The following posts are useful for general awareness of current threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
ICS/OT/SCADA Vulnerabilities & Threats
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
CISA Releases Two Industrial Control Systems Advisories
Products are used across multiple sectors, please check these latest advisories for specific equipment used across your ICS environments and address accordingly.
Talos has written a blog discussing the potential risks that will arise as threat actors begin to experiment with AI-powered capabilities. While the practical deployment of AI is still in its infancy, there are some predicted areas of concern.
Sophos has written a blog describing its investigation into a social engineering-based attack chain that used a unique approach to get the victim to click on a malicious payload. This peer-pressure based tactic allowed the attackers to infect the network, despite the victim quickly detecting it.
As originally heard during WaterISAC’s July Cyber Threat Briefing, MITRE is extending an offer to 5 water or wastewater utilities to participate in its NO-COST research project that will aid in gaining valuable insights into your OT environment. Don’t delay! MITRE is looking to finalize the participants before the end of August.
The goal of this project is to:
The following posts are useful for general awareness of current threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
ICS/OT/SCADA Vulnerabilities & Threats
by Jennifer Lyn Walker
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
CrowdStrike released its 2023 Threat Hunting Report, with a key takeaway being that the average time between attackers gaining an initial foothold on a victim’s network and compromising additional devices is 79 minutes, down from 84 minutes in 2022.
Proofpoint has written a blog discussing its research into an EvilProxy-based campaign targeting high-level business leaders across 100 global organizations. Successful cloud account takeover incidents have increased over 100 percent over the last six months, with the ultimate goal of establishing persistent access to executive’s business accounts.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
