It’s been two years since the ransomware attack on the Colonial Pipeline, which many observers view as a watershed moment in cybersecurity. While many positive strides have been made since the attack, which CISA details in a recent blog post, other analysts argue the threat from ransomware is still growing and impacting critical infrastructure organizations.
WaterISAC regularly provides awareness of recent CISA reporting. While direct relevance to your utility/organization on the details of each report may vary, activity alerts like this are practical for general awareness of active threats and adversary capabilities.
Security researchers at Cofense recently observed credential phishing campaigns that use a novel deception technique, directing victims to a voice recording that lures them into a false sense of security after they’ve provided their Microsoft credentials.
Microsoft announced the implementation of number matching for push notifications via Microsoft Authenticator in an effort to counter the increasing prevalence of multi-factor authentication (MFA) fatigue attacks.
CyberScoop has written an article discussing federal concerns over victims’ reluctance to report ransomware attacks to the broader community, as outlined in the Institute for Security and Technology’s Ransomware Task Force May 2023 Progress Report. The FBI and Justice Department have stated that only 20% of victims report if they’ve been infected.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Alerts, Updates, and Bulletins:
Commodity malware continues to plague businesses and the threat actors employing them are utilizing a diverse toolset of tactics, techniques, and procedures in order to proliferate the malware, such as IcedID and Qbot/Qakbot, and compromise more victims.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Alerts, Updates, and Bulletins:
The Chromium Project has posted a blog announcing the removal of the lock symbol used to represent whether a page is utilizing HTTPS in Chrome. The project’s reasoning behind this change is that HTTPS has become such a ubiquitous protocol that the purpose of the lock to signify whether a page is secure has become redundant.
Security Week has written an article covering the Superior Court of New Jersey Appellate Division’s ruling in favor of Merck in the company’s $1.4 billion claim against insurers for the fallout of the NotPetya attack it suffered in 2017. Insurers argued that the property insurance offered to Merck had a war exclusion clause that was “clear and unambiguous, and it plainly applies to the NotPetya attack.”
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
