In the Security & Resilience Update on June 18, 2024, WaterISAC shared research from Proofpoint on increased activity it has observed leveraging unique social engineering that directs users to copy and paste malicious PowerShell scripts to infect computers with malware.
Today, the EPA released a new resource, "Small System Risk and Resilience Assessment Checklist." This product is designed to assist and wastewater utilities in systematically evaluating threats posed by malevolent acts and natural disasters that could endanger their services. This guidance targets small water or wastewater systems that serve fewer than 50,000 residents.
In addition to other widespread phishing campaigns, there have been notable phishing attacks exploiting Microsoft tools over the last month. A recent campaign is leveraging Microsoft Forms, a tool within the Microsoft 365 product suite designed for collecting feedback and information through surveys, quizzes, and polls. WaterISAC is sharing this for member awareness of current threats in Microsoft tools.
A misconfiguration in Proofpoint’s email security system allows threat actors to send seemingly genuine emails without detection. This campaign, which has been active since January 2024, leverages well-known companies by spoofing their emails and circumventing major security protections, such as SPF and DKIM signatures. WaterISAC is sharing for security awareness as the exploit of Proofpoint’s email protections enables the widespread impersonation of well-known brands.
I&C Secure Joins WaterISAC’s List of Champions
WaterISAC Champions enhance Water and Wastewater Sector security
Today, CISA and partners released a joint Cybersecurity Advisory (CSA), North Korea Cyber Group Conducts Global Espionage Campaign to Advance Regime’s Military and Nuclear Programs. The advisory was crafted to highlight cyber espionage activity associated with the Democratic People’s Republic of Korea (DPRK)’s Reconnaissance General Bureau (RGB) 3rd Bureau based in Pyongyang and Sinuiju.
On Tuesday, Florida-based security awareness training company KnowBe4 reported that a North Korean agent, posing as a software engineer, managed to bypass its hiring background checks and spent the initial 25 minutes of employment trying to install malware on a company computer.
Technology plays an essential role in the security of any organization. While it’s important to utilize, and often rely on, security tools to keep our data and organizations safe, it’s important to remember that these same tools are not foolproof. As of late, threat actors have been observed using various tactics (some new) to bypass Secure Email Gateways (SEGs). As Jennifer Lyn Walker, WaterISAC’s Director of Infrastructure Cyber Defense said, “when technology fails to stop threats, we need to be able to recognize the threats that make it into our inboxes.”
The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
CrowdStrike
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS security advisories, along with additional alerts, updates, and bulletins:
ICS Advisories:
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
