The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure
CISA published guidance today pertaining to organizations transitioning from an on-premises identity management solution to one that utilizes the cloud, more specifically, when organizations decide to leverage a “hybrid” solution. CISA explains that when organizations leverage cloud solutions and attempt to integrate them with on-premises systems, identity management can be significantly more complex. On-premises identity management solutions need to securely and efficiently integrate with those applied in the cloud to achieve interoperability.
Recent analysis from Darktrace has emphasized the importance of reminding users that malicious emails often look like they are sent from legitimate sources. In this case, a recent phishing campaign leveraged legitimate Dropbox infrastructure and bypassed multifactor authentication (MFA) allowing attackers to access sensitive information. Slightly more surprising than usual, these attackers sent reminder emails to the victims to access the previously shared pdf.
In an announcement made Friday on its company blog, Microsoft shared an update regarding the nation-state attack that the Microsoft Security Team detected on January, 12. As was shared then, this was an attack by the Russian SVR state-sponsored group that Microsoft tracks as Midnight Blizzard (also known as APT29, NOBELIUM, CozyBear, and UNC452) which was focused on Microsoft’s corporate email systems.
CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – March 12, 2024
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
A recent post at DarkReading, The Ongoing Struggle to Protect PLCs (pardon the author’s reference to “Stuxnet”) on the vulnerability of PLCs has prompted a reminder that PLCs don’t have to stay woefully insecure. The author generally reviews the challenges that have plagued PLCs and lightly discusses “best practices” toward resilience.
The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure
Threat actors have been observed using fake Zoom and Google Meet invites to distribute remote access trojans (RATs) to users of Windows devices. The attackers have created false websites that impersonate both Zoom and Google Meet to lure and deceive victims into unknowingly downloading RATs.
The FBI’s Internet Crime Complaint Center (IC3) released its 2023 Internet Crime Report. The report tracked complaints from over 880,000 sources and a record number of potential losses exceeding $12.5 billion. This represents a nearly 10% increase in complaints received and a 22% increase in losses suffered, compared to the previous year. Investment scams were the costliest type of online crime tracked by IC3, which rose by 38% and totaled $4.57 billion.
CISA and the NSA released five joint Cybersecurity Information Sheets (CSIs) to provide organizations with recommended best practices and/or mitigations to improve the security of their cloud environment(s).
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
