A small electric cooperative was the apparent victim of a ransomware attack that caused significant disruption and damage last month. On November 7, Delta-Montrose Electric Association (DMEA) discovered a breach on its internal enterprise network. As a result of the attack, the utility lost 90 percent of its enterprise network functions and large amounts of data, including saved documents and spreadsheets.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Amid greater adoption of anti-phishing software and increased awareness of phishing scams, threat actors are increasingly incorporating low-tech phone scams to spoof unknowing victims. A recent campaign involves emailing fake Amazon and Apple invoices informing recipients they have just purchased a very expensive item. The recipients are prompted to call a number in the email if they wish to get refund – a ploy that has a great deal of success as victims hastily want to stop/prevent a high-dollar charge.
The nefarious Emotet malware, which recently reappeared, continues to evolve its propagation methods. The malware is now being delivered by malicious Windows App Installer packages that profess to be Adobe PDF software. WaterISAC previously reported on the reemergence of this malware that spreads via phishing emails and malicious attachments, and often leads to ransomware attacks.
With control systems at water and wastewater utilities having been installed before cybersecurity was even a thing 20 - 30+ years ago, many utilities are now faced with having to replace those aged, insecure, and obsolete systems and devices. However, after such longevity, could there be a concern that once systems start being replaced, these new OT devices will follow a similar fate as their IT counterparts and commence on a path of having to be replaced every 5 years or less? Not necessarily.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
November 30, 2021 is National Computer Security Day, a yearly reminder to implement cybersecurity best practices to ensure your device and your organization’s network are secured against malicious threats. The pandemic has led to many employees using their home computers for remote work, leading to an expanding attack surface for threat actors to exploit. Despite the threats, there are a number of steps you can implement to ensure your home computer is secure.
Based on extensive experience, security researchers at IBM’s Security X-Force Incident Response team have discerned a predictable pattern that ransomware attacks follow. IBM researchers utilized this predictable pattern to break down a ransomware attack into five stages: Initial Access, Post-Exploitation, Understand and Expand, Data Collection and Exfiltration, and Ransomware Deployment. Initial access is gained most commonly through phishing or vulnerability exploitation.
The malware family BazarLoader has new tricks up its sleeves. The data theft motivated threat actors have updated BazarLoader’s delivery methods used to gain access to a victim’s network or device. BazarLoader’s new tactics include convincing victims to download compromised software installers such as TeamViewer, and delivering malware by exploiting ISO files. Experts believe these new delivery methods are likely an attempt to evade detection. Additionally, BazarLoader is known to be used for initial access by prominent ransomware families such as Conti.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Alerts, Updates, and Bulletins:
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
