Tuesday , November 5 2024
Coding

80% of organizations faced an email-based security breach

Most critical infrastructure sectors have experienced an email security breach in the past year. A study by Osterman Research, commissioned by OPSWAT, found that 80% of organizations suffered an email-based security breach.

Even as criminal hackers target the sector, CI businesses appear to be failing to protect their systems. Osterman Research found that 75% of cyber-threats to critical infrastructure arrived by email.

GitHub launched an AI tool to build apps without code

GitHub has launched an AI tool called 'Spark' that allows users to create apps using natural language, eliminating the need...
Read More
GitHub launched an AI tool to build apps without code

Hacker offer Titas gas root access to sale

"A threat actor has reportedly claimed to gain root-level access to Titas Gas’s firewall server and is actively offering this...
Read More
Hacker offer Titas gas root access to sale

New malware FakeCall intercepts your calls to the bank

Zimperium researchers have found a new version of FakeCall malware for Android that threatens financial security. This malware redirects users'...
Read More
New malware FakeCall intercepts your calls to the bank

Hikvision Patches Security Flaw in Network Cameras

Hikvision, a top provider of network cameras, has issued firmware updates to fix a security vulnerability that could reveal users'...
Read More
Hikvision Patches Security Flaw in Network Cameras

SonicWall report
Government Sector faces 236% Surge in Malware Attacks

Global threat actors have significantly increased attacks on government sectors, with malware-driven attempts rising by triple digits in the first...
Read More
SonicWall report  Government Sector faces 236% Surge in Malware Attacks

Bangladesh Kubernetes User Group Meetup successfully completed

Meetup of Bangladesh Kubernetes User Group was held at Banani Club 9294, Dhaka on Thursday, 31 October 2024. A lively...
Read More
Bangladesh Kubernetes User Group Meetup successfully completed

Bangladesh Bank issues cyber threat alert

Bangladesh Bank issues alert on cyber threat. In its alert the central bank said, according to Bangladesh cyber security intelligence...
Read More
Bangladesh Bank issues cyber threat alert

Hacker claim data breach: bank confirms blaming third party

Interbank, a major financial institution in Peru, has confirmed a data breach after a hacker leaked stolen data online. Formerly...
Read More
Hacker claim data breach: bank confirms blaming third party

CISA Launches Its First Ever International Strategic Plan

The US Cybersecurity and Infrastructure Security Agency (CISA) has released its first international strategic plan to enhance global cooperation in...
Read More
CISA Launches Its First Ever International Strategic Plan

Rented bank account used to illegal transection: 5 arrested

The Indian Cyber Crime Coordination Centre (I4C) has warned about illegal payment gateways set up by transnational cyber criminals using...
Read More
Rented bank account used to illegal transection: 5 arrested

63.3% of organizations feel their email security needs improvement, and 48% are not confident in their current email defenses.

Researchers discovered that email is the main method for attacking the critical infrastructure sector, primarily through phishing and malicious links or attachments. However, more than half of organizations believed that emails posed no threat.

Osterman noted that the risks increase because key systems in critical infrastructure, particularly operational technology, are now more often connected to standard IT networks and the internet.

“IT networks and OT (operational technology) networks are increasingly linked. Significantly fewer OT networks are still air gapped, and the digital transformation activities of the past decade has resulted in OT networks being connected to the Internet,” the researchers wrote.

This enables a successful email attack to spread not only within the victim’s IT systems but also into OT networks.

Osterman Research found that the most common incidents were phishing attacks that compromised credentials, followed by issues with Microsoft 365 credentials.

Researchers found that many CI organizations are not compliant. Only 34.4% believed they were fully compliant, and just 28% of EMEA organizations felt they met GDPR requirements.

Research shows that critical infrastructure organizations anticipate an increase in threats. Two-thirds expect phishing attacks to rise next year, and 40% foresee more nation-state backed attacks.

“Email attacks have continued to rise over the past few years, particularly targeting critical infrastructure organizations. Not only are attacks more frequent, but they are evolving to bypass traditional security measures, making it clear that email remains the primary attack vector for cybercriminals,” Itay Glick, VP of products at OPSWAT, told Infosecurity.

“Email security often gets overlooked because many organizations operate under the assumption that basic protections, like spam filters or standard anti-malware, are sufficient,” Glick explained.

“It is often only after a successful breach that email security receives the attention it deserves, by which time the damage is already done.”

Check Also

fraud

Bangladeshi Social media flooded with unauthorized withdrawals from bank accounts

Bangladeshi Social media posts have raised concerns about unauthorized withdrawals from bank accounts, affecting at …

Leave a Reply

Your email address will not be published. Required fields are marked *