Claim OwnershipSecurity Breach
Subscribed: 9Played: 63
Subscribe
© 2024 Security Breach
Description
A weekly discussion of new developments and the latest cybersecurity threats, including ransomware, malware, phishing schemes, DDoS attacks and more, facing the U.S. industrial sector.
95 Episodes
Reverse
Many attacks on manufacturers are just the first step in going after even bigger targets.One of the inescapable truths about the industrial sector is that it is usually the ultimate proving ground for product performance. When we look at some of the technologies that have created seismic social shifts, tools like operational software, wireless connectivity and numerous monitoring devices were not ready for the demanding industrial environment right away.When it comes to cybersecurity, that dy...
In this episode, we dive into some of the most notorious attacks to hit manufacturing over the last six months.In addition to speaking with cybersecurity experts from around the world for this podcast, I’ve also been able to do a fair amount of reporting on our websites regarding several high-profile industrial attacks. So, I felt like it could be interesting to present some of these articles via the Security Breach podcast in helping further the conversation around tactics and lessons learne...
A look back at Security Breach guest's most accurate and timely industrial cybersecurity predictions.As we near our 100th episode of Security Beach, I thought it would be a good time to take a look back at some of our guest’s predictions from the previous 12 months. If you want to check out the full episodes from any of these previous guests, you can find them in the show archives, or by clicking through to our website. So, join me as we take a look back at a collection of predictions fr...
The new factors impacting a growing attack surface, and how to evolve your cyber risk strategies.The origins of what we talk about here on Security Breach can go back to any number of transformational events, but the reality is that all of them contributed an individual component to the unique mosaic that is the legacy of industrial cybersecurity. What is most interesting is that the first hacks of industrial control systems occurred at water treatment facilities, oil and gas pipelines and en...
How a greater focus on new and legacy OT connections could alter the cybersecurity battlefield.Everything old … is new again. While that might seem like a natural lead-in for discussing hacker tactics, that same mantra rings true when discussing OT technology. Mordor Intelligence recently reported that U.S. manufacturing spent over $307 billion on digital transformation technologies last year, and nearly every research and consulting outlet around the world is predicting that those numbers wi...
The good, the bad and the ugly of mobile device security in the expanding OT attack landscape.Included in the challenges associated with securing an ever-expanding OT attack surface is the role played by the increasing use of mobile devices – at both the enterprise and individual level. In fact, according to a recent report from Imprivata, only 46 percent of manufacturing organizations have the ability to maintain control over who has access to such devices and when, and 61 percent are using ...
It's not always about the ransom, data theft or denial of service.Many cheered with the recent crackdowns on groups like LockBit, and rightfully so. However, the harsh reality is that most of these victories are short-lived. For example, after law enforcement seized control of multiple LockBit websites and stolen data, the group was back to running extortion campaigns within a week.And the same can be said for many other high-profile busts of groups like Hive and Volt Typhoon. These gro...
How we're failing to properly support and train our most important cybersecurity asset.According to Nozomi Networks February 2024 OT-IoT Security Report, manufacturing was exposed to more common vulnerabilities and exposures, or CVEs, than any other sector - realizing a 230 percent year-over-year increase in this area. Addressing even a fraction of these CVEs would be daunting, which is why understanding your assets is so basic, but so vital in establishing priorities and implementing approac...
Threat intelligence is important, but why manufacturers should focus on risk factors first.When it comes to the industrial sector’s ongoing cybersecurity challenges, we all know that there's more to defend, but what is most concerning is that we’re not responding quickly enough to the expanding threat landscape. In case you needed proof, here are some of the recent stats from Dragos 2023 Year in Review Report. It found that:80 percent of industrial sector vulnerabilities reside deep within th...
The sector's (forced) cyber awakening needs to focus on making it harder to be a hacker.Regardless of how complex the attack, how organized the hacker, or how advanced the tools and tactics, security solutions usually lie in very fundamental practices. So, while you might think you already know enough about segmentation strategies, framework development, asset visibility or enhanced access controls, it’s these things that get overlooked and then exploited by hackers. It’s the evolution o...
How thinking like a hacker can lead to better cybersecurity ROI and avoid the dreaded "hope" strategy.Regardless of what you might hear from some, ransomware in the industrial sector is at an all-time high in terms of frequency and cost. Zero day and day one vulnerabilities are being discovered at a historic level and patching continues to be a challenge.Asset visualization and endpoint security have become more daunting thanks to technology-driven expansions of the industrial attack surface....
Creating an OT vision, and why hackers are "like water."With hackers repeatedly demonstrating that that they play no favorites in terms of the sector of manufacturing, its location, or the size of the enterprise, detection and response strategies can be universally dissected in addressing ransomware, phishing or any number of social engineering approaches. And this data, along with the potential solutions it fuels, can be made available to the industry as a whole – not just the largest o...
Hacker insight and vulnerability updates are great, but that's only half the battle.An ever-expanding attack surface has created a number of complexities when it comes to combining the benefits of new automation technologies with the challenges of securing the OT environment and supply chain. This led Cybersixgill to predict that in 2024, more companies will adopt Threat Exposure Management, a holistic, proactive approach to cybersecurity where cyber threat intelligence is a foundational comp...
The tech that's helping social engineers expand current exploits, including credential harvesting.In this episode, we welcome Kory Daniels, CISO of Trustwave, a leading provider of industrial cyber risk solutions, to the show. The conversation spanned a number of topics, including:The double-edged sword of credential harvesting hacks.How data theft is providing greater visibility of an organization's supply chain and partners in helping cybercriminals accumulate more potential targets.The cha...
How prioritizing the wrong data and assets is leading to more cyber risk.When it comes to OT security, the cruel reality is that the bad guys are doing what most predators do over time – they continue to hunt and evolve. This evolution allows hackers to constantly adjust to new security protocols and more rapidly react to common vulnerabilities – often days, weeks or months before a suitable patch or solution can be put in place. It’s the black hat’s constant drive to enhance their attac...
How the legacy of OT innovation contributes to cyber challenges.Vulnerabilities across the cybersecurity landscape are obviously trending in an upward direction. Perhaps most concerning, however, is the number of zero and one-day vulnerabilities being uncovered in key industrial control systems by many of the sector’s leading providers of software, automation and system integration services.These vulnerabilities not only open the door for potential attacks, but lend credence to other cybersec...
Two recent vulnerabilities, one traditional and one frighteningly unique, could reshape industrial cybersecurity.In this episode, we’re going to dive into two recently detected vulnerabilities that could have a significant impact on the industrial sector, as they involve two companies with wide-reaching influence on manufacturers of all sizes. One involves the Siemens Automation License Manager, and the potential threats a vulnerability poses to industrial control system data security fo...
Elevated social engineering, more connections and growing extortion amounts will drive attack growth.Late last year we discussed Lockbit’s ransomware attack on Boeing, and the ensuing “cyber incident” that resulted in a large quantity of the aerospace giant’s data being stolen. One of the experts we tapped into in breaking down the attack, and its fallout, was Tony Pietrocola.In addition to serving as the president of AgileBlue, he also heads the Northern Ohio chapter of InfraGard, which work...
Coordinating patches, covering the basics and not falling for 'pinky promises.'Late last year we discussed Lockbit’s ransomware attack on Boeing, and the ensuing “cyber incident” that resulted. One of the experts we tapped into in breaking down the attack, and its fallout, was KnowBe4’s Erich Kron.You can check that episode out in our archives. In addition to his extensive knowledge on threat actors like Lockbit, Erich also has a tremendous amount of insight on a number of cybersecurity chall...
A former black hat offers insight on defending against hackers that "go for the throat every time."One of the mindsets shared by hackers and their corporate victims is the desire to put a successful bow on the calendar year. For you this could mean hitting a collection of shipping dates, production quantities or equipment implementations. What many are beginning to realize is that the black hat community has a number of year-end targets to hit as well. The focus on closing out orders, dealing...
Comments
Download from Google Play
Download from App Store
United States