28771, a vulnerability in Zyxel's IKE affecting UDP port 500. The attack centers around CVE-2023-28771,...
Read More
ALERT (CVE: 2023-28771)  Zyxel Firewalls Under Attack via CVE-2023-28771 by 244 IPs

CISA Flags Active Exploits in Apple iOS and TP-Link Routers

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently included two high-risk vulnerabilities in its Known Exploited Vulnerabilities (KEV)...
Read More
CISA Flags Active Exploits in Apple iOS and TP-Link Routers

10K Records Allegedly from Mac Cloud Provider’s Customers Leaked Online

SafetyDetectives’ Cybersecurity Team discovered a public post on a clear web forum in which a threat actor claimed to have...
Read More
10K Records Allegedly from Mac Cloud Provider’s Customers Leaked Online

63.3% of organizations feel their email security needs improvement, and 48% are not confident in their current email defenses.

Researchers discovered that email is the main method for attacking the critical infrastructure sector, primarily through phishing and malicious links or attachments. However, more than half of organizations believed that emails posed no threat.

Osterman noted that the risks increase because key systems in critical infrastructure, particularly operational technology, are now more often connected to standard IT networks and the internet.

“IT networks and OT (operational technology) networks are increasingly linked. Significantly fewer OT networks are still air gapped, and the digital transformation activities of the past decade has resulted in OT networks being connected to the Internet,” the researchers wrote.

This enables a successful email attack to spread not only within the victim’s IT systems but also into OT networks.

Osterman Research found that the most common incidents were phishing attacks that compromised credentials, followed by issues with Microsoft 365 credentials.

Researchers found that many CI organizations are not compliant. Only 34.4% believed they were fully compliant, and just 28% of EMEA organizations felt they met GDPR requirements.

Research shows that critical infrastructure organizations anticipate an increase in threats. Two-thirds expect phishing attacks to rise next year, and 40% foresee more nation-state backed attacks.

“Email attacks have continued to rise over the past few years, particularly targeting critical infrastructure organizations. Not only are attacks more frequent, but they are evolving to bypass traditional security measures, making it clear that email remains the primary attack vector for cybercriminals,” Itay Glick, VP of products at OPSWAT, told Infosecurity.

“Email security often gets overlooked because many organizations operate under the assumption that basic protections, like spam filters or standard anti-malware, are sufficient,” Glick explained.

“It is often only after a successful breach that email security receives the attention it deserves, by which time the damage is already done.”

Check Also

GreyNoise

ALERT (CVE: 2023-28771)
Zyxel Firewalls Under Attack via CVE-2023-28771 by 244 IPs

GreyNoise found attempts to exploit CVE-2023-28771, a vulnerability in Zyxel’s IKE affecting UDP port 500. …

Leave a Reply

Your email address will not be published. Required fields are marked *