An increasing number of ransomware gangs are embracing a new tactic that allows them to encrypt their victims' systems faster while reducing the odds of being detected, according to a new report from SentinelLabs. This tactic is known as intermittent encryption and involves encrypting only portions of the targeted files' content, which still renders the data unrecoverable without a valid decryptor+key.
The North Korean sponsored advanced persistent threat (APT) Lazarus Group has been targeting energy providers across the world since February 2022 and employing new malware in their attacks, according to security researchers at Cisco Talos. Lazarus Group threat actors gain initial access via the exploitation of the Log4j vulnerability on exposed VMware Horizon servers. After gaining initial access, the attackers establish persistence on the victim networks’, conduct lateral movement, and deploy malware.
Understanding all the systems and devices that make up your organization’s network is a critical first step in establishing a cyber risk management strategy. Since you cannot defend or secure what you do not know you have, performing asset inventories to gain network visibility is critical for all organizations large and small. According to Tenable, organizations that have full network visibility “are better positioned to understand where the greatest risks are within their environment and start taking the necessary steps to mitigate risk where it matters most.”
More than half of companies surveyed worldwide know a partner or vendor that has been impacted by ransomware. Still, few organizations are working to address supply chain vulnerabilities, according to a new report from Trend Micro. To conduct its study, Trend Micro survey around 3000 IT leaders across 26 countries. Among other findings, the report discovered that around 25 percent of all data breaches are due to ransomware.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Alerts, Updates, and Bulletins:
A reverse-proxy Phishing-as-a-Service (PaaS) toolkit, dubbed EvilProxy, is being advertised on cybercriminal marketplaces. EvilProxy provides threat actors with the means to bypass multi-factor authentication (MFA) on Apple, Google, Microsoft, and other prominent web applications.
Security researchers at Armorblox observed a recent phishing campaign utilizing a very convincing brand impersonation of American Express to fool victims and steal credentials. The phish includes an attachment purporting to be an urgent message informing the recipient that their account will be suspended unless they perform a mandatory account verification.
Quickly identifying a cyber threat and mitigating it can mean the difference between thousands or millions lost due to operational disruptions. Decreasing mean time to detect (MTTD) threats is a goal for every organization for increasing overall cybersecurity posture.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
The number of zero-day vulnerabilities is increasing and heightening the risk to organizations of a potential compromise. Indeed, according to a report from Mandiant, the amount of zero-days being exploited in the wild in 2021 increased by more than 100 percent compared to the previous year. State-sponsored attackers continue to be the main actor exploiting these vulnerabilities. However, a third of adversaries abusing zero-days were financially motivated cybercriminals. The most frequent zero-day exploits included Microsoft, Apple, and Google products.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
