The goal of this series is to provide water utilities with cybersecurity educational presentations that provide basic security advice which can be incorporated by water and wastewater utilities of all sizes.
Yesterday, the Department of Justice (DOJ) announced the disruption of the Cyclops Blink botnet before it could be used for malicious activity. The malware, dubbed Cyclops Blink, targets WatchGuard Firebox firewall appliances and multiple ASUS router models and has reportedly been operated by the Russian-backed Sandworm group since at least June 2019. Cyclops Blink allows threat actors to establish persistence on a device via firmware updates, providing remote access to compromised networks. The malware is modular allowing it to be easily upgraded to target new systems.
Security Intelligence has posted a blog discussing the continued prevalence of remote work and detailing the various components of endpoint security that cybersecurity professionals should be aware of as they mature their endpoint protections to meet this new security landscape. The author reviews over a dozen concerns that network defenders should consider in order to have a truly robust defense, from VPNs to EDR solutions.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
If your utility has been putting off participating in a tabletop exercise (TTX) because it seems too resource-consuming, CISA has an alternative. Similar to its CTEPs (CISA Tabletop Exercise Packages), CISA released a new toolkit called the “Secure Tomorrow Series” designed to be self-facilitated and completed with fewer staff in less time.
The Cybersecurity and Infrastructure Security Agency (CISA) has published an advisory on the release of Spring updates that address the remote code execution (RCE) vulnerability CVE-2022-22965, also known as “Spring4Shell.” Cloud Function versions 3.1.7 and 3.2.3 and Spring Framework versions 5.3.18 and 5.2.20 are available on the Spring by VMWare blog.
Security researchers have identified a new remote access trojan (RAT) malware, dubbed Borat, available on criminal marketplaces which allows threat actors to deploy ransomware, conduct DDoS attacks, user account control (UAC) bypass, and more. It is unknown if Borat is sold or shared for free among cyber criminals, but researchers note the malware is distributed as a highly modular comprehensive package allowing criminals to mix and match technical exploits that can be tailored for targeted attacks.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Alerts, Updates, and Bulletins:
The EPA and WaterISAC are aware that multiple water utilities have reported targeted phishing emails being sent to their employees during the past week. The emails, characterized as Business Email Compromise (BEC), have attempted to impersonate current employees or government officials. As they often do, these impersonation attempts have utilized official logos to give the phishing emails the appearance of legitimacy.
This week, the FBI announced another global law enforcement operation that successfully disrupted Business Email Compromise (BEC) schemes. BEC scams typically target employees of businesses that make payments via wire transfers. These fraudsters usually gain access to a company’s email accounts or spoof their email addresses to send legitimate sounding and well-timed requests for wire transfers, according to the FBI. Over a three-month period, the FBI conducted Operation Eagle Sweep, where they arrested 65 suspected BEC fraudsters in the U.S. and overseas.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
