December 15, 2021 WaterISAC Cyber Threat Briefing
WaterISAC convened its monthly Water Sector Cyber Threat Briefing on December 15. WaterISAC Director of Infrastructure Cyber Defense Jennifer Lyn Walker presented.
Cybersecurity
Conti Ransomware Targets Multiple Entities in Australia, Government Warns
Multiple Australian organizations have been impacted by Conti ransomware attacks in November and December 2021, according to the Australian Cyber Security Centre (ACSC). The ransomware attacks have occurred across multiple sectors, such as electric utilities and healthcare. According to an ACSC advisory, “Victims have received demands for ransom payments.
Security Awareness – Unpacking a Qbot Malware Attack
Security researchers at Microsoft have broken down the attack chain of the Qbot malware into distinct “building blocks,” to help defenders understand and ultimately thwart the various tactics threat actors employ to infiltrate and then deploy the Qbot malware. Qbot is a widespread Windows malware cyber criminals use to steal credentials, propagate to other systems and networks, and provide remote access to ransomware groups. Qbot usually spreads via phishing campaigns or by another malware infection.
OT/SCADA Security – Why the Log4j Vulnerability Matters to OT
Yesterday, WaterISAC sent a general advisory regarding the Log4j (CVE-2021-44228) vulnerability. Given the ubiquitous use of the Log4j Java logging library and ease and severity of exploitation, members are encouraged to review and take immediate action to assess the impact and address any vulnerability within their environments.
CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - December 14, 2021
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Alerts, Updates, and Bulletins:
CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - December 9, 2021
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
- Hitachi Energy GMS600, PWC600, and Relion
- WECON LeviStudioU - Product Used in the Water and Wastewater and Energy Sectors
Alerts, Updates, and Bulletins:
Threat Awareness – Emotet Up to its Old Trick(bot) and Some New Ones Too
Since last month’s re-emergence of Emotet – Everybody’s Email Enemy #1 – we’ve observed its rekindling with Trickbot to spread and propensity for proliferating ransomware attacks. However, the last 10 months since its global takedown effort appear to have been time well-spent for the malware as it has come up with some new tricks.
Google Disrupts Large Botnet, Files Lawsuit against Russian Threat Actors
On Tuesday, Google took significant steps to disrupt and degrade the Glupteba botnet, which now controls over 1 million Windows PCs worldwide. Glupteba is a blockchain-enabled modular malware that has targeted Windows devices globally since at least 2011. Threat actors can then use the infected devices for malign purposes, such as stealing credentials or personally identifiable information.
Ransomware Awareness – New Decryption Key for STOP Ransomware Released
The cybersecurity firm G DATA just released a vaccine for the STOP ransomware variant. This decryption tool is notable given that STOP ransomware is one of the most active ransomware variants in the wild that no one talks about. In fact, of the thousands of ID Ransomware submissions received every day, during active ransomware periods, 60 to 70 percent are STOP ransomware submissions. The vaccine does not prevent an initial infection of the ransomware.
OT/ICS Security and Resilience – Humans, Basics, and Use Cases
Last week, WaterISAC shared a use case about the recent plan of the East Cherry Creek Valley Water and Sanitation District to upgrade its PLCs, RTUs, radios, SCADA system—and cybersecurity—in its water treatment system.
Pages
