Cybersecurity

Threat Awareness – Microsoft Warns of Increased BEC Attack Tactics via File Hosting Services

Microsoft has recently observed more attack campaigns misusing file hosting services and which are increasingly using defense evasion tactics involving files with restricted access and view-only restrictions. They issued a warning in their threat intelligence blog on Tuesday, explaining that these attacks are intended to compromise identities and devices, and usually lead to further business email compromise (BEC) attacks.

Read more about Threat Awareness – Microsoft Warns of Increased BEC Attack Tactics via File Hosting Services

Supplemental Cyber Highlights – October 10, 2024

The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.

Critical Infrastructure Resilience & OT Vulnerability Management

Read more about Supplemental Cyber Highlights – October 10, 2024

CISA ICS Advisories, Additional Alerts, Updates, and Bulletins – October 10, 2024

The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS security advisories, along with additional alerts, updates, and bulletins:

ICS Advisories:

Read more about CISA ICS Advisories, Additional Alerts, Updates, and Bulletins – October 10, 2024

Supplemental Cyber Highlights – October 8, 2024

Critical Infrastructure Resilience

Read more about Supplemental Cyber Highlights – October 8, 2024

OT/ICS Awareness – Password Attacks Observed on SCADA Network VPN Web Clients

The Colorado Information Analysis Center (CIAC) recently shared intelligence with WaterISAC regarding password attack activity targeting the SCADA networks of a water sector entity. WaterISAC is sharing this TLP:CLEAR report (attached below) for member awareness of targeted attacks in the water sector.

Read more about OT/ICS Awareness – Password Attacks Observed on SCADA Network VPN Web Clients

CISA ICS Advisories, Additional Alerts, Updates, and Bulletins – October 8, 2024

The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS security advisories, along with additional alerts, updates, and bulletins:

ICS Advisories:

There are no new ICS advisories to report

Additional Alerts, Updates, and Bulletins:

Read more about CISA ICS Advisories, Additional Alerts, Updates, and Bulletins – October 8, 2024

Threat Awareness – Shifting Phishing Techniques & Tips for Staying Safe

Phishing remains a significant and ever-evolving cybersecurity threat, with recent data showing a 28% rise in attacks between Q1 and Q2 of 2024. This trend highlights how persistent and evolving phishing tactics continue to be, impacting a staggering 94% of cybersecurity decision-makers in 2023.

Read more about Threat Awareness – Shifting Phishing Techniques & Tips for Staying Safe

Vulnerability Awareness – Understanding and Safeguarding Against the Critical CUPS Vulnerabilities

New high-severity vulnerabilities have been disclosed in the Common Unix Printing System (CUPS), an open-source printing system widely used on Unix-like print servers (see below for a list of affected operating systems), allowing attackers to gain entry and take control of devices remotely. WaterISAC is sharing for member awareness of actively exploited critical vulnerabilities that may impact your utility and urges system admins to take swift action to mitigate this threat to help protect against remote hijacking attacks, data theft, and other serious attacks.

Read more about Vulnerability Awareness – Understanding and Safeguarding Against the Critical CUPS Vulnerabilities

ICS/OT Cyber Resilience – Federal and International Partners Release Guidance on Principles of OT Cybersecurity for Critical Infrastructure Organizations

On Tuesday, CISA, the FBI, and the NSA joined eight international partners to publish a guide for critical infrastructure organizations called “Principles of Operational Technology Cyber Security”. The guidance is primarily for the water, energy, and transportation sectors and outlines six principles to be used in the creation of a safe and security-minded OT environment.

Read more about ICS/OT Cyber Resilience – Federal and International Partners Release Guidance on Principles of OT Cybersecurity for Critical Infrastructure Organizations

Supplemental Cyber Highlights – October 3, 2024

Critical Infrastructure Resilience

Read more about Supplemental Cyber Highlights – October 3, 2024

You are here

Cybersecurity

Threat Awareness – Microsoft Warns of Increased BEC Attack Tactics via File Hosting Services

Supplemental Cyber Highlights – October 10, 2024

CISA ICS Advisories, Additional Alerts, Updates, and Bulletins – October 10, 2024

Supplemental Cyber Highlights – October 8, 2024

OT/ICS Awareness – Password Attacks Observed on SCADA Network VPN Web Clients

CISA ICS Advisories, Additional Alerts, Updates, and Bulletins – October 8, 2024

Threat Awareness – Shifting Phishing Techniques & Tips for Staying Safe

Vulnerability Awareness – Understanding and Safeguarding Against the Critical CUPS Vulnerabilities

ICS/OT Cyber Resilience – Federal and International Partners Release Guidance on Principles of OT Cybersecurity for Critical Infrastructure Organizations

Supplemental Cyber Highlights – October 3, 2024

Pages

You are here

Cybersecurity

Pages

Footer Email Signup