The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
The Cybersecurity and Infrastructure Security Agency (CISA), along with the FBI, National Security Agency (NSA), Australian Cyber Security Centre (ACSC), and the United Kingdom’s National Cyber Security Centre (NCSC-UK), just published a joint Cybersecurity Advisory outlining the growing international threat posed by ransomware over the past year. The advisory, 2021 Trends Show Increased Globalized Threat of Ransomware, summarizes the top ransomware trends observed across all three countries.
The FBI has published a Public Service Announcement (PSA) regarding the increasing practice of Subscriber Identity Module (SIM) swapping by criminals to steal money from fiat and virtual currency accounts. In 2021 alone, the FBI received 1,611 SIM swapping complaints with losses of more than $68 million. According to the FBI, “SIM swapping is a malicious technique where criminal actors target mobile carriers to gain access to victims' bank accounts, virtual currency accounts, and other sensitive information.
Qbot/Qakbot remains one of the most widespread malware variants. A new report from researchers at DFIR reveal that Qbot is used to steal sensitive data and execute other malign tasks in a very short time frame. Qbot, which WaterISAC reported on last year, is a highly modular malware used for many nefarious activities such as credential harvesting and dropping ransomware. Qbot usually spreads via phishing emails.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Alerts, Updates, and Bulletins:
The FBI has published a TLP:WHITE FLASH providing indicators of compromise associated with LockBit 2.0 ransomware. The FLASH indicates LockBit 2.0 threat actors operate as an affiliate run Ransomware-as-a-Service (RaaS) and employ a wide variety of tactics, techniques, and procedures (TTPs), creating significant challenges for defense and mitigation. Some techniques these threat actors include, but are not limited to, purchased access, unpatched vulnerabilities, insider access, and zero day exploits.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Many organizations are not utilizing the cybersecurity features offered by Microsoft 365, according to research from the IT company Ensono. For its research Ensono surveyed IT staff whose companies use Microsoft 365. Some key findings from the survey reveal that 38 percent of respondents are not using multi-factor authentication, only 43 percent have Conditional Access setup, and 46 percent do have data loss prevention or data classification configured.
A recently observed phishing campaign is utilizing malicious CSV text files to install the BazarLoader/BazarBackdoor trojan. BazarBackdoor is a backdoor malware created by the TrickBot gang to provide threat actors with remote access to a compromised device which can then be used to move laterally through a corporate network, install more malware, steal data, and deploy ransomware.
Data leaks, for whatever reason, are costly. However, financial recovery costs and costs due to damaged trust and reputation are not the only ramifications. Lost data often finds its way into the hands of advanced adversaries who use it for reconnaissance efforts to learn about potential targets, including critical infrastructure organizations.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
