The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
The National Institute of Standards and Technology (NIST) has released an updated guidance document for helping organizations identify, assess and respond to cybersecurity risks throughout the supply chain. The updated guide, titled Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, offers specific methods for companies to adopt as they improve their ability to manage cybersecurity risks within and across their supply chains.
Security researchers have uncovered a phishing campaign targeting energy and other infrastructure companies by exploiting HTML attachments that contain credential stealing forms. In this specific campaign, the threat actor portrays the phishing email as a being from an internal source by leveraging the “Shared-Files via” feature of Microsoft 365 and masquerades as a transcript being sent to the victim. However, the email address, with a Japanese domain, is clearly visible. After downloading the HTML file, users are prompted to enter their Microsoft email password to access a fake invoice.
The Microsoft Threat Intelligence Center (MSTIC) just published a lengthy report providing an overview of the Ransomware-as-a-service (RaaS) threat and detailing what organizations can do to better defend against this activity. Microsoft has termed the RaaS gig economy as human-operated ransomware, where human threat actors make decisions at every stage of the attack. Despite the rising threat, there are many preventative steps organization can implement to harden their defenses. First, it’s important that companies practice credential hygiene.
Security researchers have uncovered a malicious cyber campaign that employs a novel anti-detection technique to deliver a trojan onto a targeted device. The campaign, first observed by Kaspersky, writes shellcode into Windows event logs that allows for a “fileless” last stage trojan to be hidden in a computer’s random-access memory. Injecting malware directly into system memory is what classifies as “fileless” and this technique allows threat actors to hide malicious payloads from traditional security and detection tools.
The FBI’s Internet Crime Complaint Center (IC3) has updated its Public Service Announcement (PSA) on the continuing threat of Business Email Compromise (BEC) scams. This latest PSA includes updated statistical data for the time frame of October 2013 to December 2021, which includes the estimate that during this period total domestic and international losses to BEC have amounted to over $43 billion.
While Coveware’s recent quarterly report, Ransomware Threat Actors Pivot from Big Game to Big Shame Hunting analyzes the broader ransomware threat picture, Dragos’ quarterly report, ICS/OT Ransomware Analysis: Q1 2022 looks at ICS/OT impacting ransomware.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Alerts, Updates, and Bulletins:
Security researchers have detected a new malware loader dubbed Bumblebee. The sophisticated malware appears to be a replacement for BazarLoader and is likely being used to gain initial access for follow on ransomware attacks and other malicious activity. Bumblebee is a highly sophisticated malware loader “that integrates intricate elaborate evasion techniques and anti-analysis tricks,” according to BleepingComputer. Researchers have detected a number of email campaigns distributing Bumblebee within ISO attachments.
Security researchers have identified a new strain of ransomware that is overwriting files larger than 2MB rather than encrypting them. In typical ransomware fashion, Onyx threat actors steal data from a compromised network before encrypting files and employ the all-too-common double-extortion tactic. However, the destructive action of deleting files larger than 2MB essentially prevents these files from being recovered. This behavior, whether intentional or accidental, further supports that there are no guarantees on data recovery when ransoms are paid.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
