Throughout 2023 the U.S. federal government launched several notable initiatives to help strengthen cybersecurity at the federal level and help organizations of all sizes enhance their cybersecurity and resilience amidst increasing threats.
Ransomware attacks used to be a fairly noisy and obvious attack as malware executed and countless files and their backups were rendered inaccessible either through encryption or deletion. This activity would light up alerts and security solutions like a Christmas tree or New Year’s fireworks. However, during 2023 many ransomware groups have been forgoing the file encryption and deletion phases while they tip-toe around our networks, silently lurking and establishing a foothold.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
CISA Releases Two Industrial Control Systems Advisories
Products are used across multiple sectors, please check these latest advisories for specific equipment used across your ICS environments and address accordingly.
The following posts are useful for general awareness of current threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure Resilience, Vulnerabilities, Threats & Incidents
According to reports, Ukraine allegedly compromised Rosvodokanal, one of Russia’s largest private companies, and seized 1.5TB of data. The operation is believed to be carried out by the Ukrainian attack group Blackjack and part of continued cyberwarfare between Ukraine and Russia. The Interfax-Ukraine news agency stated that the Ukrainian attackers encrypted 6,000 computers and deleted more than 50TB of data, including internal document management system, corporate emails, cyber protection services, and backups.
Researchers disclosed details on two security vulnerabilities in Microsoft Outlook this week, which, when chained together, provide attackers a means to run any code or command on a computer system without restrictions. The vulnerabilities mentioned in the article can be exploited when a victim simply clicks on or opens a file, such as a sound file.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
As part of CISA’s new Security by Design (SbD) Alert series, the agency published guidance on how manufacturers can protect customers by eliminating default passwords. The development comes after CISA sent out an alert earlier this month, stating Iranian actors affiliated with the Islamic Revolutionary Guard Corps have been actively exploiting operational technology devices with default passwords to gain access to critical infrastructure systems in the U.S.
As more sites and services offer and require multi-factor authentication (MFA), cyber threat actors have turned to various methods to bypass this additional protection. From these attempts, actual account holders may receive unprompted one-time passcodes (OTPs). Receiving an OTP sent as an email or text should be a cause for concern as it likely means the account holder's credentials have been stolen, but there are steps to take to stop the activity in its tracks.
In response to an increase in cyber attacks to supply chains over the past five years, including targeted attacks of software supply chains, the National Security Agency (NSA) published a new Cybersecurity Information Sheet (CSI), “Recommendations for Software Bill of Materials (SBOM) Management.” This CSI provides network owners and operators with guidance for incorporating SBOM use to help protect the cybersecurity supply chain.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
