Many know Joe Weiss as a passionate proponent of ICS cybersecurity for control system process/sensor (level 0,1) devices. In this recent post he offers several points worthy of consideration on the importance of technology to monitor sensors. The discussion includes multiple water system examples. Read more at Control Global.
While some water and wastewater utilities are able to maintain strict separation between OT and IT networks and the internet, that is not the reality for all. Credential leaks, credential reuse across sites, services, and systems, along with the ability to discover internet accessible and insecure control systems through open source search engines such as Shodan and Censys provide threat actors with plenty of opportunity to gain remote access to OT systems.
Today Jen Easterly was sworn in as director of the Cybersecurity and Infrastructure Security Agency (CISA), following the Senate’s unanimous approval of her in a confirmation vote yesterday. She takes over leading the agency from CISA Executive Director Brandon Wales, who has served as acting director since November.
Microsoft identified a new zero-day vulnerability (tracked as CVE-2021-35211) impacting SolarWinds Serv-U Managed File Transfer and Serv-U Secure FTP products – this vulnerability is not related to SUNBURST. The Serv-U vulnerability enables remote code execution (RCE) with privileges following successful exploitation.
The U.S. Department of Homeland Security Cybersecurity and Information Security Agency (CISA) released its Analysis of FY20 Risk and Vulnerability Assessments along with an infographic mapping from 37 of its Risk and Vulnerability Assessments (RVAs) conducted in Fiscal Year 2020 to the MITRE ATT&CK® Framework. The report identifies routinely successful attack paths CISA observed during RVAs conducted across multiple sectors.
Based on its extensive visibility into OT environments, TrendMicro recently released a report highlighting the threats to ICS endpoints. The 2020 Report: ICS Endpoints as Starting Points for Threats shares the status of global industrial systems in terms of security against both known and new threats that hound ICS endpoints. TrendMicro looked at the data from ICS endpoints that are part of the IT/OT network, specifically industrial automation suites and Engineering Workstations.
Microsoft has detected recent limited activity emanating from the threat tracked as Nobelium which was originally responsible for the compromise of SolarWinds Orion in December. According to Microsoft, this recent activity was targeted at specific customers, primarily IT companies (57%), followed by government (20%). Microsoft is contacting all customers that were compromised or targeted through its nation-state notification process.
Proofpoint BEC Taxonomy Series: Lures and Tasks (Part 5)
So much from MITRE, so little time!! The NSA has announced plans to fund the development of a new MITRE project called D3FEND. The goal of D3FEND is to provide a knowledge base of defensive countermeasures and their relationships to offensive/adversary techniques. D3FEND has a similar look and feel, and is a complement to the MITRE ATT&CK® Framework knowledgebase of cyber adversary behavior.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
