In the latest development for the LockBit 2.0 ransomware (discussed by WaterISAC in last Thursday’s Security & Resilience Update), its operators are actively recruiting corporate insiders to help them breach and encrypt networks. In return, the insider is promised a million-dollar payout.
The Cybersecurity and Infrastructure Security Agency (CISA) has published a series of resources designed to help critical infrastructure organizations reduce internet attack surfaces that are visible to anyone on web-based search platforms. CISA calls this program “Get your Stuff Off Search” and focuses much of its attention on the risks posed to exposed industrial control systems and the potential for impacts to public safety, human life, and national security.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Alerts, Updates, and Bulletins:
SentinelOne analyzed the malware used to bring the Iranian Railway to a screeching halt on July 9, 2021. Based on clues within the code, researchers have dubbed this newly discovered wiper malware “MeteorExpress.” WaterISAC is sharing this incident for awareness given the potential for similar attacks against other types of critical infrastructure in all parts of the world. Check out SentinelOne for details.
With ransomware being top of mind and a top cyber attack technique, organizations across all business types and sectors are paying attention. The inception of the Ransomware Task Force and other government efforts such as the StopRansomware webpage demonstrate the commitment by industry and government to help organizations build security and resiliency against this virulent threat.
The Cybersecurity and Infrastructure Security Agency (CISA) has released the latest version of a report from its Information and Communications Technology Supply Chain Risk Management Task Force, adding information on impacts and mitigating controls for threat scenarios provided in the original report published in February 2020. The additional material is included in Appendix C, Threat Scenarios.
The National Security Agency (NSA) has released an information sheet with guidance on securing wireless devices while in public. This information sheet provides information on malicious techniques used by cyber actors to target wireless devices and ways to protect against it.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
As if ransomware distribution wasn’t effective enough, LockBit 2.0 reportedly has a new feature to keep an eye on. According to researchers, a new version of LockBit 2.0 leverages Active Directory group policies to automate the encryption process. Once actors have gained control of a domain controller, they deploy group policies to:
A Joint Cybersecurity Advisory on the Top Routinely Exploited Vulnerabilities (AA21-209A) was released yesterday. The advisory, coauthored by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Australian Cyber Security Centre (ACSC), the United Kingdom’s National Cyber Security Centre (NCSC), and the U.S.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
