Chinese fast-fashion-cum-junk retailer “is a data-theft business.”

The post Temu is Malware — It Sells Your Info, Accuses Ark. AG appeared first on Security Boulevard.

Microsoft details Skeleton Key, a new jailbreak technique in which a threat actor can convince an AI model to ignore its built-in safeguards and respond to requests for harmful, illegal, or offensive requests that might otherwise have been refused.

The post Skeleton Key the Latest Jailbreak Threat to AI Models: Microsoft appeared first on Security Boulevard.

TeamViewer’s corporate network was hacked and some reports say the Russian group APT29 is behind the attack.

The post Russian APT Reportedly Behind New TeamViewer Hack appeared first on SecurityWeek.

Inside the Mind of a CISO 2024 is a survey of 209 security leaders to understand the thinking and operational methods and motivations of CISOs.

The post Inside the Mind of a CISO: Survey and Analysis appeared first on SecurityWeek.

The LockBit ransomware group claimed to have hacked the US Federal Reserve, but leaked data from an Arkansas-based bank.

The post Evolve Bank Data Leaked After LockBit’s ‘Federal Reserve Hack’  appeared first on SecurityWeek.

Threat actors can cover up their espionage activity by deploying ransomware or simply get some financial gain in the process.

The post Chinese APT Groups Use Ransomware to Hide Spying Activities appeared first on Security Boulevard.

30,000 websites at risk: Check yours ASAP! (800 Million Ostriches Can’t Be Wrong.)

The post WordPress Plugin Supply Chain Attack Gets Worse appeared first on Security Boulevard.

More than 100,000 websites are affected by a supply chain attack injecting malware via a Polyfill domain.

The post Polyfill Supply Chain Attack Hits Over 100k Websites  appeared first on SecurityWeek.

The LockBit ransomware group is claiming that it hacked into systems at the U.S. Federal Reserve and stole 33TB of data that it will begin leaking as early as Tuesday if the institution doesn’t pay the unspecified ransom. The notorious cybercriminals announced the attack on its dark web leak site on June 23, giving the..

The post LockBit Claims Ransomware Attack on U.S. Federal Reserve appeared first on Security Boulevard.

Security analysts at Google are developing a framework that they hope will enable large language models (LLMs) to eventually be able to run automated vulnerability research, particularly analyses of malware variants. The analysts with Google’s Project Zero – a group founded a decade ago whose job it is to find zero-day vulnerabilities – have been..

The post Google’s Project Naptime Aims for AI-Based Vulnerability Research appeared first on Security Boulevard.

Copying users’ files and deleting some? Even a cartoon hound knows this isn’t fine.

The post Microsoft Privacy FAIL: Windows 11 Silently Backs Up to OneDrive appeared first on Security Boulevard.

From semiconductor manufacturing to mining, water is an essential commodity for industry. It is also a precious and constrained resource. According to the UN, more than 2.3 billion people faced water stress in 2022. Drought has cost the United States $249 billion in economic losses since 1980. 

Climate change is expected to worsen water problems through drought, flooding, and water contamination caused by extreme weather events. “I can’t think of a country on the planet that doesn’t have a water scarcity issue,” says Rob Simm, senior vice president at Stantec, an engineering consultancy focused on sustainability, energy solutions, and renewable resources. 

Economic innovations, notably AI and electric vehicles, are also increasing industrial demand for water. “When you look at advanced manufacturing and the way technology is changing, we’re requiring more, higher volumes of ultrapure water [UPW]. This is a big driver of the industrial water market,” Simm says. AI, computing, and the electric vehicle industries all generate immense quantities of heat and require sophisticated cooling and cleaning. Manufacturing silicon wafers for semiconductor production involves intricate cleaning processes, requiring up to 5 million gallons of high-quality UPW daily. With rising demand for semiconductors, improvements in water treatment and reuse are imperative to prevent waste.   

Data-driven industrial water management technologies are revolutionizing how enterprises approach conservation and sustainability. They are harnessing the power of digital innovation by layering sensors, data, and cloud-based platforms to optimize physical water systems and allow industrial and human users to share water access. Integration of AI, machine learning (ML), data analytics, internet of things (IoT) and sensors, digital twins, and social media can enable not just quick data analysis, but also can allow manufacturers to minutely measure water quality, make predictions using demand forecasting, and meet sustainability goals.

More integrated industrial water management solutions, including reuse, industrial symbiosis, and zero liquid discharge (ZLD), will all be crucial as greenfield industrial projects look toward water reuse. “Water is an input commodity for the industrial process, and wastewater gives you the opportunity to recycle that material back into the process,” says Simm. 

Treating a precious resource

Water filtration systems have evolved during the past century, especially in agriculture and industry. Processes such as low-pressure membrane filtration and reverse osmosis are boosting water access for both human and industrial users. Membrane technologies, which continue to evolve, have halved the cost of desalinated water during the past decade, for example. New desalinization methods run on green power and are dramatically increasing water output rates. 

Advances in AI, data processing, and cloud computing could bring a new chapter in water access. The automation this permits allows for quicker and more precise decision-making. Automated, preset parameters let facilities operate at capacity with less risk. “Digital technology and data play a crucial role in developing technology for water innovations, enabling better management of resources, optimizing treatment processes, and improving efficiency in distribution,” says Vincent Puisor, global business development director at Schneider Electric. 

Download the full report.

This content was produced by Insights, the custom content arm of MIT Technology Review. It was not written by MIT Technology Review’s editorial staff.

Researcher shows how hackers could use social engineering to deliver ransomware and other malware to Meta’s Quest 3 VR headset.

The post Meta’s Virtual Reality Headset Vulnerable to Ransomware Attacks: Researcher appeared first on SecurityWeek.

Neiman Marcus has disclosed a data breach impacting 64,000 people just as a hacker announced the sale of customer data.

The post Neiman Marcus Data Breach Disclosed as Hacker Offers to Sell Stolen Information appeared first on SecurityWeek.

Weekly Threat Intelligence Report

Date: June 24, 2024

Prepared by: David Brunsdon, Threat Intelligence - Security Engineer, HYAS

Malware developers will use all sorts of techniques to obfuscate their C2 location and keep security analysts from being able to understand the operation of their malware. One common technique is to have the malware communicate with a popular online service, such as Pastebin, where the malware will contact a URL that responds with the IP address of the C2 server. This type of design keeps the C2 address out of the malware, and allows the C2 operator to change or remove the C2 destination as needed. If the right service is chosen, then this request might go unnoticed because it’s seen as regular traffic.

We detonated a malware sample on Windows 7 that was identified as containing both StealC and Vidar, and we found the same technique being used on the gaming platform, Steam. In this case, the malware requests the page of a specific user account. The steam user account name contains the IP address of a component of the C2 infrastructure. Steam even shows a history of the username, so we can see previous IPs that have existed in this field.

Steam is an interesting choice as a vector for retrieving a C2 destination because it’s a gaming platform that isn’t typically used on corporate infrastructure, except perhaps in gaming companies. It is commonly used in residential communications however. A more traditional choice would be a service that is typically seen within an organization's network traffic, like a Microsoft service.

Although a direct relationship has not been confirmed, Vidar is a stealer known to be used by Scattered Spider, aka UNC3944. They are a criminal organization responsible for many high profile victims, including MGM Grand, Caesars, Snowflake, LastPass, Apple, Walmart, and Zendesk. Recently the head of the organization was arrested by the FBI, but their operations continue. 

Learn more about the
HYAS Insight threat intelligence solution.

Malware Sample Information

MD5: 8cfe70cf4f35c7f9b4ddba327d44c1f8
https://tria.ge/240617-fvryqazelj/behavioral1
https://steamcommunity.com/profiles/76561199699680841

(Image: Malicious usage of a Steam profile that contains the C2 location)

65.109.240.138 (Currently offline)

ISP:Hetzner Online GmbH
Country: Finland
ASN: AS24940

65.109.243.78 (Currently offline)

ISP:Hetzner Online GmbH
Country: Finland
ASN: AS24940

95.216.142.162

ISP:Hetzner Online GmbH
Country: Finland
ASN: AS24940

With this address we can see there is a single port open, 443, which has a banner that contains a recent date/time stamp. We can attempt to pivot off of this potentially unique banner using free accounts with Shodan or Censys.

With Censys we can take that banner in hex (to avoid problems with formatting) and create a custom search query to look for matches on that ASN.

Censys Query:
(services.banner_hex="485454502f312e3120333032204d6f7665642054656d706f726172696c790d0a5365727665723a206e67696e780d0a446174653a20203c52454441435445443e0d0a436f6e74656e742d547970653a20746578742f68746d6c0d0a436f6e74656e742d4c656e6774683a203133380d0a436f6e6e656374696f6e3a206b6565702d616c6976650d0a4c6f636174696f6e3a2068747470733a2f2f676f6f676c652e636f6d0d0a") and autonomous_system.name=`HETZNER-AS`

Link to the above search.

From our search, we end up with a list of sixteen IP addresses on this ASN that present the same service banner and are mostly-if-not-entirely Vidar C2.

Vidar C2 IOCs:
95.216.165.53
116.203.13.231
195.201.47.189
116.203.166.11
116.203.167.34
116.203.4.20
49.13.32.109
162.55.53.18
195.201.248.182
95.216.142.162
95.216.182.224
78.47.205.62
116.203.13.42
116.203.13.51
195.201.46.4

That same malware also contacted Telegram which is using a similar technique to host a different address.

https://t.me/memve4erin
https://tria.ge/240617-fvryqazelj/behavioral2

162.55.53.18:9000
ISP:Hetzner Online GmbH
ASN:AS24940
Country: Germany

5.42.67.8
ISP: LetHost LLC
Location: Russia
ASN: AS210352

In our detonation, after Telegram was contacted, another IP was contacted, which may have come from a prior entry in the Telegram field (unconfirmed, no historical record for this field). HYAS Insight, our threat intelligence solution, was able to provide some recent information about C2 usage on this server. This login screen is for Risepro malware, however, so it’s possible that multiple actors or campaigns are using this same server. It’s not uncommon for a malicious server to be used in such a way.

Date: 2024/06/15 19:48:21 UTC (Most recent data)
C2 Admin URL: http://5.42.67.8:8081/
Actor IP: 109.95.78.5
Geo: 55.434553 36.696945
Device User Agent: Mozilla/5.0 (Linux; Android 14; 23021RAA2Y Build/UKQ1.230917.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/125.0.6422.165 Mobile Safari/537.36

 

(Image: Login screen of Risepro C2 hosted on server)

 

(Image: Actor who logged into C2 server’s GPS location, southwest of Moscow)

Want to see some malware detonated? View our
webinar on-demand.

Want more threat intel on a weekly basis?
Follow HYAS on LinkedIn
Follow HYAS on X

Read past reports:
Tracking an Active Remcos Malware Campaign

Revealing LOTL Techniques Used by An Active Remcos Malware Campaign

Agent Tesla Unmasked: Revealing Interrelated Cyber Campaigns

Risepro Malware Campaign On the Rise

 

Sign up for the free HYAS Insight Intel Feed

 

Learn More About HYAS Insight

An efficient and expedient investigation is the best way to protect your enterprise. HYAS Insight provides threat and fraud response teams with unparalleled visibility into everything you need to know about the attack.This includes the origin, current infrastructure being used and any infrastructure.

Read how the HYAS Threat Intelligence team uncovered and mitigated a Russian-based cyber attack targeting financial organizations worldwide.

 

More from HYAS Labs

Polymorphic Malware Is No Longer Theoretical: BlackMamba PoC.

Polymporphic, Intelligent and Fully Autonomous Malware: EyeSpy PoC.

Five Proven Techniques to Optimize Threat Intelligence

Leveraging ASNs and Pivoting to Uncover Malware Campaigns

Disclaimer: This Threat Intelligence Report is provided “as is” and for informational purposes only. HYAS disclaims all warranties, express or implied, regarding the report’s completeness, accuracy, or reliability. You are solely responsible for exercising your own due diligence when accessing and using this Report's information. The analyses expressed in this Report reflect our current understanding of available information based on our independent research using the HYAS Insight platform. The Report’s inclusion of any companies, organizations, or ASNs does not imply any wrongdoing on their part; it is simply an indication of where digital threat activities have been observed. HYAS reserves the right to update the Report as additional information is made known to us.

The post StealC & Vidar Malware Campaign Identified appeared first on Security Boulevard.

New attack named SnailLoad allows a remote attacker to infer websites and videos viewed by a user without direct access to network traffic.

The post New SnailLoad Attack Relies on Network Latency Variations to Infer User Activity appeared first on SecurityWeek.

Multiple bad actors are using the Rafel RAT malware in about 120 campaigns aimed at compromising Android devices and launching a broad array of attacks that range from stealing data and deleting files to espionage and ransomware. Rafel RAT is an open-source remote administration tool that is spread through phishing campaigns aimed at convincing targets..

The post Rafel RAT Used in 120 Campaigns Targeting Android Device Users appeared first on Security Boulevard.

The Middle Aged Dad Jam Band perform a cover. With Weird Al on accordion, giving space to a rollicking performance.

Long simmering suspicions about the loyalty of Kaspersky Software, a cybersecurity firm headquartered in Russia, came to a head this week after the U.S. government banned the sale of the company’s software, effective July 20th, to both companies and individual consumers. In addition, the U.S. Treasury Department has placed sanctions on 12 senior leaders of..

The post U.S. Bans Sale of Kaspersky Cybersecurity Software appeared first on Security Boulevard.

Spend more on security! Car and truck dealers fall back on pen and paper as huge SaaS provider gets hacked (again).

The post 30,000 Dealerships Down — ‘Ransomware’ Outage Outrage no. 2 at CDK Global appeared first on Security Boulevard.

The US government announced a ban on the sale of Kaspersky software over fears that the company is controlled by the Russian government.

The post US Bans Kaspersky Software appeared first on SecurityWeek.

Car dealership software provider CDK Global was in the process of restoring services impacted by a cyberattack when it discovered an additional hack.

The post Disruptions at Many Car Dealerships Continue as CDK Hack Worsens appeared first on SecurityWeek.

An analysis of ransomware attacks claimed to have been perpetrated by cybercriminal syndicates that was published today by NCC Group, a provider of managed security services, finds LockBit 3.0 has reemerged to claim the top spot amongst the most prominent threat actors. Previously dormant following the groups’ takedown by law enforcement officials earlier this year,..

The post Report Details Reemergence of Lockbit 3.0 Ransomware Syndicate appeared first on Security Boulevard.

• Understanding whether a given communication steam is normal, expected, or anomalous and adversarial is an essential part of cybersecurity efforts. Many solutions rely on lists and feeds of domains to block, but this strategy isn’t efficient enough to protect digital spaces in 2024.
• Why? Bad actors constantly update their command and control infrastructure, making it almost impossible to maintain up-to-date information. Organizations are only blocking what has happened in the past, not what is going to attack them in future.
• Deny lists are essentially a hope-based, reactive strategy. True business resiliency requires a proactive strategy — one that ensures that regardless of how the attack occurs, it can be identified, stopped, and dealt with before damage ensues.

Adversary Infrastructure: The Backbone of a Cyberattack

What is adversary infrastructure? Cybersecurity experts often call it command and control or C2 for short. Communication streams with adversary infrastructure are the telltale signs of an active breach, the digital exhaust that emanates from an attack.

Fundamentally, adversary infrastructure is the sub-rosa backbone bad actors set up when in advance prior to compromising a system — it’s used for instructions, to facilitate malware updates, for data exfiltration, and in general across all phases of the attack.

There are many kinds of cyber attacks: supply chain attacks, zero-day, BEC, insider-risk, and even abusing Google ads to phish and spread malware. Regardless of how or where the bad guys break in, however, they need to communicate with their adversary infrastructure to command, control and direct their attacks.

And the unfortunate reality of today is that everyone will be breached at some point — truly, no one is immune. It doesn’t matter if you are a large company or a small company, if you think you have sensitive data or not. And despite massive spending, most cybersecurity solutions on the market don’t really solve the problem. Ransomware attacks alone increased by 430% last year.

We need a different approach. Often solving a problem requires looking at it from a completely different angle. Rather than hoping you can prevent each and every new attack, why not understand how attacks work and make the organization able to detect the telltale signs and thus be resilient against them?

Regardless of the attack vector or technique, bad actors always leave “exhaustive” telltale trails in their wake - aka“digital exhaust.” By studying their moves, and realizing that their command-and-control must be created prior to their attack, a fundamental understanding of adversary infrastructure can not only make an organization resilient against digital risk but stop bad actors in their tracks.

Read on to learn how and why a proactive approach is the only way to protect and prevent cyberattacks.

If Security Is Compromised, Look for the Digital Exhaust

The first step of an attack is the breach – breaking into the organization. The bad actor might crack a password or steal someone’s credentials. Maybe they phished an employee. Regardless of how they broke in, they always send a signal out to confirm they’re in, get instructions, and continue the attack: Hey, I’m alive. I’m here. What do you want me to do?

Some of the most notorious, headline-grabbing cyberattacks in recent years use this tactic with a twist: The SolarWinds attackers, for example, penetrated thousands of organizations and installed Sunburst malware in their systems. But they didn’t immediately ask for instructions. The malware laid low for 15 days before it woke up and alerted the criminals that it was ready to wreak havoc. And it did, with privilege escalation, lateral motion and data exfiltration — all of which utilized instructions between the hackers outside the enterprise and the malware lurking within.

Those instructions are sent to adversary infrastructure, also known as attacker infrastructure.

Regardless of the attack vector or technique, bad actors always leave “exhaustive” telltale trails in their wake - aka“digital exhaust.” By studying their moves, and realizing that their command-and-control must be created prior to their attack, a fundamental understanding of adversary infrastructure can not only make an organization resilient against digital risk but stop bad actors in their tracks.

When the United States Office of Personnel Management was attacked, it took six months for its security team to discover the breach. In other cases hackers were inside the network for years, stealing data and silently watching. In all these cases, the malware is tuned to covertly phone-home – to the attacker’s adversary infrastructure.

Everyone has lists of external domains that shouldn’t be communicated with, are risky, or fraudulent in some way. There are quite a lot of lists — even the FBI publishes a regular feed of “bad” domains.

Relying solely on domain lists, though, is essentially a hope-based strategy. It’s hoping that the list covers all potential threats and that none slip through the cracks. It’s hoping that your organization updates your defenses with the latest list before the bad actors attempt a breach. However, bad actors continually update their command and control, so it’s almost impossible to maintain an up-to-date list. And given that many of these lists are generated by detonating malware, they are by definition always behind the curve, one step behind the criminals. While it sounds mean, essentially you are hoping that someone else gets attacked before you do, so that your list can be updated in time.

In the world of cybersecurity, hope is not a strategy. Domain lists represent a fundamentally reactive approach to cybersecurity — one that waits for threats to emerge before handling them. Being reactive is not enough. We must be proactive in our approaches to drive any sense of resiliency and confidence.

Think Like a Hacker To Find Breaches (and Learn From Them)

When we have visibility into the communication going out of an enterprise — and we understand what is and isn’t adversary infrastructure — we can spot the digital exhaust of a breach.

Once we stop that nefarious communication, we render the attack inert. What’s more, we can turn all that digital exhaust metadata into actionable intelligence. By building an Adversary Infrastructure Platform composed of all of this metadata, and putting the raw data into a graph database form, we can understand the fundamentals around verdicts, related infrastructure, and attribution or VRA.

We can understand what new infrastructure is going to be used for nefarious purposes. This lets us break out of the relentless cat-and-mouse game so many of us play and start to actually get proactive against that attack that is being formed, but hasn’t been launched yet.

Monitor DNS and Detect Anomalous Behavior

Think of it this way: If I told you that every Friday afternoon at 4:00 p.m., Jane makes a phone call to a known drug dealer — and those calls happen reliably — you will probably assume that Jane is buying drugs. You don’t need to know the content of their phone conversation.

We can do the exact same thing at a DNS level. More than 90% of malware and attacks use DNS to facilitate their communication with adversary infrastructure (instead of a static IP address). The answer lies in DNS. We don’t need to know exactly what the bad actors talk about at this stage. They can try to obfuscate their methods, but they can’t hide the fact that they’re using infrastructure on the open internet. That infrastructure has to be DNS-routable and therefore publicly visible.

That’s the fatal flaw in their plans. And that’s how we can keep our systems resilient against their onslaught of attacks.

Continuous Improvement and Optimization of Security Processes

The combination of an Adversary Infrastructure Platform and the knowledge of where communications are going on the internet enables us to get proactive, stay ahead of the curve, and automatically update the defenses before their next attack.

Perhaps best of all, a proactive approach fosters a culture of continuous improvement within cybersecurity teams, encouraging ongoing research and skill development. And if we want to be able to get any sleep at night, we want the ability to run our networks and organizations with confidence that we can protect all aspects of the business and address digital risk, then we need to take a proactive approach and ensure that the defenses remain on the cutting-edge. The bad actors hope that we continue to utilize yesterday’s hope-based strategies; resiliency approaches fundamentally change the game and level the playing field.

Make the smart move to HYAS solutionstoday and protect your organization with top-notch threat intelligence and proactive defense. Contact us to learn more about how HYAS can empower and elevate your cybersecurity strategy.

The post The Secret Ingredient to Preempt Cyberattacks: Digital Exhaust appeared first on Security Boulevard.

Ongoing European Union quest to break end-to-end encryption (E2EE) mysteriously disappears.

The post EU Aims to Ban Math — ‘Chat Control 2.0’ Law is Paused but not Stopped appeared first on Security Boulevard.

Cato Networks today launched a framework for IT services partners that promises to make it simple to integrate its secure access service edge (SASE) service with third-party services.

The post Cato Networks Launches SASE Platform for Partners appeared first on Security Boulevard.

CHOROLOGY.ai today emerged from stealth to apply generative artificial intelligence (AI) to data governance.

The post CHOROLOGY Emerges to Apply Generative AI to Data Governance appeared first on Security Boulevard.

In the ever-evolving landscape of cloud computing, Kubernetes is a cornerstone technology for container orchestration. As organizations increasingly use Kubernetes, assessing K8s maturity in this complex ecosystem is a critical way to understand where your organization is now and how (and why) to move to the next stage. Understanding your Kubernetes maturity can help determine whether or when it makes sense to consider a Managed Kubernetes-as-a-Service provider. 

The post When Should You Bring in a Managed Kubernetes-as-a-Service Provider? appeared first on Security Boulevard.

Hundreds of PC and server models may be affected by CVE-2024-0762, a privilege escalation and code execution flaw in Phoenix SecureCore UEFI firmware.

The post Hundreds of PC, Server Models Possibly Affected by Serious Phoenix UEFI Vulnerability appeared first on SecurityWeek.

AI model weights govern outputs from the system, but altered or ‘poisoned’, they can make the output erroneous and, in extremis, useless and dangerous.

The post AI Weights: Securing the Heart and Soft Underbelly of Artificial Intelligence appeared first on SecurityWeek.

IRONSCALES has made generally available a phishing simulation tool that makes use of generative artificial intelligence (AI) to enable cybersecurity teams to create as many as 2,000 simulations of a spear phishing attack in less than an hour.

The post IRONSCALES Applies Generative AI to Phishing Simulation appeared first on Security Boulevard.

AMD has launched an investigation after a notorious hacker announced selling sensitive data allegedly belonging to the company.

The post AMD Investigating Breach Claims After Hacker Offers to Sell Data appeared first on SecurityWeek.

Donald Trump’s presidential campaign is known for aggressively trying to raise money, even sending emails to donors hoping to cash in on setbacks like his conviction late last month on 34 felony counts for illegally influencing the 2016 campaign. Bad actors now are trying to do the same, running donation scams by impersonating the campaign..

The post Cybercriminals Target Trump Supporters with Donation Scams appeared first on Security Boulevard.

A global survey of more than 1,033 security and IT leaders published today finds nearly two-thirds (65%) lack confidence that their existing security tooling cannot effectively detect breaches.

The post Survey Surfaces Lack of Confidence in Security Tools appeared first on Security Boulevard.

Or junk it if EOL: Two nasty vulnerabilities need an update—pronto.

The post ASUS Router User? Patch ASAP! appeared first on Security Boulevard.

Researchers have targeted the MTE security feature in Arm CPUs and showed how attackers could bypass protections.

The post New TikTag Attack Targets Arm CPU Security Feature  appeared first on SecurityWeek.

Unlike conventional energy sources, green hydrogen offers a way to store and transfer energy without emitting harmful pollutants, positioning it as essential to a sustainable and net-zero future. By converting electrical power from renewable sources into green hydrogen, these low-carbon-intensity energy storage systems can release clean, efficient power on demand through combustion engines or fuel cells. When produced emission-free, hydrogen can decarbonize some of the most challenging industrial sectors, such as steel and cement production, industrial processes, and maritime transport.

“Green hydrogen is the key driver to advance decarbonization,” says Dr. Christoph Noeres, head of green hydrogen at global electrolysis specialist thyssenkrupp nucera. This promising low-carbon-intensity technology has the potential to transform entire industries by providing a clean, renewable fuel source, moving us toward a greener world aligned with industry climate goals.

Accelerating production of green hydrogen

Hydrogen is the most abundant element in the universe, and its availability is key to its appeal as a clean energy source. However, hydrogen does not occur naturally in its pure form; it is always bound to other elements in compounds like water (H₂O). Pure hydrogen is extracted and isolated from water through an energy-intensive process called conventional electrolysis.

Hydrogen is typically produced today via steam-methane reforming, in which high-temperature steam is used to produce hydrogen from natural gas. Emissions produced by this process have implications for hydrogen’s overall carbon footprint: worldwide hydrogen production is currently responsible for as many CO₂ emissions as the United Kingdom and Indonesia combined.

A solution lies in green hydrogen—hydrogen produced using electrolysis powered by renewable sources. This unlocks the benefits of hydrogen without the dirty fuels. Unfortunately, very little hydrogen is currently powered by renewables: less than 1% came from non-fossil fuel sources in 2022.

A massive scale-up is underway. According to McKinsey, an estimated 130 to 345 gigawatts (GW) of electrolyzer capacity will be necessary to meet the green hydrogen demand by 2030, with 246 GW of this capacity already announced. This stands in stark contrast to the current installed base of just 1.1 GW. Notably, to ensure that green hydrogen constitutes at least 14% of total energy consumption by 2050, a target that the International Renewable Energy Agency (IRENA) estimates is required to meet climate goals, 5,500 GW of cumulative installed electrolyzer capacity will be required.

However, scaling up green hydrogen production to these levels requires overcoming cost and infrastructure constraints. Becoming cost-competitive means improving and standardizing the technology, harnessing the scale efficiencies of larger projects, and encouraging government action to create market incentives. Moreover, the expansion of renewable energy in regions with significant solar, hydro, or wind energy potential is another crucial factor in lowering renewable power prices and, consequently, the costs of green hydrogen.

Electrolysis innovation

While electrolysis technologies have existed for decades, scaling them up to meet the demand for clean energy will be essential. Alkaline Water Electrolysis (AWE), the most dominant and developed electrolysis method, is poised for this transition. It has been utilized for decades, demonstrating efficiency and reliability in the chemical industry. Moreover, it is more cost effective than other electrolysis technologies and is well suited to be run directly with fluctuating renewable power input. Especially for large-scale applications, AWE demonstrates significant advantages in terms of investment and operating costs. “Transferring small-scale manufacturing and optimizing it towards mass manufacturing will need a high level of investment across the industry,” says Noeres.

Industries that already practice electrolysis, as well as those that already use hydrogen, such as fertilizer production, are well poised for conversion to green hydrogen. For example, thyssenkrupp nucera benefits from a decades-long heritage using electrolyzer technology in the chlor-alkali process, which produces chlorine and caustic soda for the chemical industry. The company “is able to use its existing supply chain to ramp up production quickly, a distinction that all providers don’t share,” says Noeres.

Alongside scaling up existing solutions, thyssenkrupp nucera is developing complementary techniques and technologies. Among these are solid oxide electrolysis cells (SOEC), which perform electrolysis at very high temperatures. While the need for high temperatures means this technique isn’t right for all customers, in industries where waste heat is readily available—such as chemicals—Noeres says SOEC offers up to 20% enhanced efficiency and reduces production costs.

Thyssenkrupp nucera has entered into a strategic partnership with the renowned German research institute Fraunhofer IKTS to move the technology toward applications in industrial manufacturing. The company envisages SOEC as a complement to AWE in the areas where it is cost effective to reduce overall energy consumption. “The combination of AWE and SOEC in thyssenkrupp nucera’s portfolio offers a unique product suite to the industry,” says Noeres.

While advancements in electrolysis technology and the diversification of its applications across various scales and industries are promising for green hydrogen production, a coordinated global ramp-up of renewable energy sources and clean power grids is also crucial. Although AWE electrolyzers are ready for deployment in large-scale, centralized green hydrogen production facilities, these must be integrated with renewable energy sources to truly harness their potential.

Making the green hydrogen market

Storage and transportation remain obstacles to a larger market for green hydrogen. While hydrogen can be compressed and stored, its low density presents a practical challenge. The volume of hydrogen is nearly four times greater than that of natural gas, and storage requires either ultra-high compression or costly refrigeration. Overcoming the economic and technical hurdles of high-volume hydrogen storage and transport will be critical to its potential as an exportable energy carrier.

In 2024, several high-profile green hydrogen projects launched in the U.S., advancing the growth of green hydrogen infrastructure and technology. The landmark Inflation Reduction Act (IRA) provides tax credits and government incentives for producing clean hydrogen and the renewable electricity used in its production. In October 2023, the Biden administration announced $7 billion for the country’s first clean hydrogen hubs, and the U.S. Department of Energy further allocated $750 million for 52 projects across 24 states to dramatically reduce the cost of clean hydrogen and establish American leadership in the industry. The potential economic impact from the IRA legislation is substantial: thyssenkrupp nucera expects the IRA to double or triple the U.S. green hydrogen market size.

“The IRA was a wake-up call for Europe, setting a benchmark for all the other countries on how to support the green hydrogen industry in this startup phase,” says Noeres. Germany’s H2Global scheme was one of the first European efforts to facilitate hydrogen imports with the help of subsidies, and it has since been followed up by the European Hydrogen Bank, which provided €720 million for green hydrogen projects in its pilot auction. “However, more investment is needed to push the green hydrogen industry forward,” says Noeres.

In the current green hydrogen market, China has installed more renewable power than any other country. With lower capital expenditure costs, China produces 40% of the world’s electrolyzers. Additionally, state-owned firms have pledged to build an extensive 6,000-kilometer network of pipelines for green hydrogen transportation by 2050.

Coordinated investment and supportive policies are crucial to ensure attractive incentives that can bring green hydrogen from a niche technology to a scalable solution globally. The Chinese green hydrogen market, along with that of other regions such as the Middle East and North Africa, has advanced significantly, garnering global attention for its competitive edge through large-scale projects. To compete effectively, the EU must create a global level playing field for European technologies through attractive investment incentives that can drive the transition of hydrogen from a niche to a global-scale solution. Supportive policies must be in place to also ensure that green products made with hydrogen, such as steel, are sufficiently incentivized and protected against carbon leakage.

A comprehensive strategy, combining investment incentives, open markets, and protection against market distortions and carbon leakage, is crucial for the EU and other countries to remain competitive in the rapidly evolving global green hydrogen market and achieve a decarbonized energy future. “To advance several gigawatt scale or multi-hundred megawatts projects forward,” says Noeres, “we need significantly more volume globally and comparable funding opportunities to make a real impact on global supply chains.”

This content was produced by Insights, the custom content arm of MIT Technology Review. It was not written by MIT Technology Review’s editorial staff.

A British man has been arrested in Spain for allegedly being the ringleader of the notorious Scattered Spider cybercrime group.

The post UK Man Suspected of Being ‘Scattered Spider’ Leader Arrested appeared first on SecurityWeek.

Microsoft president says the company accepts full responsibility for every cybersecurity issue raised in a recent Cyber Safety Review Board report created by multiple officials from several U.S. government agencies

The post Microsoft Accepts Responsibility for U.S. Government Security Breaches appeared first on Security Boulevard.

Introduction Recently, we posted a blog discussing the complexity of enforcing Single Sign-On (SSO) within Salesforce and the frequent misconfigurations we encounter at Obsidian Security. A striking statistic from our observations: 60% of Obsidian’s customers initially have local access without Multi-Factor Authentication (MFA) configured for Salesforce. This is a significant security gap that Obsidian works […]

The post The Growing Importance of Securing Local Access in SaaS Applications appeared first on Obsidian Security.

The post The Growing Importance of Securing Local Access in SaaS Applications appeared first on Security Boulevard.

QR codes have been around for three decades, but it wasn’t until the COVID-19 pandemic hit in 2020 that they got wide use, with restaurants, health care facilities, and other businesses turning to them to customers contactless ways to read menus, buy items, or track the health of people in their buildings. Around the same..

The post A New Tactic in the Rapid Evolution of QR Code Scams appeared first on Security Boulevard.

Copilot Plus? More like Copilot Minus: Redmond realizes Recall requires radical rethink.

The post Recall ‘Delayed Indefinitely’ — Microsoft Privacy Disaster is Cut from Copilot+ PCs appeared first on Security Boulevard.

Microsoft is not rolling out Recall with Copilot+ PCs as it’s seeking additional feedback and working on improving security.

The post Microsoft Delaying Recall Feature to Improve Security appeared first on SecurityWeek.

The rise in U.S.-politics-themed scams indicates that adversarial nation states understand the significance of election years.

The post Chinese Threats Aim for Government Sector  appeared first on Security Boulevard.

Companies are achieving revenue growth by addressing the needs of mid-market enterprises, offering tailored solutions that provide high value at a competitive price point.

The post SASE Market Growth Continues, Led by Cisco, Zscaler  appeared first on Security Boulevard.

Analysis and insights on the prevalence and impact of password exposure vulnerabilities in ICS and other OT products.

The post Prevalence and Impact of Password Exposure Vulnerabilities in ICS/OT  appeared first on SecurityWeek.

At the RSA Conference last month, Netcraft introduced a generative AI-powered platform designed to interact with cybercriminals to gain insights into the operations of the conversational scams they’re running and disrupt their attacks. At the time, Ryan Woodley, CEO of the London-based company that offers a range of services from phishing detection to brand, domain,..

The post Netcraft Uses Its AI Platform to Trick and Track Online Scammers appeared first on Security Boulevard.

Location tracking service leaks PII, because—incompetence? Seems almost TOO easy.

The post Tile/Life360 Breach: ‘Millions’ of Users’ Data at Risk appeared first on Security Boulevard.

It’s no secret that hospitals and other health care organizations are among the top targets for cybercriminals. The ransomware attacks this year on UnitedHealth Group’s Change Healthcare subsidiary, nonprofit organization Ascension, and most recently the National Health Service in England illustrate not only the damage to these organizations’ infrastructure and the personal health data that’s..

The post Connecticut Has Highest Rate of Health Care Data Breaches: Study appeared first on Security Boulevard.