Pulse Connect Secure (PCS) SSL VPN - Vulnerabilities being Actively Exploited - Updated July 22, 2021
Reminder: If your utility uses Ivanti Pulse Connect Secure (PCS) SSL VPN, WaterISAC highly recommends tracking and reviewing current notifications/alerts/advisories for important developments.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Alerts, Updates, and Bulletins:
In the survey conducted by the Water Sector Coordinating Council, Cybersecurity: 2021 State of the Sector, participants were asked about concerns regarding the exchange of organizational information on cybersecurity threats, vulnerabilities, mitigation, and security incidents with external organizations. While over 30% identified no barriers, 60% noted lack of know-how (37.76%) and lack of trust around maintaining confidentiality of information shared (22.39%).
Attention: Environments that support printing through all supported (and Extended Security Update) versions of Windows OS are encouraged to regularly track and address updates to this vulnerability.
Update July 19, 2021
CISA launched a StopRansomware initiative to bring greater awareness to this global cyber threat epidemic. The newly refreshed page has been rebranded and reorganized, and offers consolidated ransomware resources from all federal government agencies. While CISA did register a separate domain (stopransomware.gov) – presumably so they control it and so it’s not taken over by miscreants – the new domain redirects to a cisa.gov root domain (at least for the moment).
Yesterday, SonicWall issued an urgent security notice regarding a critical risk to Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products running unpatched and end-of-life (EOL) 8.x firmware. Specifically, stolen credentials targeting the products are being used in a ransomware campaign.
Update July 15, 2021
CISA has created a webpage for relevant resources regarding the Kaseya ransomware incident. Kaseya Ransomware Attack: Guidance for Affected MSPs and their Customers can be accessed at CISA.
Kaseya VSA SaaS Infrastructure has been Updated – Updated July 12, 2021
Many know Joe Weiss as a passionate proponent of ICS cybersecurity for control system process/sensor (level 0,1) devices. In this recent post he offers several points worthy of consideration on the importance of technology to monitor sensors. The discussion includes multiple water system examples. Read more at Control Global.
While some water and wastewater utilities are able to maintain strict separation between OT and IT networks and the internet, that is not the reality for all. Credential leaks, credential reuse across sites, services, and systems, along with the ability to discover internet accessible and insecure control systems through open source search engines such as Shodan and Censys provide threat actors with plenty of opportunity to gain remote access to OT systems.
Today Jen Easterly was sworn in as director of the Cybersecurity and Infrastructure Security Agency (CISA), following the Senate’s unanimous approval of her in a confirmation vote yesterday. She takes over leading the agency from CISA Executive Director Brandon Wales, who has served as acting director since November.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
