Cybersecurity

The Australian Cyber Security Centre (ACSC) has released its second annual report on key cyber threats and statistics from 2020–2021. The report underlines that threat actors have greatly exploited the pandemic environment, ransomware attacks saw a 15 percent increase over the past year, and around 25 percent of all reported cyber incidents were associated with critical infrastructure. WaterISAC encourages members to review the ACSC report more insights and observations.

As cybersecurity threats continue to proliferate in today’s increasingly interconnected world, it is imperative to generate new strategies for confronting this dynamic threat. For example, before crafting new cyber policies, it is important to understand the bottlenecks impacting your current cybersecurity practices. Likewise, cyber defense isn’t always about technology controls and strategies. Sometimes it may be necessary to address our cultural mindsets from being reactive to proactive through cooperation, communication, and initiative.

Prior to this publishing, you may already be aware of the recent Apple security updates released to patch against exploits being attributed to the NSO Group’s Pegasus spyware. According to CitizenLab, the exploit, dubbed FORCEDENTRY has been leveraged since at least February 2021 and is tracked as CVE-2021-30860. CitizenLab describes FORCEDENTRY as a zero-day, zero-click exploit against iMessage that could lead to arbitrary code execution by processing a maliciously crafted PDF. Reuters states it more plainly as, the vulnerability lies in how iMessage automatically renders images.

Attention: If your utility uses Fortinet FortiOS SSL VPNs, you are encouraged to review this activity and address accordingly, especially if you haven’t applied security updates since 2018. WaterISAC has previously advised members of active exploitation of the vulnerability referenced in this post (CVE-2018-13379) and urged members to address older patches for Fortinet devices – see (Fortinet