The National Institute of Standards and Technology (NIST) has released two new guides to help address data integrity challenges poses by ransomware attacks and other “destructive” events, which include destructive malware. Organizations can use the first guide, SP 1800-25, to develop a strategy for identifying and protecting assets against one of these events.
Attackers are convincingly mimicking the ‘microsoft[.]com’ domain in a recent phishing campaign. In spite of Microsoft’s reported lack of email spoofing protection mechanisms such as DMARC (Domain-based Message Authentication, Reporting and Conformance), users need to be vigilant for emails appearing to come from Microsoft using a relatively new Microsoft 365 capability to review quarantined messages as a pretext to trick users into following the offered link.
Once considered a simple information stealing worm, Qakbot has evolved into one of the top quality malware droppers for many cyber attack campaigns. Following the likes of TrickBot, quirky Qakbot is often paired up with post compromise attack platforms such as Cobalt Strike.
ICS cybersecurity expert Joe Weiss thoughtfully revisits recent posts reflecting on the Aurora incident and others like it. Everyone who knows Joe, knows his passion regarding Aurora-type incidents and how engineering mishaps/failures can seem like (and have the same impact as) cyber attacks and vice versa. When is a failure due to a mechanical issue or a cyber attack – it takes both engineers and cyber analysts to properly investigate and determine.
While Egregor continues with recent attacks on Kmart, Metro Vancouver's transit system TransLink, and the Randstad staffing agency, Insikt Group researchers at Recorded Future publish a
The United Kingdom’s National Cyber Security Centre (NCSC) has released its Annual Review 2020, the fourth version of its yearly report that presents key developments and highlights. Throughout its report the NCSC comments on threats and trends that it responded to, oftentimes in collaboration with international partners. These include the U.S.’s Cybersecurity and Infrastructure Security Agency (CISA) and National Security Agency (NSA), which have released alerts and advisories with the NCSC throughout 2020.
The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) has published an advisory encouraging heightened awareness for potential malicious cyber activity from Iranian threat actors. The advisory states these actors continue to engage in offensive cyber activities that range from the conventional, including website defacement and distributed denial of service attacks, to the more advanced, such as destructive malware.
The Human Side of Incident Response
Anyone who has heard me (Jennifer Lyn Walker) speak (on the Cyber Threat Briefing, at a conference, or podcast) knows that I like to focus on the human side of cybersecurity. Therefore, it should come as no surprise that this post – Tackle the Human Side of Incident Response with SOAR and Threat Intelligence – by Flashpoint resonates with me.
Patching in the OT environment is a perpetual predicament, but passing over patches is permanently problematic. Simply ignoring a patch because it is impractical or impossible to implement is profoundly poor policy. So what are the preferred practices when patching isn’t possible? According to Verve Industrial, the options greatly depend on whether the system you intend to remediate has embedded vulnerabilities or a Windows/userspace application.
The FBI has published a Private Industry Notification (PIN) warning that cyber criminals are implementing auto-forwarding on victims’ web-based email clients to conceal their activities. As the PIN explains, the web-based client’s forwarding rules often do not sync with the desktop client, limiting the rules’ visibility to cybersecurity administrators. The cyber criminals then capitalize on this reduced visibility to increase the likelihood of a successful business email compromise (BEC).
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
