FBI’s IC3 Releases 2022 Internet Crime Report
The FBI’s Internet Crime Complaint Center (IC3) recently published its 2022 Internet Crime Report. The study draws data from 800,944 complaints of suspected internet crime reported to the FBI last year.
Cybersecurity
Ransomware Resilience – CISA Announces Ransomware Vulnerability Warning Pilot
CISA has announced the establishment of the Ransomware Vulnerability Warning Pilot (RVWP). Through the RVWP, CISA will determine vulnerabilities commonly associated with known ransomware exploitation and warn critical infrastructure entities of those vulnerabilities.
Industry Experts Discuss Importance of Critical Infrastructure Protection
Industrial Cyber has written an article discussing the importance of critical infrastructure protection through the lens of four industry experts, including WaterISAC’s director of infrastructure cyber defense Jennifer Lyn Walker and Health-ISAC’s president and CEO Denise Anderson.
CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - March 9, 2023
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Threat Awareness – Keep Our Eyes on Emotet
Various cybersecurity firms have observed that everybody’s email enemy emerged after another routine respite. As Emotet has proven to be a resilient threat, researchers report that it resumed activity again on March 7. While Emotet is still leveraging email as its initial infection vector, it’s important for defenders to track the various behaviors it adopts during each resurrection and detect and protect accordingly. According to Cofense, for this round Emotet is attaching very large .zip files that are not password protected.
Security Awareness – Recruitment Scams are a Threat to Seekers and Employers
Job recruitment scams are nothing new, but related campaigns have been on an uptick in recent weeks as threat actors seem to be exploiting mass layoffs, resignations, and recruitment efforts.
Cyber Resilience – How to Block Microsoft OneNote Files from Delivering Malware
Since mid-December 2022, threat actors have been increasingly exploiting Microsoft OneNote files to deliver malware and compromise victims. Last week, WaterISAC shared a DHS report on attackers successfully utilizing weaponized Microsoft OneNote files for malware distribution. Threat actors, including ransomware gangs, are actively using this delivery method to infect organizations.
Recent Ransomware Attack Highlights the Challenging Balancing Act Confronting Municipal CISOs
The city of Oakland, California was recently the victim of a ransomware attack that impacted many of the city’s systems and disrupted some services. This latest ransomware attack, alongside ongoing cyber attacks against local governments, underscores the challenges that CISOs face in protecting a broad range of municipal services from numerous cyber threats. As the Oakland attack highlights, municipal governments have become major targets for ransomware gangs and state sponsored threat actors.
CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - March 7, 2023
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
- None
Alerts, Updates, and Bulletins:
EPA Unveils Action Plan to Add Cyber Reviews to Sanitary Surveys
Last week, the EPA formally released its long-anticipated interpretive memorandum requiring states to evaluate the cybersecurity of operational technology used by a public water system (PWS) as part of periodic sanitary surveys or through other state programs.
Pages
