Cybersecurity

FBI and Other International Law Enforcement Disrupt Business Email Compromise Schemes

This week, the FBI announced another global law enforcement operation that successfully disrupted Business Email Compromise (BEC) schemes. BEC scams typically target employees of businesses that make payments via wire transfers. These fraudsters usually gain access to a company’s email accounts or spoof their email addresses to send legitimate sounding and well-timed requests for wire transfers, according to the FBI. Over a three-month period, the FBI conducted Operation Eagle Sweep, where they arrested 65 suspected BEC fraudsters in the U.S. and overseas.

Read more about FBI and Other International Law Enforcement Disrupt Business Email Compromise Schemes

Cyber Hygiene – World Backup Day

Today is World Backup Day and in honor of this celebration WaterISAC is reminding all members of the importance of keeping multiple secure backups to ensure the security and resilience of their data and technical operations. One of the most efficient methods for backing up your data is the “3-2-1” approach. The first part entails maintaining three separate copies of the data, one is the original version and the other two serve as backups. Second, two backup copies should be stored on different types of media, such as an external thumb drive, tape drive, or cloud infrastructure.

Read more about Cyber Hygiene – World Backup Day

FBI PIN: Ransomware Attacks Straining Local US Governments and Public Services

The FBI has published a TLP:WHITE Private Industry Notification (PIN) warning that ransomware attacks are straining local U.S. governments and public services. The FBI has been tracking cyber actors conducting ransomware attacks on local government agencies that have resulted in disrupted operational services, risks to public safety, and financial losses. Based on victim incident reporting, the Government Facilities Sector (GSF) was the second highest victimized sector of ransomware attacks, between January and December 2021.

Read more about FBI PIN: Ransomware Attacks Straining Local US Governments and Public Services

SpringShell (“Spring4Shell”) – What it is and What it is Not (from what we know so far)

Over the past couple of days a developing situation regarding a remote code execution (RCE) vulnerability in Java’s Spring Framework has been surrounded with hype and rumors. Given the confusion, here are a few points and resources to explain.

Despite the seemingly sensationalized and similar nickname, until more is known, this vulnerability is not assessed to be as serious as “log4shell.” However, given this is an RCE vulnerability, utilities are encouraged to have their system administrators review available information and assess impact within your environment.

Read more about SpringShell (“Spring4Shell”) – What it is and What it is Not (from what we know so far)

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - March 31, 2022

The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:

ICS Vulnerability Advisories:

Read more about CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - March 31, 2022

Act Now: CISA Insights on Mitigating Attacks Against Uninterruptable Power Supply Devices

Act Now: Members are urged to address this information with the utmost scrutiny and timeliness.

Read more about Act Now: CISA Insights on Mitigating Attacks Against Uninterruptable Power Supply Devices

Security Awareness – Phishing Scams Continue Leveraging Tax Season Lures

Threat actors continue leveraging the U.S. tax season across multiple campaigns to scam unsuspecting victims. Last week, WaterISAC reported on a tax-themed phishing campaign that led to Emotet infections.

Read more about Security Awareness – Phishing Scams Continue Leveraging Tax Season Lures

How are Adversaries Likely to Gain Access Into Your ICS/OT Network?

There is no doubt that some threat actors possess the tradecraft to break directly into ICS/OT networks by exploiting vulnerabilities. Likewise, some actors simply stumble upon the opportunity, typically via unsecured internet accessible devices. However, more frequently, initial access to ICS/OT networks is obtained from a third vector that we may place a little too much trust in.

Read more about How are Adversaries Likely to Gain Access Into Your ICS/OT Network?

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - March 29, 2022

The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:

ICS Vulnerability Advisories:

Read more about CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - March 29, 2022

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - March 24, 2022

The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:

ICS Vulnerability Advisories:

Read more about CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - March 24, 2022

You are here

Cybersecurity

FBI and Other International Law Enforcement Disrupt Business Email Compromise Schemes

Cyber Hygiene – World Backup Day

FBI PIN: Ransomware Attacks Straining Local US Governments and Public Services

SpringShell (“Spring4Shell”) – What it is and What it is Not (from what we know so far)

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - March 31, 2022

Act Now: CISA Insights on Mitigating Attacks Against Uninterruptable Power Supply Devices

Security Awareness – Phishing Scams Continue Leveraging Tax Season Lures

How are Adversaries Likely to Gain Access Into Your ICS/OT Network?

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - March 29, 2022

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - March 24, 2022

Pages

You are here

Cybersecurity

Pages

Footer Email Signup