The Big Data Blog

On March 1, 2026, a series of kinetic events involving drone strikes significantly impacted critical cloud infrastructure in the Middle East, specifically affecting the Amazon Web Services (AWS) Middle East (UAE) Region (ME-CENTRAL-1) and the AWS Middle East (Bahrain) Region (ME-SOUTH-1).   This incident marks a notable escalation in the physical vulnerability of commercial data centers operating in high-risk or volatile environments. The disruption began in the early mornin

On 29 December 2025, coordinated cyberattacks struck Poland’s critical infrastructure. At least 30 wind and solar farms were targeted. A large combined heat and power (CHP) plant supplying heat to nearly half a million customers was attacked. A private manufacturing company was also affected.   According to CERT Polska ,  the attacks were purely destructive in nature  and represent a significant escalation compared to previously observed incidents. The timing was not incident

Security researcher  Jonah Owen recently published a project called “Evilmouse.”  The concept is simple yet unsettling: a fully functional USB mouse that also functions as a covert keystroke injection device.   According to Owen’s documentation, the mouse retains its normal behavior while embedding additional hardware that allows it to emulate a programmable Human Interface Device. Once connected to a target system, it can automatically send scripted keystrokes. The operating

As organizations continue to harden their environments with multi-factor authentication (MFA), attackers are adapting by targeting people rather than technical controls. One of the more notable evolutions in this space is prompt bombing , a social engineering technique that exploits authentication workflows themselves rather than traditional phishing channels.   Prompt bombing sits at the intersection of identity security, user behavior, and automation . It is not a vulnerabi

By 2025, artificial intelligence would no longer be an experimental tool for cybercriminals. Multiple industry and policy reports agree that AI fundamentally changed how cybercrime is executed, scaled, and monetized. Attackers increasingly use AI to automate deception, personalize attacks , and reduce the cost and effort required to compromise victims.   The World Economic Forum Global Cybersecurity Outlook 2026  identifies AI as the single most significant driver of change i

Most cybersecurity programs focus on prevention and detection. Firewalls, endpoint protection, and intrusion detection systems aim to block known threats or alert on suspicious activity. Although these controls are essential, they are no longer sufficient on their own.   Modern attackers intentionally steer clear of noisy methods. They exploit zero-day vulnerabilities, abuse legitimate credentials, and perform lateral movements that mimic typical activity . Often, these actio

Artificial intelligence is gradually being integrated into operational technology environments, ranging from predictive maintenance to decision-support systems powered by machine learning and large language models. For critical infrastructure operators, this presents a dual challenge: harnessing AI for efficiency while maintaining safety, availability, and cybersecurity .   In December 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) , together with cybe

Email remains one of the most underestimated cyber risks in operational technology environments . It is often treated as an IT-layer concern, something isolated from industrial processes and unrelated to the functioning of physical equipment. In reality, OT network security teams depend on a continuous flow of operational messages, automated alerts, vendor communications, firmware packages, and field reports that enter the environment through enterprise communication channel

Crypto asset service providers rely on the ability to transfer digital assets efficiently between hot environments and cold storage environments. As threat actors increasingly target exchanges and custodians, the design of transfer workflows has become one of the most crucial aspects of crypto asset storage security .   Hot systems are crucial for client withdrawals, liquidity management, and exchange operations. Cold systems safeguard long-term reserves, private keys, and h

Critical infrastructure operators now rely more than ever on accurate operational technology data. Logs, historian outputs, configuration reports, maintenance files, and compliance evidence all need to be transferred from OT systems to IT environments where analytics, monitoring, and decision-making take place.   While essential for operational continuity and regulatory compliance, this flow of information also introduces one of the most underestimated risks inside industrial

In crypto asset custody , most institutions know how to secure assets at rest. They invest in robust storage environments, use air-gapped cold wallets , and apply multi-layered controls around private keys. However, as experience shows, the greatest cyber risks often occur not when crypto assets are storage, but when they move.   Every transfer of crypto assets, whether it’s between a cold wallet and a hot wallet or across a crypto asset service provider’s internal network, c

In the world of digital finance, trust is everything. Yet, in crypto asset custody , trust is not built solely on perception or reputation; it is built on verifiable security . Every cold wallet, every crypto asset storage facility, and every transaction channel represents a potential breach point in a system that must, by design, remain uncompromised. To achieve that, crypto asset service providers must architect their custody systems around a single, non-negotiable principl

Email is still the most frequently exploited vector in cyberattacks targeting enterprises. In 2024 alone, the FBI’s Internet Crime Complaint Center (IC3) reported over $2.8 billion in losses  from Business Email Compromise (BEC), affecting more than 21,000 organizations worldwide. Meanwhile, phishing volumes continue to rise, with the Anti-Phishing Working Group recording more than 1.1 million phishing attacks  in Q2 2025, a new high for the decade.   The consequences of th

Energy and utility operators collaborate constantly with external vendors, contractors, and remote field teams. These partnerships often involve transferring files into protected OT networks , including software updates, diagnostic logs, engineering reports, and configuration changes.   But while the files themselves may seem harmless, the way they enter the network is where the risk lies. USB drives passed between field teams, portable laptops brought in by vendors, or remo

In industrial environments, the boundary between SCADA systems and corporate IT networks is often assumed to be secure. Yet in many architectures, these two domains are more connected than most realize. Whether through shared infrastructure, reporting interfaces, or vendor access, attackers increasingly exploit these connections to move laterally between operational and enterprise zones .   When a threat actor gains a foothold in one environment, the next objective is almost

For decades, operators in the energy sector have leaned on the belief that their OT environments are “ air-gapped ”, which means they are...

On September 20, 2025, a cyberattack disrupted passenger check-in and baggage systems at multiple European airports  after Collins...

Industrial organizations face an ongoing paradox: networks must remain connected enough to support productivity yet isolated enough to...

Phishing remains the most pervasive cyber threat facing organizations today. As of 2025, phishing is responsible for 31% of all data...

In an industry shaped by zero-day exploits , AI-driven malware, and supply chain compromises , it’s easy to overlook a threat vector...