Cybersecurity

In a groundbreaking effort to help “safeguard civilization,” WaterISAC is honored to partner with the new Dragos OT-CERT (Operational Technology – Cyber Emergency Readiness Team).

The FBI has published a Public Service Announcement (PSA) warning the public of fraudulent schemes seeking donations or other financial assistance related to the war in Ukraine. According to the PSA, “criminal actors are taking advantage of the crisis in Ukraine by posing as Ukrainian entities needing humanitarian aid or developing fundraising efforts, including monetary and cryptocurrency donations.” Taking advantage of crises to scam unwitting individuals is nothing new, but its important to be aware of these schemes as fraudsters develop more sophisticated scams to steal money.

Traditional ransomware impacts data – data availability, data confidentiality, and even data integrity. The targets of traditional ransomware are often IT devices and the recovery method is typically a restore from backup (or rebuild). While annoying and inconvenient, it’s not usually an operations impacting event – Colonial Pipeline notwithstanding. However, as ransomware groups continue evolving their tradecraft and capabilities, anything is possible.

The FBI has published a TLP:WHITE Private Industry Notification (PIN) warning that compromised U.S. academic credentials are being advertised for sale on online criminal marketplaces. Credential harvesting against an entity is often a consequence of spear-phishing, ransomware, or other cyber intrusion tactics. According to the FBI, “The exposure of usernames and passwords can lead to brute force credential stuffing computer network attacks, whereby attackers attempt logins across various internet sites or exploit them for subsequent cyber attacks” such as the deployment of ransomware.