Yesterday, the National Security Agency (NSA) released Cybersecurity Advisory (CSA), Protecting VSAT Communications. VSAT (very small aperture terminal) networks are largely used for remote communications when other options are not feasible.
Today, the water sector, EPA and the White House National Security Council announced the launch of the Industrial Control Systems Cybersecurity Initiative – Water and Wastewater Sector Action Plan - a 100-day “surge” to investigate the pros and cons of utilities implementing industrial control system (ICS) monitoring and sharing monitoring results with the Cybersecurity and Infrastructure Security Agency (CISA).
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Alerts, Updates, and Bulletins:
The FBI has published a TLP:WHITE Private Industry Notification (PIN) providing context and recommendations to protect against malicious activity by Iranian cyber group Emennet Pasargad. While some of the Emennet’s most notable cyber activities have involved information operations, particularly election interference activities, it has also conducted traditional cyber exploitation activity targeting several sectors, including oil and petrochemical, financial, and telecommunications, in the U.S., Europe, and the Middle East.
A new report by the Identify Theft Resource Center (ITRC) reveals that data compromises are greatly increasing. The report recorded 1,862 data compromises in 2021, up more than 68 percent compared to 2020. Utilities and manufacturers witnessed a 217 percent increase in data compromise in 2021 compared to the previous year. While phishing was the number one cause of data compromises, ransomware related data breaches have doubled every year for the past two years.
Threat actors continue abusing Microsoft Office products to fool unsuspecting individuals and to inject malware onto victims’ devices. Since December, threat actors have been sending mass phishing attacks with Excel files that deceive victims into downloading Emotet onto their systems. After victims open the Excel file, it prompts them to enable macros which subsequently downloads Emotet and enables other malicious activity.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Alerts, Updates, and Bulletins:
Ransomware threat actors continue to terrorize organizations across the world and when one group is shutdown another seemingly appears. It’s no surprise that last year saw a lot of ransomware activity. According to Digital Shadows, in the last quarter of 2021 there were 781 ransomware victims reported on data-leakage sites, a 37 percent increase compared to the previous quarter. The U.S. was the most targeted country with over 300 attacks.
During 2021, Kaspersky noticed a curious anomaly in statistics on spyware threats blocked on ICS computers – computers which could include HMIs, SCADA systems, historians, data gateways, engineering workstations, computers used for the administration of industrial networks, and devices used to develop software for industrial systems. In its research, they identified more than 2,000 industrial organizations worldwide have been incorporated into the malicious infrastructure and used by cyber gangs to spread the attack to their contact organizations and business partners.
The FBI has published a TLP:WHITE FLASH providing indicators of compromise associated with Diavol ransomware. The FLASH indicates that Diavol ransomware threat actors, first observed in October 2021, are associated with the Trickbot Group, who utilize the Trickbot Banking Trojan. According to the FBI, “Diavol encrypts files solely using an RSA encryption key, and its code is capable of prioritizing file types to encrypt based on a pre-configured list of extensions defined by the attacker.” Ransomware demands have ranged in price from $10,000 to $500,000.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
