Summary: According to Waterfall Security’s 2024 Threat Report “OT Cyberattacks with Physical Consequences”, the overall number of cyber attacks that caused physical consequences for OT organizations was lower in 2024 than in 2023. However, attacks targeting North America’s water and wastewater sector surged in both frequency and severity over the same period.
Summary: Recent research by Check Point indicates that cyber attacks on the energy and utilities sector, including water, in North America have increased significantly. Thus far in 2025, there has been an 89% rise in weekly attack attempts per organization compared to the same time period last year.
The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure Resilience
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS security advisories, along with additional alerts, updates, and bulletins:
ICS Advisories:
Summary: A popular third-party GitHub Action, tj-actions/changed-files (tracked as CVE-2025-30066), was recently compromised. This GitHub Action is designed to detect which files have changed in a pull request or commit. The supply chain compromise allows for information disclosure of secrets including, but not limited to, valid access keys, GitHub Personal Access Tokens (PATs), npm tokens, and private RSA keys. This has been patched in v46.0.1.
Summary: In a recent article, Cloudflare brings awareness to the rampant issue of reusing passwords. According to Cloudflare, based on “observed traffic between September – November 2024, 41% of successful logins across websites protected by Cloudflare involve compromised passwords.”
Summary: CISA is hosting a training course titled “Navigating the Storm - Understanding, Detecting, and Mitigating PRC LOTL Techniques in Critical Infrastructure Training Course.” The two-hour session will include presentations by CISA and the FBI and will help participants gain insights into the sophisticated methods used by PRC-actors to help them blend into legitimate network activities to avoid detection.
Summary: A new collaboration initiative called DEF CON Franklin has established a Cyber Volunteer Task Force for water that provides DEF CON technologist volunteers to critical infrastructure in need of cybersecurity help. The effort is being established between the Cyber Policy Initiative (CPI), DEF CON, and NRWA. It specifically targets water systems across the nation that are the most vulnerable and least protected from cyber threats.
The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure Resilience & OT/ICS Vulnerability Management
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS security advisories, along with additional alerts, updates, and bulletins:
ICS Advisories:
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
