Threat actors continue leveraging the U.S. tax season across multiple campaigns to scam unsuspecting victims. Last week, WaterISAC reported on a tax-themed phishing campaign that led to Emotet infections.
There is no doubt that some threat actors possess the tradecraft to break directly into ICS/OT networks by exploiting vulnerabilities. Likewise, some actors simply stumble upon the opportunity, typically via unsecured internet accessible devices. However, more frequently, initial access to ICS/OT networks is obtained from a third vector that we may place a little too much trust in.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
The FBI’s Internet Crime Complaint Center (IC3) published its 2021 Internet Crime Report. The project draws data from 847,376 complaints of suspected internet crime reported to the FBI. Reports in 2021 represent a 7 percent increase in complaints from the 2020 report with reported losses exceeding $6.9 billion. The top three cyber crimes reported by victims in 2021 were phishing scams, non-payment/non-delivery scams, and personal data breaches. Victims lost the most money to business email compromise scams and investment fraud.
In a follow up to White House statements on Monday, March 21, 2022 regarding evolving intelligence, the Cybersecurity and Infrastructure Security Agency (CISA) convened an unclassified call on Tuesday to address observed Russian Government preparatory cyber activity against the U.S.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Alerts, Updates, and Bulletins:
Multiple statements emanated from the White House yesterday regarding evolving intelligence that the Russian government is exploring options for potential cyber attacks and that preparatory actions have been observed against U.S. critical infrastructure. WaterISAC posted and distributed an advisory, Update from the White House – Act Now to Protect Against Potential Cyber Attacks, shortly after the initial White House release.
The cybercriminal group Lapsus$ claims to have successfully compromised Microsoft’s internal Azure DevOps server and stolen source code for Bing, Cortana virtual assistant, and other projects. Yesterday, the threat actors leaked around 40 Gb of data stolen from Microsoft and claimed to have targeted LGE corporation and identity and access management company Okta. Lapsus$ is a data extortion cyber group that compromises business networks to steal source code, customer lists, databases, and other valuable data.
The infamous malware botnet Emotet continues to resurge and propagate through persistent scams. Recently, Emotet was observed in a campaign leveraging tax season themed lures and impersonating the IRS to trick victims into downloading the malicious botnet. In these new campaigns, Emotet threat actors send out supposed “tax documents” for recipients to view or fill out and return to the sender.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
