Despite all the attention on ransomware, business email compromise (BEC) attacks remain the most financially impacting cyber threat facing the private sector. According to FBI data, in 2021 BEC attacks were responsible for the loss of $2.4 billion, in comparison to a loss of $49.2 million to ransomware attacks.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Alerts, Updates, and Bulletins:
According to the BBC, South Staffordshire PLC, the parent company of South Staffs Water and Cambridge Water, said it discovered its ransomware attackers (Cl0p/Clop) may have exfiltrated and potentially leaked bank details of its customers, although how many customers is currently unknown.
Last week, security researchers warned that the Black Basta ransomware gang is utilizing Qakbot malware as part of an aggressive and widespread campaign targeting U.S.-based organizations. Black Basta ransomware first became operational in April 2022 and since then it has become one of the most prolific Ransomware-as-a-Service (RaaS) groups.
With the FIFA World Cup in full swing, threat actors are seeking to exploit unsuspecting fans with a range of tactics to steal credentials, personal identifiable information (PII), and money. Scammers are employing social engineering tactics including phishing, fake apps, and malicious merchandising sites spoofing the branding of the FIFA World Cup in Qatar to target fans. The cybersecurity firm Group-IB observed more than 16,000 scam domains and 40 malicious apps in the Google Play store that were using FIFA World Cup 2022 branding to lure users.
The U.S. government, via the Federal Communications Commission (FCC), recently banned the sale of equipment from Chinese telecommunications and video surveillance vendors Huawei, ZTE, Hytera, Hikvision, and Dahua due to “unacceptable risks to national security.” Last week, the FCC adopted new rules prohibiting the aforementioned communications equipment being authorized for importation or sale in the country.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
DEV-0569, a threat group/actor that Microsoft is tracking has become quite nimble in its tactics, which includes the deployment of Royal ransomware and other malicious payloads. According to Microsoft, DEV-0569 attacks show a pattern of continuous innovation, with regular incorporation of new discovery techniques, defense evasion, and various post-compromise payloads, alongside increasing ransomware facilitation. Current behaviors currently attributed to DEV-0569 include, but are not limited to:
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
As the holiday shopping season approaches everyone should be on the lookout for holiday shopping scams. Be aware of those “too good to be true” spam and scams from suspicious sites, phishing emails, or online ads offering items at inconceivable discounts. Threat actors have gotten good at disguising their campaigns to fit in with the legitimate messages and use the hustle and bustle of the shopping season to hope we don’t notice their scams.
To safely shop online, remember:
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
