All news with #critical infrastructure tag

New UK Cyber Security and Resilience Bill protects services

🔒 The UK introduced the Cyber Security and Resilience Bill on November 12, updating the NIS Regulations 2018 to strengthen protections for hospitals, energy, water and transport. The bill mandates security standards for medium and large managed service providers, requires incident notification to the NCSC and regulators within 24 hours (full reports in 72), and empowers regulators to designate and enforce controls on critical suppliers. It also creates turnover-based penalties and extends coverage to data centers and smart energy systems.

LockBit, DragonForce and Qilin Form Ransomware Cartel

🚨 Three major ransomware-as-a-service operators — LockBit, DragonForce, and Qilin — announced a coalition in early September aimed at coordinating attacks and stabilizing market conditions after recent law enforcement disruptions. The groups signaled intentions to reduce intra-group conflicts, share resources, and protect affiliate revenue, and LockBit explicitly authorized targeting certain critical infrastructure sectors. ReliaQuest researchers reviewed forum posts and communications but have not yet observed joint operations or a combined leak site.

DHS and CISA Launch Cybersecurity Awareness Month 2025

🛡️ The Department of Homeland Security and the Cybersecurity and Infrastructure Security Agency (CISA) announced the official start of Cybersecurity Awareness Month 2025, centered on the theme Building a Cyber Strong America. Administered by CISA, the campaign urges state, local, tribal, and territorial (SLTT) governments, small and medium businesses, and supply chain partners to bolster protections for critical services such as water, power, communications, food, and finance. Officials emphasized a whole-of-society approach and recommended immediate adoption of core controls—recognize and report phishing, require long unique passwords, enable multifactor authentication, keep software patched, enable system logging, back up data, and encrypt sensitive information—to improve resilience nationwide.

Germany Charges Hacker Over Rosneft Deutschland Cyberattack

⚠️A 30-year-old man has been charged for a March 2022 cyberattack on Rosneft Deutschland that reportedly stole and deleted about 20 TB of data, leaving a 'Glory to Ukraine' message. Prosecutors allege the breach exposed backups, virtual machines, mail server images and device backups, prompting remote wipes and nearly €12.4M in combined losses. Authorities charged him with computer sabotage, data alteration, and data espionage.

CISA and Partners Issue OT Asset Inventory Guidance

🔒 CISA and international partners released new guidance to help operational technology (OT) owners and operators establish and maintain comprehensive asset inventories and taxonomies. The resource provides practical steps to identify, classify, and track OT devices and components that support critical infrastructure, including industrial control systems and automation. Implementing these practices aligns with the Cross-Sector Cybersecurity Performance Goals and enhances visibility, risk management, and operational resilience for mission-critical services.