Act Now: CISA Insights on Mitigating Attacks Against Uninterruptable Power Supply Devices
Act Now: Members are urged to address this information with the utmost scrutiny and timeliness.
Cybersecurity
Security Awareness – Phishing Scams Continue Leveraging Tax Season Lures
Threat actors continue leveraging the U.S. tax season across multiple campaigns to scam unsuspecting victims. Last week, WaterISAC reported on a tax-themed phishing campaign that led to Emotet infections.
How are Adversaries Likely to Gain Access Into Your ICS/OT Network?
There is no doubt that some threat actors possess the tradecraft to break directly into ICS/OT networks by exploiting vulnerabilities. Likewise, some actors simply stumble upon the opportunity, typically via unsecured internet accessible devices. However, more frequently, initial access to ICS/OT networks is obtained from a third vector that we may place a little too much trust in.
CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - March 29, 2022
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - March 24, 2022
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
FBI Releases the Internet Crime Complaint Center 2021 Internet Crime Report
The FBI’s Internet Crime Complaint Center (IC3) published its 2021 Internet Crime Report. The project draws data from 847,376 complaints of suspected internet crime reported to the FBI. Reports in 2021 represent a 7 percent increase in complaints from the 2020 report with reported losses exceeding $6.9 billion. The top three cyber crimes reported by victims in 2021 were phishing scams, non-payment/non-delivery scams, and personal data breaches. Victims lost the most money to business email compromise scams and investment fraud.
Keep Your Shields Up, Don’t Panic, and Bolster Resilience Against Potential Russian Cyber Attacks on Critical Infrastructure
In a follow up to White House statements on Monday, March 21, 2022 regarding evolving intelligence, the Cybersecurity and Infrastructure Security Agency (CISA) convened an unclassified call on Tuesday to address observed Russian Government preparatory cyber activity against the U.S.
CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - March 22, 2022
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Alerts, Updates, and Bulletins:
Don’t Panic, but Don’t be Complacent – Act Now to Protect the Services Americans Rely On Against Potential Cyber Attacks from Russian State-Sponsored Actors
Multiple statements emanated from the White House yesterday regarding evolving intelligence that the Russian government is exploring options for potential cyber attacks and that preparatory actions have been observed against U.S. critical infrastructure. WaterISAC posted and distributed an advisory, Update from the White House – Act Now to Protect Against Potential Cyber Attacks, shortly after the initial White House release.
Threat Awareness – Microsoft and Okta Investigating Data Leaks
The cybercriminal group Lapsus$ claims to have successfully compromised Microsoft’s internal Azure DevOps server and stolen source code for Bing, Cortana virtual assistant, and other projects. Yesterday, the threat actors leaked around 40 Gb of data stolen from Microsoft and claimed to have targeted LGE corporation and identity and access management company Okta. Lapsus$ is a data extortion cyber group that compromises business networks to steal source code, customer lists, databases, and other valuable data.
Pages
