Cybersecurity

CISA has published an advisory on an uncontrolled resource consumption vulnerability in WAGO Series 750-88x and 750-352. A series of firmware versions prior to FW11 are affected. Successful exploitation of this vulnerability could allow an attacker to crash the device being accessed using a denial-of-service attack. WAGO recommends updating to the latest firmware, Version FW14. It also recommends other mitigations and workarounds to help reduce the risk. CISA also recommends a series of measures to mitigate the vulnerability.

The National Council of ISACs (NCI), of which WaterISAC is a member, has published a report describing how criminal organizations conduct ransomware operations and their impact to society. The report provides a thorough background of ransomware, to include providing descriptions of how ransomware infections occur and offering key statistics. One of these statistics is an estimate from the FBI that there are 4,000 ransomware attacks every day, equating to a ransomware attack every 40 seconds.

The U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) has published a TLP:WHITE Malware Analysis Report (MAR) regarding a malware variant known as Zebrocy. According to the MAR, this malware has been used by a sophisticated cyber actor. This MAR is being distributed to enable network defense and reduced exposure to malicious activity.

Perhaps we’re bias, but the adage, “cybersecurity is a shared responsibility,” seems to aptly embody information sharing more than anything else. Information sharing and collaboration takes many forms. From Information Sharing & Analysis Centers/Organizations (ISACs/ISAOs) - like WaterISAC - to regional and local collaboration groups, and even trusted one-on-one interactions, sharing threat information (across all-hazards) is imperative for the security and resilience of any organization, sector, community, region, or nation.