On Tuesday, Google took significant steps to disrupt and degrade the Glupteba botnet, which now controls over 1 million Windows PCs worldwide. Glupteba is a blockchain-enabled modular malware that has targeted Windows devices globally since at least 2011. Threat actors can then use the infected devices for malign purposes, such as stealing credentials or personally identifiable information.
The cybersecurity firm G DATA just released a vaccine for the STOP ransomware variant. This decryption tool is notable given that STOP ransomware is one of the most active ransomware variants in the wild that no one talks about. In fact, of the thousands of ID Ransomware submissions received every day, during active ransomware periods, 60 to 70 percent are STOP ransomware submissions. The vaccine does not prevent an initial infection of the ransomware.
Last week, WaterISAC shared a use case about the recent plan of the East Cherry Creek Valley Water and Sanitation District to upgrade its PLCs, RTUs, radios, SCADA system—and cybersecurity—in its water treatment system.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
The holidays are many peoples’ favorite time of year, this is especially true for scammers. This year’s holiday season is no different, with scam campaigns looking to trick you into providing confidential information. Thus, in the spirit of holiday sharing, WaterISAC is highlighting three current scams for our members’ awareness.
New research from Trend Micro sheds light on the potential factors behind the recent surge in ransomware attacks, namely, cyber-criminal marketplaces offering initial access to threat actors. Over the past two years, demand for initial access has grown so much that many dark web markets now have a dedicated “Access-as-a-Service” section. The researchers divided access brokers into three categories: opportunistic sellers, dedicated brokers whose services are often used by smaller ransomware groups, and online shops that provide RDP and VPN credentials.
A small electric cooperative was the apparent victim of a ransomware attack that caused significant disruption and damage last month. On November 7, Delta-Montrose Electric Association (DMEA) discovered a breach on its internal enterprise network. As a result of the attack, the utility lost 90 percent of its enterprise network functions and large amounts of data, including saved documents and spreadsheets.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Amid greater adoption of anti-phishing software and increased awareness of phishing scams, threat actors are increasingly incorporating low-tech phone scams to spoof unknowing victims. A recent campaign involves emailing fake Amazon and Apple invoices informing recipients they have just purchased a very expensive item. The recipients are prompted to call a number in the email if they wish to get refund – a ploy that has a great deal of success as victims hastily want to stop/prevent a high-dollar charge.
The nefarious Emotet malware, which recently reappeared, continues to evolve its propagation methods. The malware is now being delivered by malicious Windows App Installer packages that profess to be Adobe PDF software. WaterISAC previously reported on the reemergence of this malware that spreads via phishing emails and malicious attachments, and often leads to ransomware attacks.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
