The following posts are useful for general awareness of current threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
New evidence indicates the threat actor associated with the RomCom backdoor is not only motivated by financial gain but is increasingly targeting entities likely for geopolitical purposes. Security researchers at Trend Micro assess that the use of the RomCom backdoor in recent attacks, including on water and energy utilities, suggests the threat actor’s motives have changed since October 2022.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
The following posts are useful for general awareness of current threats, vulnerabilities, guidance, and other security-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Veeam has released its 2023 Ransomware Trends Report which, among its many findings, states that in 93 percent of attacks, threat actors target an organization’s backup files. This targeting is generally successful, disrupting the victim’s ability to recover 75 percent of the time. These results underline the critical importance of robust backup procedures in mitigating ransomware due to the importance attackers place on negating them.
Infosecurity Magazine has written an article discussing threat actors increasing use of password-protected files as an attack vector, while also providing methods to mitigate against this threat activity. This technique has become an increasingly popular way of delivering malware, as it allows threat actors to utilize filesharing channels beyond email, such as SMS, workplace collaboration tools, or social media messaging, to drop payloads.
The Canadian Centre for Cyber Security (CCCS) continues to publish cybersecurity guidance documents that offer practical cyber hygiene best practices and enterprise preparedness and resilience resources. WaterISAC is sharing these resources to assist network defenders and help strengthen their cybersecurity posture. Members are encouraged to reference CCCS for on-going guidance publications and updates.
June 1, 2023
Threat actors have recently been observed utilizing encrypted attachments sent via compromised Microsoft 365 accounts to steal Microsoft credentials in targeted phishing attacks designed to evade detection by email security gateways, according to security researchers at Trustwave.
Researchers at Trend Micro posted a blog analyzing security risks emanating from recent activity by Google which created Top-Level Domains (TLDs) that are mostly known for being well-known file extensions. There has been some debate among the security community on whether concerns over this action are warranted. Nonetheless, members are encouraged to share this development with users who might be quick to click.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Alerts, Updates, and Bulletins:
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
