Today is World Water Day, a declaration that dates back to March 22, 1992. The recognition is an attempt to remind us that fresh, clean water, and access to water are essential to a healthy life. Yet, Bengaluru, India’s equivalent of Silicon Valley, is experiencing what is being described as “the worst [water shortage] in three to four decades.” Why does this matter to cybersecurity?
According to Economic Times, the city has become home to some of the world's biggest IT and finance companies, including, “Google, Microsoft, JP Morgan, ANZ, Cisco, Intel, IBM, Accenture, Goldman Sachs, Samsung, and Dell EMC. But with its growing civic problems, it is felt the city is increasingly becoming inhospitable for the IT industry.”
Water, or lack thereof, is not only influential in where global tech leaders are headquartered. Around the world, protecting water plants from cyberattacks is a top priority. This week the US Environmental Protection Agency (EPA) and the White House warned of the increasingly strong potential of “disabling” cyberattacks on US water systems. More must be done.
These theoretical risks became a reality back in 2020 when a Florida water system was breached. Since then, we’ve seen increasing awareness of the threat to water and other utilities. To learn more about risks to critical infrastructure, visit the RSAC Library.
RSA Conference 2024 attendees can also reserve a seat in this session with Cyber Readiness Institute’s Managing Director, Karen Evans: Certified Coach Approach: Enhancing Cyber Resilience for Water Utilities. Not registered yet? Don’t miss out on the opportunity to join us May 6-9 in San Francisco.
Now let’s take a look at what else made industry headlines this week.
March. 22: Spanish airline Air Europa (ICAG.L) stated personal data of its customers may have been compromised in a security incident that was detected last October. The data reveals customer ID card or passport details, date of birth, telephone number, and email address.
March. 21: “Hundreds of US employees have been targeted in a new email attack that uses accounting lures to distribute malicious documents that deploy a malicious remote access tool known as NetSupport Rat.” CSO Online reported.
March. 21: Dark Reading reported “A vulnerability in Amazon Web Services (AWS) managed Workflows for Apache Airflow (MWAA) could have allowed hackers to access users’ sessions, perform remote code execution (RCE), move laterally within enterprise close environment, and more.”
March. 20: The US Cybersecurity and Infrastructure Security Agency (CISA) warns leaders of critical infrastructure organizations about a “Volt Typhoon” posed by People's Republic of China (PRC). It has been confirmed that Volt Typhoon is actively in networks of the US infrastructure organizations.
March. 20: Stalkerware, a monitoring software or spyware used for cyberstalking has skyrocketed. Kaspersky detected 195 different stalkerware apps and 31,013 people have been affected by this software.
March. 19: Scammers are impersonating The US Federal Trade Commission (FTC) employees. This week the FTC warns of scammers due to numerous reports from consumers who have fallen victim to scams. These scams have led to a loss of more than $394 million in 2023.
March. 19: The White House calls on states to safeguard water sector infrastructure against cyberthreats. The virtual meeting being held will highlight efforts to promote cybersecurity practices in the water sector, priority gaps in these efforts, and to ultimately take action.
March. 18: The Hacker News reported, “Cybersecurity researchers have discovered a new malware campaign that leverages bogus Google Sites pages and HTML smuggling to distribute a commercial malware called AZORuIt in order to facilitate information theft.”
March. 18: “A leaked database with more than 70 million records, allegedly stolen from AT&T, is available almost for free on the illicit mark place BreachForums. Some researchers confirm that the data is legitimate, but it’s unclear how the hackers got their hands on it.” Cybernews reported.