The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
by Andrew Hildick-Smith
Attention: If the EPA or your primacy agency asks you to validate your basic Public Water Supply (PWS) system information, look extremely closely to the email and validate/verify the request is legitimate BEFORE you respond. Please view the attachment for screenshots of the actual phishing messages so you can spot and report similar scams.
What Happened?
Security researchers are warning defenders to be aware of ‘DarkTortilla’ which several threat actors are using to deliver a wide range of information stealers, remote-access Trojans (RATs), and other malicious payloads. DarkTortilla was first observed by researchers in October 2021, but they believe it has been active since at least 2015. Similar to other malware, threat actors are distributing DarkTortilla via spam emails with file attachments such as .ISO, .ZIP, and .IMG. In some instances, they have also used malicious documents to deliver the malware.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
USBs, those innocuous looking little portable storage devices, while useful in utility are still dangerous for utilities. These devices that are practical for transferring legitimate files and documents are equally functional for transferring malware into and out of production OT/ICS networks – including air-gapped environments. In the Honeywell Industrial Cybersecurity: USB Threat Report 2022, Honeywell’s Cybersecurity Global Analysis, Research, and Defense (GARD) team once again looked at the increasing threat caused by these modest devices.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
A new study from BlackBerry and Corvus Insurance examines the state of cyber insurance and offers recommendations for helping close the gaps in coverage affecting organizations of all sizes. The study revealed many concerning gaps in cyber insurance. Only around one fifth of all businesses surveyed have cyber insurance coverage above the median ransomware demand of $600,000. Relatedly, among small and medium businesses (SMBs) with fewer than 1,500 employees, only fourteen percent have coverage limits above $600,000.
Ransomware attacks continue to be one of the most pernicious cyber threats organizations face today. A survey from the group CISOs Connect found that almost a quarter of all surveyed companies were impacted by ransomware attacks on more than one occasion. Consequently, some security researchers recommend conceptualizing ransomware defense on FEMA’s four phases of emergency management: mitigation, preparedness, response, and recovery.
by Jennifer Lyn Walker, Director of Infrastructure Cyber Defense
The U.K.’s National Cyber Security Center (NCSC) published a guidance highlighting how organizations can better secure their data in cloud environments. The NCSC emphasize its important to use a cloud provider that is secure by design and by default, and one where the provider helps your organization meet its security responsibilities.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
