You are here

Home » Cybersecurity

Cybersecurity

Irish Utility Experiences Water Disruption after Politically Motivated Threat Actor Compromises Israeli Pumping System

Last week, a group of unknown threat actors compromised a water pumping system for a "private group water scheme" in the Erris area of Ireland, resulting in the loss of water for 180 homeowners for two days. The perpetrators said the equipment - a "Eurotronics Israeli-made water pumping system" - was targeted due to the fact it originated in Israel, in an incident reminiscent of the recent exploitation of Unitronics PLCs.

2023 Holiday Shopping Scams (Updated December 5, 2023)

December 5, 2023

In this update on 2023 Holiday Shopping Scams, WaterISAC alerts members that reports indicate cyber criminals are currently targeting SaaS services and utilizing AI technology, social media phishing, and brand impersonation to pilfer from various sectors. Companies may want to consider proactive measures, such as manual or automated takedown services, to maintain consumer trust during the bustling holiday shopping season.

CISA Releases Advisory on Threat Actors Exploiting CVE-2023-26360 Vulnerability in Adobe ColdFusion

Today, CISA released a cybersecurity advisory “Threat Actors Exploit Adobe ColdFusion CVE-2023-26360 for Initial Access to Government Servers,” in response to confirmed exploitation of CVE-2023-26360 by unidentified threat actors at a federal civilian executive branch agency. This vulnerability presents as an improper access control issue impacting specific versions of Adobe ColdFusion, some of which are no longer supported. 

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – December 5, 2023

The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:

ICS Vulnerability Advisories:

CISA Releases Two Industrial Control Systems Advisories

Products are used across multiple sectors, please check these latest advisories for specific equipment used across your ICS environments and address accordingly.

WaterISAC Advisory: (TLP:CLEAR) CISA and Partners Confirm Additional Activity into Exploitation of Unitronics PLCs Across the U.S. Water and Wastewater Sector

WaterISAC would like to remind members that this activity is notable and action is urged as it highlights that we aren’t necessarily targets for who/where we are, but for what we have (data or components) and how accessible (vulnerable/exploitable) it isregardless of the size of our organization or how many people we service.

Executive Summary

(TLP:CLEAR) Water Utility Control System Cyber Incident Advisory: ICS/SCADA Incident at Municipal Water Authority of Aliquippa (Updated November 30, 2023)

As WaterISAC continues to monitor for more information regarding this incident, we would like to make members aware that this may not be an isolated incident. There have been a few open source reports about additional incidents with similar characteristics having occurred at other US water and wastewater utilities. WaterISAC is currently attempting to confirm those reports.

Based on this information, as a reminder members are highly encouraged to:

Pages

Subscribe to Cybersecurity