The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS security advisories, along with additional alerts, updates, and bulletins:
ICS Advisories:
Threat actors have recently been observed deploying tactics that evade cybersecurity phishing defenses, namely Natural Language Processing (NLP) detection methods. NLP involves analyzing the language used in emails or other text to identify patterns or phrases that may indicate spam or phishing attempts. It has gotten more advanced and effective as AI technology has advanced in recent years. NLP methods are similar to behavioral analysis tools, which go beyond regular anti-virus methods for detecting threats by looking for adverse patterns or anomalies.
Yesterday, CISA and the FBI released joint guidance on Product Security Bad Practices, giving an overview of exceptionally risky product security practices for software manufacturers who produce software in support of critical infrastructure or national critical functions.
Yesterday, CISA and other federal and international partners released a joint Cybersecurity Advisory (CSA) “Iranian Cyber Actors' Brute Force and Credential Access Activity Compromise Critical Infrastructure.” The advisory highlights known indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) used by Iranian cyber threat actors to disrupt organizations across critical infrastructure sectors.
October 15, 2024
Last week, the NSA, FBI, and other federal and international partners issued a joint Cybersecurity Advisory (CSA) “Update on SVR Cyber Operations and Vulnerability Exploitation”. The joint CSA warns of ongoing Russian Federation Foreign Intelligence Service (SVR) cyber threats, highlighting how SVR actors are currently exploiting a set of software vulnerabilities and have intentions to exploit additional vulnerabilities.
The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure Resilience & OT/ICS Vulnerability Management
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS security advisories, along with additional alerts, updates, and bulletins:
ICS Advisories:
CISA has observed cyber threat actors leveraging unencrypted persistent cookies managed by the F5 BIG-IP Local Traffic Manager (LTM) module to enumerate other non-internet facing devices on the network. F5 BIG-IP is a suite of hardware and software solutions designed to manage and secure network traffic. A malicious cyber actor could leverage the information gathered from unencrypted persistence cookies to infer or identify additional network resources and potentially exploit vulnerabilities found in other devices present on the network.
Microsoft has recently observed more attack campaigns misusing file hosting services and which are increasingly using defense evasion tactics involving files with restricted access and view-only restrictions. They issued a warning in their threat intelligence blog on Tuesday, explaining that these attacks are intended to compromise identities and devices, and usually lead to further business email compromise (BEC) attacks.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
