Mycena theme MyCena, Author at MyCena® - Page 14 of 44

BLOG

Read our blog articles, product news and announcements.

This month saw the release of the NIST SP 800-82 Revision 3 document guide to operational technology (OT) security. The draft guides organisations on improving OT security, with emphasis on bespoke performance and safety needs. The document’s approach, in this way, allows for the unique circumstances of every OT system, accounting for different threats and risk tolerances in various critical infrastructure setups. Experts agree that, although not entirely perfect, the new document is effective in considering the unique needs of OT systems. Julia O’Toole describes it as “a step forward in the right direction.”

Costa Rica has been battling against ransomware for the last two months. Early in new president Rodrigo Chaves’s term, an initial wave of ransomware took down several key government systems. In early June, a second wave of attacks targeted the country’s health system – leading to Chaves implementing an official state of emergency. The gang behind the incident, Conti, has launched several high-profile attacks on various sectors, including healthcare. But this is the first time a government has been publicly held to ransom. Half of the healthcare system’s 1,500 servers were affected, meaning over 34,000 appointments have been delayed, with staff left working from discontinued paper forms.

The Fast Identity Online (FIDO) Alliance is aiming to remove the use of passwords to gain access to online accounts. The group includes tech giants like Microsoft, Apple and Google, and intends to go passwordless – instead using PINs, biometrics, and phone identification techniques. But this approach could be flawed. Julia O’Toole, Founder and CEO of MyCena Security Solutions, highlights the misguided nature of FIDO’s approach. “In the physical world, the difference in applications is straightforward. Your identity is used to identify yourself…it just validates that you are who you say you are.” She adds, “By contrast, your front door doesn’t recognise your identity; instead, you use your keys to unlock access.” By mixing the two and using a single point of access, FIDO’s approach could mean a user losing all of their accesses at once and being open to easy theft.

The European Union (EU) has agreed to new rules aimed at tackling cybercrime. The announcement, made on 13 May, came after long consultations on the contents of the deal. The updated legislation will be known as NIS2, and aims to increase cooperation and resistance to cyberattacks across EU member states. There are also updated incident reporting obligations, especially for the banking and essential services sectors. This is an update to the previous rules, where countries could choose what they classed as “essential” when reporting incidents. The new legislation instead clarifies the rules, placing responsibility on every critical sector to protect, report, and update authorities at every step.

Britain’s cybersecurity unit faced a record number of scams in 2021, a report has revealed. The National Cyber Security Centre (NCSC) reported a total of 2.7 million cases of attempted fraud. Common among those were various phishing and social engineering attempts, fake celebrity endorsements, and extortion emails. The aim of the vast majority of these scams was to obtain credentials or download malware. One scam in particular saw a huge rise in numbers: the number of fake emails claiming to come from the National Health Service (NHS) grew by 1,100%, reflecting the COVID-19 vaccination rollout programme. The NCSC intends to run a public awareness campaign designed to inform the public of the dangers when using the internet.

The new Costa Rican government is on the verge of collapse following a massive ransomware attack. A ransomware gang that infiltrated Costa Rica systems and obtained sensitive data has now said it intends to overthrow the government. President Rodrigo Chaves has only just come to power, perhaps adding to the attackers’ confidence. The Russian-based Conti gang, responsible for a number of high impact attacks, raised its ransom demand to $20 million in an effort to scare Costa Rica into action. Chaves announced that Costa Rica is now “at war”, and has declared a national state of emergency. It’s thought the gang has access to at least 27 government databases, and has warned it will escalate the attack if payment is not made soon.