So much from MITRE, so little time!! The NSA has announced plans to fund the development of a new MITRE project called D3FEND. The goal of D3FEND is to provide a knowledge base of defensive countermeasures and their relationships to offensive/adversary techniques. D3FEND has a similar look and feel, and is a complement to the MITRE ATT&CK® Framework knowledgebase of cyber adversary behavior.
With much focus on ransomware in recent weeks, it seems prudent to continue including some of the more notable developments for awareness. Today’s roundup includes threats, incidents, musings, and recent response guidance resources.
Threats
With all of the attention on ransomware lately, we can’t forget about phishing. Given the propensity for phishing to be the leading attack vector resulting in compromises – including ransomware – organizations need to continuously review their defense in depth strategies to combat phishing. Perry Carpenter, Chief Evangelist and Strategy Officer at KnowBe4, reviews three key elements of a good phishing defense approach that includes: policies, procedures and documentation; technical defenses; and security awareness training.
From ransomware attacks to analysis of threats, we have more notables on ransomware activity plaguing the threat landscape. Understanding the behaviors and traits of ransomware groups helps us improve our defenses and not be sitting ducks.
There is still much being written and conjectured about ransomware this week, including response and preparedness. Paying or not paying continues to garner much attention. Here are a few of the notable musings.
WaterISAC is aware of several reports of threat actors leveraging multiple vulnerabilities to exploit unpatched systems in the water and wastewater sector. Members are encouraged to review and address the following vulnerability advisories and updates for products used within their environments.
There is still no shortage of ransomware posts this week. Here are a few of the more notables:
Cybersecurity is difficult to quantify into metrics, just ask any CISO. Furthermore, after a cyber attack, CEOs need to be prepared for whatever questioning comes their way. A recent post by Proofpoint examines some possible media questions and looks at what information CISOs can provide to senior leadership to help ensure they are able to deliver solid answers. Conversely, the endeavor to honestly answer these questions should also result in a more prepared and resilient organization, as these aren’t just talking points, but validated and confirmed adherence to best practices.
The much anticipated Top 20 Secure PLC Coding Practices was released today. This list is reportedly the brain-child of water sector veteran Jake Brodsky and was presented during an S4x20 Conference session. According to Dale Peterson, as this initiative was too important to slip away, he made it an official S4 project to organize and recruit engineers who could create a quality list. The coding practices are intended to be used by automation engineers and technicians that program and maintain PLCs.
According to a report by the Wall Street Journal (WSJ), Luma Energy LLC, Puerto Rico’s main power provider experienced a distributed denial-of-service (DDoS) attack targeting its customer portal and new mobile application on Thursday. The attack occurred hours before a fire broke out at a substation in San Juan. The fire caused blackouts for hundreds of thousands of residents. According to Luma, the fire and the cyberattack haven’t been linked.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
