Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware.
The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure Vulnerabilities & Threats
Yesterday, cybersecurity firm Censys shared live search queries showing hundreds of potentially exposed Versa Director servers (CVE-2024-39717) presenting an open attack surface for threat actors.
Analyst comment (Jennifer Lyn Walker): It’s unclear if KnowBe4 has any empirical data at all or is just rehashing widely available reporting and making assumptions or quoting statistics from other’s research – it seems more like the latter. However, what KnowBe4 typically does well is provide resources to help organizations improve cyber resilience. The report does mention a couple of old incidents that impacted the water and wastewater sector. We are providing this report simply for awareness.
CISA, the FBI, and the Department of Defense Cyber Crime Center (DC3) have issued a joint Cybersecurity Advisory: “Iran-based Cyber Actors Enabling Ransomware Attacks on U.S. Organizations.” The advisory aims to alert network defenders about ongoing threats from a group of Iran-based cyber actors known to the private sector as Pioneer Kitten, Parisite, Rubidium, and Lemon Sandstorm. As late as August 2024, this group has been targeting U.S.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS security advisories, along with additional alerts, updates, and bulletins:
ICS Advisories:
The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure Vulnerabilities, Threats & Incidents
Barracuda Networks recently conducted research analyzing 200 reported incidents from August 2023 to July 2024. The findings involved 37 countries, 36 different ransomware groups, and included incidents in all industry sectors including financial services, infrastructure, education, municipalities, healthcare and more. Barracuda research highlights the most prevalent ransomware groups, ransomware-as-a-service (RaaS) models, targeted industries, and certain leading indicators of an unfolding ransomware attack.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS security advisories, along with additional alerts, updates, and bulletins:
ICS Advisories:
Additional Alerts, Updates, and Bulletins:
In a recent blog post, CISA Associate Director for the JCDC, Clayton Romans highlights the progress and achievements of the JCDC over the past three years, specifically in creating collaborative relationships between government and the private sector. Romans emphasizes the importance of teamwork and shared expertise in enhancing cybersecurity measures, developing coordinated defense strategies, and responding effectively to emerging threats and technologies.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
