<p>Geopolitical instability is a leading indicator of adversarial nation-state cybercampaigns, according to a recent <a target=”_blank” href=”https://2034462.fs1.hubspotusercontent-na1.net/hubfs/2034462/Cyber%20Operations%20Targeting%20US%20Government%20(1).pdf” rel=”noopener”>report</a> from Check Point. The analysis found that when the Caldara-Iacoviello Geopolitical Risk Index rises by more than 1 standard deviation above its historical mean, cyberincidents targeting U.S. critical infrastructure spike 35-45% the following quarter.</p>
<p>Current headlines provide anecdotal support for Check Point’s analysis, with federal officials warning that state-sponsored malicious hackers are increasingly targeting U.S. critical infrastructure. In addition to obvious national security concerns, the trend also poses a <a href=”https://www.techtarget.com/searchsecurity/feature/What-executives-must-know-about-nation-state-threat-actors”>significant business risk</a>, given the reliance of commercial systems on critical infrastructure, from financial institutions to telecommunications systems.</p>
<p>This week’s featured cybersecurity news stories highlight escalating attacks on U.S. organizations by Iranian and Russian threat actors, as well as proposed federal budget cuts that could leave enterprise defenders with reduced support amid heightened adversarial activity. Plus, experts warn that military ceasefires don’t always translate to cyberspace.</p>
<section class=”section main-article-chapter” data-menu-title=”Iranian threat actors target U.S. water, energy and municipalities”>
<h2 class=”section-title”><i class=”icon” data-icon=”1″></i>Iranian threat actors target U.S. water, energy and municipalities</h2>
<p>Federal agencies <a target=”_blank” href=”https://www.cisa.gov/news-events/cybersecurity-advisories/aa26-097a” rel=”noopener”>warned</a> that Iranian threat actors are actively exploiting internet-facing operational technology (OT) devices across multiple U.S. critical infrastructure sectors.</p>
<p>Iran-linked malicious hackers are targeting programmable logic controllers — including devices made by Rockwell Automation/Allen-Bradley — in water, wastewater, energy and government environments. The campaign has caused operational disruptions and financial losses, according to officials.</p>
<p>Security experts have long warned that the continued exposure of OT devices to the public internet is a design failure that opens organizations to attack. U.S. agencies urged organizations to remove direct internet exposure, <a href=”https://www.techtarget.com/searchsecurity/tip/Key-OT-security-best-practices”>harden access</a> and review logs for suspicious activity.</p>
<p><a target=”_blank” href=”https://www.cybersecuritydive.com/news/iran-linked-hackers-targeting-water-energy-in-us-fbi-and-cisa-warn/816949/” rel=”noopener”><i>Read the full story by David Jones on Cybersecurity Dive</i></a>.</p>
</section>
<section class=”section main-article-chapter” data-menu-title=”Russia hacked unmanaged edge devices, targeting U.S. critical infrastructure”>
<h2 class=”section-title”><i class=”icon” data-icon=”1″></i>Russia hacked unmanaged edge devices, targeting U.S. critical infrastructure</h2>
<p>The Justice Department and FBI said they disrupted a Russian military intelligence campaign that hijacked compromised TP-Link SOHO routers and used them to redirect DNS traffic, giving Moscow a way to collect internet traffic and potentially steal credentials, emails and other sensitive data from government and critical infrastructure targets.</p>
<p>According to the report, the operation — dubbed Operation Masquerade — modified DNS settings and gathered forensic data from infected devices.</p>
<p>End-of-life and poorly managed edge devices remain a serious enterprise risk, especially in distributed environments where remote offices, field sites and third parties rely on consumer-grade networking gear. Microsoft and federal officials urged organizations to patch firmware, <a href=”https://www.techtarget.com/searchsecurity/tip/DNS-security-best-practices-to-implement-now”>review DNS settings</a>, restrict remote management and replace obsolete equipment.</p>
<p><a target=”_blank” href=”https://www.darkreading.com/threat-intelligence/russia-forest-blizzard-logins-soho-routers” rel=”noopener”><i>Read the full story by Nate Nelson on Dark Reading</i></a><i>.</i></p>
</section>
<section class=”section main-article-chapter” data-menu-title=”CISA cuts could weaken cyber defenses as nation-state threats to critical infrastructure intensify”>
<h2 class=”section-title”><i class=”ico
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: