The following posts are useful for general awareness of current threats, vulnerabilities, guidance, and other security-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Veeam has released its 2023 Ransomware Trends Report which, among its many findings, states that in 93 percent of attacks, threat actors target an organization’s backup files. This targeting is generally successful, disrupting the victim’s ability to recover 75 percent of the time. These results underline the critical importance of robust backup procedures in mitigating ransomware due to the importance attackers place on negating them.
Infosecurity Magazine has written an article discussing threat actors increasing use of password-protected files as an attack vector, while also providing methods to mitigate against this threat activity. This technique has become an increasingly popular way of delivering malware, as it allows threat actors to utilize filesharing channels beyond email, such as SMS, workplace collaboration tools, or social media messaging, to drop payloads.
The Canadian Centre for Cyber Security (CCCS) continues to publish cybersecurity guidance documents that offer practical cyber hygiene best practices and enterprise preparedness and resilience resources. WaterISAC is sharing these resources to assist network defenders and help strengthen their cybersecurity posture. Members are encouraged to reference CCCS for on-going guidance publications and updates.
June 1, 2023
Threat actors have recently been observed utilizing encrypted attachments sent via compromised Microsoft 365 accounts to steal Microsoft credentials in targeted phishing attacks designed to evade detection by email security gateways, according to security researchers at Trustwave.
Researchers at Trend Micro posted a blog analyzing security risks emanating from recent activity by Google which created Top-Level Domains (TLDs) that are mostly known for being well-known file extensions. There has been some debate among the security community on whether concerns over this action are warranted. Nonetheless, members are encouraged to share this development with users who might be quick to click.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Alerts, Updates, and Bulletins:
Proofpoint published its 2022 Cost of Insider Threats Global Report analyzing costs of a wide variety of insider threat risks. On average, an insider threat incident cost $484,931 in 2022 and takes 85 days to contain, both major impacts to small and medium businesses. Furthermore, 56 percent of those incidents occur simply due to employee or third party negligence or carelessness, instead of any malicious behavior.
Symantec shared an analysis report discussing a new ransomware operation called Buhti that appears to be leveraging leaked code of popular ransomware families, most notably LockBit and the defunct, Babuk. The threat actor (Blacktail) behind the campaign doesn’t appear to be linked to any other groups. Additionally, Buhti appears to have developed a custom tool for searching and exfiltrating data and archiving specified file types.
Barracuda recently detected a zero-day vulnerability in its Email Security Gateway appliance (ESG). Successful exploitation of the vulnerability could have provided threat actors with unauthorized access to a subset of email gateway appliances. According to Barracuda, “the vulnerability existed in a module which initially screens the attachments of incoming emails. No other Barracuda products, including our SaaS email security services, were subject to this vulnerability.”
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
