Wednesday , January 22 2025
Coding

80% of organizations faced an email-based security breach

Most critical infrastructure sectors have experienced an email security breach in the past year. A study by Osterman Research, commissioned by OPSWAT, found that 80% of organizations suffered an email-based security breach.

Even as criminal hackers target the sector, CI businesses appear to be failing to protect their systems. Osterman Research found that 75% of cyber-threats to critical infrastructure arrived by email.

Delay patching leaves about 50,000 Fortinet firewalls to zero-day attack

Fortinet customers must apply the latest updates, as almost 50,000 management interfaces remain vulnerable to the latest zero-day exploit. The...
Read More
Delay patching leaves about 50,000 Fortinet firewalls to zero-day attack

Daily Security Update Dated: 21.01.2025

Every day a lot of cyberattack happen around the world including ransomware, Malware attack, data breaches, website defacement and so...
Read More
Daily Security Update Dated: 21.01.2025

126 Linux kernel Vulns Allow Attackers Exploit 78 Linux Sub-Systems

Ubuntu 22.04 LTS users are advised to update their systems right away due to a crucial security patch from Canonical...
Read More
126 Linux kernel Vulns Allow Attackers Exploit 78 Linux Sub-Systems

CERT-UA alerts about “security audit” requests through AnyDesk

Attackers are pretending to be Ukraine's Computer Emergency Response Team (CERT-UA) using AnyDesk to access target computers. “Unidentified individuals are...
Read More
CERT-UA alerts about “security audit” requests through AnyDesk

Oracle Critical Pre-Release update addressed 320 flaw

Oracle Critical Patch Update Pre-Release Announcement shares details about the upcoming update scheduled for January 21, 2025. Note that this...
Read More
Oracle Critical Pre-Release update addressed 320 flaw

OWASP Reveils Top 10 Smart Contract Vulnerabilities for 2025

OWASP has released its updated list of the top 10 vulnerabilities in smart contracts for 2025. This guide highlights the...
Read More
OWASP Reveils Top 10 Smart Contract Vulnerabilities for 2025

Multiple Azure DevOps Vulns Allow To Inject CRLF Queries & Rebind DNS

Security researchers have found several vulnerabilities in Azure DevOps that could enable attackers to inject CRLF queries and carry out...
Read More
Multiple Azure DevOps Vulns Allow To Inject CRLF Queries & Rebind DNS

Intel holds 22 employees from one Bangladeshi University

Intel Corporation is a leading semiconductor chip manufacturer, employing at least 22 graduates from the Department of Applied Chemistry and...
Read More
Intel holds 22 employees from one Bangladeshi University

VPN Surge 1500% in USA after TikTok Shut Down

vpnMentor’s Research Team is monitoring the potential TikTok ban in the U.S., driven by national security and data privacy issues....
Read More
VPN Surge 1500% in USA after TikTok Shut Down

MITRE Launches D3FEND 1.0; The Milestone for Cybersecurity Ontology

MITRE launched D3FENDTM 1.0, a cybersecurity framework that provides a vocabulary and understanding of the cyber domain. D3FEND 1.0, funded...
Read More
MITRE Launches D3FEND 1.0; The Milestone for Cybersecurity Ontology

63.3% of organizations feel their email security needs improvement, and 48% are not confident in their current email defenses.

Researchers discovered that email is the main method for attacking the critical infrastructure sector, primarily through phishing and malicious links or attachments. However, more than half of organizations believed that emails posed no threat.

Osterman noted that the risks increase because key systems in critical infrastructure, particularly operational technology, are now more often connected to standard IT networks and the internet.

“IT networks and OT (operational technology) networks are increasingly linked. Significantly fewer OT networks are still air gapped, and the digital transformation activities of the past decade has resulted in OT networks being connected to the Internet,” the researchers wrote.

This enables a successful email attack to spread not only within the victim’s IT systems but also into OT networks.

Osterman Research found that the most common incidents were phishing attacks that compromised credentials, followed by issues with Microsoft 365 credentials.

Researchers found that many CI organizations are not compliant. Only 34.4% believed they were fully compliant, and just 28% of EMEA organizations felt they met GDPR requirements.

Research shows that critical infrastructure organizations anticipate an increase in threats. Two-thirds expect phishing attacks to rise next year, and 40% foresee more nation-state backed attacks.

“Email attacks have continued to rise over the past few years, particularly targeting critical infrastructure organizations. Not only are attacks more frequent, but they are evolving to bypass traditional security measures, making it clear that email remains the primary attack vector for cybercriminals,” Itay Glick, VP of products at OPSWAT, told Infosecurity.

“Email security often gets overlooked because many organizations operate under the assumption that basic protections, like spam filters or standard anti-malware, are sufficient,” Glick explained.

“It is often only after a successful breach that email security receives the attention it deserves, by which time the damage is already done.”

Check Also

Authority Denies
Hacker claim ransomware attack on Indonesia’s state bank BRI

Bank Rakyat Indonesia (BRI), the largest state bank by assets, has assured customers that their …

Leave a Reply

Your email address will not be published. Required fields are marked *