The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure Resilience & OT Vulnerability Management
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS security advisories, along with additional alerts, updates, and bulletins:
ICS Advisories:
Additional Alerts, Updates, and Bulletins:
Yesterday, The FBI released a Private Industry Notification (PIN) to warn of a trend of compromised U.S. and Foreign government email addresses used to conduct fraudulent emergency data requests to U.S.-based organizations. The PIN notes that an increase of activity on criminal forums regarding the process of emergency data requests and sale of compromised credentials has led to an increased use of this threat. WaterISAC recommends members review the PIN and implement the recommended mitigations listed.
Last week, Microsoft warned of a spear-phishing threat by the Russian state-backed threat group known as Midnight Blizzard or APT29. “Since October 22, 2024, Microsoft Threat Intelligence has observed Russian threat actor Midnight Blizzard sending a series of highly targeted spear-phishing emails to individuals in government, academia, defense, non-governmental organizations, and other sectors” reads Microsoft’s threat blog.
Following a 5-year investigation into China-based cyber threats targeting critical infrastructure, Sophos researchers have attributed specific observed activity to Volt Typhoon, highlighting key behaviors in its Pacific Rim report. The report includes a summary of the adversary’s activity and key takeaways for defenders.
October 31, 2024
November is Critical Infrastructure Security and Resilience Month, a time when the entire nation is encouraged to take steps to reinforce these systems and be vigilant to threats that undermine collective security and economic prosperity.
The EPA Water Infrastructure & Cyber Resilience Division (WICRD) recently produced a factsheet entitled “Cyber Insurance for Drinking Water and Wastewater Systems.” The factsheet provides water systems with a simplified guide to assist in the selection of cyber insurance to protect them against computer-related crimes and losses.
The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure Resilience
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS security advisories, along with additional alerts, updates, and bulletins:
ICS Advisories:
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
