In a report by Egress, researchers found that human-generated phishing campaigns are getting harder to detect, with a 24.4% increase in obfuscation techniques integrated into over half (55%) of phishing emails in 2023. These techniques have also grown in sophistication, with almost half (47%) of phishing threat actors deploying two obfuscation layers, while less than one-third (31%) use only one technique.
In a recent report from Forbes, the nation's cybersecurity was in a tight spot when Congress passed a bill to keep the government running for the next 45 days. A government shutdown could have caused problems for many government functions, including those responsible for protecting the country from cyberattacks. Depending on how long the shutdown lasted, it could have led to a crisis for companies and organizations across the country.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Products are used across multiple sectors, please check these latest advisories for specific equipment used across your ICS environments and address accordingly.
Alerts, Updates, and Bulletins:
The National Security Agency (NSA) has released the Cybersecurity Information Sheet (CSI) “Procurement and Acceptance Testing Guide for Servers, Laptops, and Desktop Computers,” encouraging U.S. government departments and agencies operating National Security Systems (NSS) to implement a robust supply chain risk management strategy.
WaterISAC regularly provides awareness of recent CISA reporting. While direct relevance to your utility/organization on the details of each report may vary, activity alerts like this are practical for general awareness and greater understanding of active threats and adversary capabilities.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
The Cybersecurity and Infrastructure Security Agency (CISA) has announced the launch of “Secure Our World,” a nationwide cybersecurity public awareness campaign to educate all Americans on how to stay safe online.
Bleeping Computer has written an article discussing the ZeroFont phishing technique and its implications for network defense.
The following posts are useful for general awareness of current threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
ICS/OT/SCADA Threats & Vulnerabilities
The cost of an insider threat compromising an organization is at the highest it’s ever been, according to a recent report from the cybersecurity firm DTEX Systems. The report also found organizations are spending more time to recover from an insider threat incident.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
