Cybersecurity

(Update: April 11, 2024) Incident Awareness – EPA Investigating Alleged Data Breach

The EPA has disclosed that the recent data leak by threat actor USDoD appears to include “business contact information already available to the public.” It is unclear if this statement refers to only a portion of the data, or all of it. They said the information was previously released to provide the public “a comprehensive picture of environmental impacts.” No further details regarding the exposed information were provided by the EPA amid ongoing investigation.

Read more about (Update: April 11, 2024) Incident Awareness – EPA Investigating Alleged Data Breach

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – April 11, 2024

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – April 11, 2024

The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:

ICS Vulnerability Advisories:

CISA Releases Nine Industrial Control Systems Advisories

Read more about CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – April 11, 2024

Supplemental Cyber Highlights – April 9, 2024

The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.

Critical Infrastructure

Read more about Supplemental Cyber Highlights – April 9, 2024

Ransomware Awareness – What’s Influencing the Dip During Q1 2024?

Ransomware attacks increased substantially in 2023 showing a 55% increase in victims worldwide and reaching 5,070 cases. While Q4 2023 erupted with 1309 cases, Q1 2024 saw a 22% decrease. The Hacker News gives two main reasons for last quarter’s dip in ransomware cases.

Read more about Ransomware Awareness – What’s Influencing the Dip During Q1 2024?

Threat Awareness – Evasive Malware, Latrodectus, Found in Various Phishing Campaigns

Since at least November 2023, a new malware called Latrodectus has been distributed in various phishing campaigns. The malware exhibits evasion functionality making it difficult to detect and shows qualities similar to the IcedID malware which threat actors used as an initial access broker (IAB) to sell unauthorized access to other threat actors facilitating further exploitation.

Read more about Threat Awareness – Evasive Malware, Latrodectus, Found in Various Phishing Campaigns

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – April 9, 2024

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – April 9, 2024

The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:

ICS Vulnerability Advisories:

CISA Releases One Industrial Control Systems Advisory

Read more about CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – April 9, 2024

Supplemental Cyber Highlights – April 4, 2024

Critical Infrastructure

Read more about Supplemental Cyber Highlights – April 4, 2024

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – April 4, 2024

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – April 4, 2024

The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:

ICS Vulnerability Advisories:

CISA Releases Two Industrial Control Systems Advisories

Read more about CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – April 4, 2024

Ransomware Resilience – What Utilities Should Keep in Mind and Key Takeaways from the Sophos Report

Ransomware resilience is more than just having validated backups for restoring your systems after a ransomware attack, vulnerability management has a lot to do with it too – that could be patching or addressing through compensating controls if patching is not possible. While ransomware attacks have negative outcomes no matter the attack vector, Sophos explains that exploiting unpatched vulnerabilities has the greatest business impact.

Read more about Ransomware Resilience – What Utilities Should Keep in Mind and Key Takeaways from the Sophos Report

Cyber Resilience – E-ISAC’s GridEx VII Provides Lessons for Water and Wastewater Utilities

The Electricity Information Sharing and Analysis Center (E-ISAC), a WaterISAC partner, has released its GridEx VII Lessons Learned Report, its seventh biennial grid security and resilience exercise which took place in November 2023. The exercise is the largest of its kind in North America and included over 15,000 participants from approximately 250 North American organizations including water and wastewater utilities.

Read more about Cyber Resilience – E-ISAC’s GridEx VII Provides Lessons for Water and Wastewater Utilities

You are here

Cybersecurity

(Update: April 11, 2024) Incident Awareness – EPA Investigating Alleged Data Breach

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – April 11, 2024

Supplemental Cyber Highlights – April 9, 2024

Ransomware Awareness – What’s Influencing the Dip During Q1 2024?

Threat Awareness – Evasive Malware, Latrodectus, Found in Various Phishing Campaigns

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – April 9, 2024

Supplemental Cyber Highlights – April 4, 2024

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – April 4, 2024

Ransomware Resilience – What Utilities Should Keep in Mind and Key Takeaways from the Sophos Report

Cyber Resilience – E-ISAC’s GridEx VII Provides Lessons for Water and Wastewater Utilities

Pages

You are here

Cybersecurity

Pages

Footer Email Signup