While your cyber insurance policy may help alleviate some of the financial costs associated with a ransomware attack, researchers at Advanced Intelligence explain how details of the policy could also be used against you. Recently leaked training material reveals how Conti ransomware attackers exploit legitimate software to gain access to a network and search for cyber insurance policies.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
A new study from the Ponemon Institute finds that the financial costs incurred from phishing scams has significantly increased over the past six years. The report, titled The Ponemon 2021 Cost of Phishing Study, concludes the average annual cost of a phishing scam in 2021 is approximately $15 million for a 9,600-employee organization, or around $1,500 per employee. The study also highlights that the inability for organizations to contain malware is one factor behind the increasing cost of phishing attacks.
Cybercriminals are now leveraging legitimate document signature service platforms to conduct phishing scams according to recent reports. In this campaign, cybercriminals are utilizing free accounts from the cloud-based DocuSign service to trick email recipients into clicking on links that introduce malware into their systems and networks. Although researchers debate the novelty of this tactic, they all agree that these attacks are becoming more prevalent.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Ransomware groups are reportedly utilizing the PrintNightmare vulnerabilities to gain access to Windows devices. Currently, the Magniber ransomware gang is the only known threat group exploiting the PrintNightmare vulnerability. Magniber has been active since October 2017, and while most of the current victims appear to be in South Korea, given the widespread use of Windows Print Spooler and challenges in mitigating, this is a threat to track.
In today’s digitally interconnected global community, almost every organization will experience a data breach at some point. Data breaches come in many forms and include: data accessed by an unauthorized third party, theft of login data, loss of an electronic device, and confidential data distributed to a mailing list. In 2020, more than 37 billion records were exposed at an average cost of $3.86 million per breach.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
With over ten years of experience and analysis tracking and responding to exploited vulnerabilities in OT networks, Dragos recently published a whitepaper with key findings to help all asset owners better remediate vulnerabilities. Out of more than 3000 ICS/OT impacting CVEs (Common Vulnerabilities and Exposures) that Dragos tracks, it has identified more than 400 that have at least one publicly available exploit enabling a low-skilled threat actor to knowingly and quickly bypass a security boundary.
The Cybersecurity and Infrastructure Security Agency (CISA) released a new training manual last week for current and future federal, state, local, tribal, and territorial personnel looking to develop their cybersecurity skills. This new guide, titled the Cybersecurity Workforce Training Guide, includes over 100 training and certification prep courses for cybersecurity professionals along with access to resources from across the government. These training programs and tools provide opportunities at every proficiency level, from beginner through advanced.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
