-by Jennifer Lyn Walker
Today we’ll cover Cybersecurity Awareness Month 2022’s behavior of software updates. This behavior takes on a very different complexion for organizations than it does individuals. Nonetheless, behaving accordingly is just as important in each environment.
Individuals
Axio released its 2022 State of Ransomware Preparedness Report, which provides an overview of the state of the industry with regards to resiliency versus ransomware attacks. While the report notes some improvements, overall, it concludes that a lack of fundamental cybersecurity practices and controls continues to undermine any organizations’ attempts to defend against this threat.
The FBI has published a TLP:WHITE Private Industry Notification (PIN) to provide awareness of the Iranian cyber group Emennet Pasargad and its ongoing hack-and-leak cyber operations, which include false-flag campaigns under the guise of multiple personas to avoid attribution. According to FBI reporting, Emennet Pasargad has been conducting hack-and-leak operations against organizations primarily in Israel.
The FBI has published a Public Service Announcement (PSA) warning the public of the potential for fraudulent websites, e-mails, texts, or phone scams aiming to defraud individuals seeking federal student loan forgiveness. Threat actors will seek to solicit personally identifiable information, financial information, or payment from potential victims.
H2OSecCon attendees will have the opportunity on Day Two to actively participate in an afternoon tabletop exercise developed by Dragos for its new OT-CERT (Operational Technology – Cyber Emergency Readiness Team) program. The exercise is a facilitated discussion to provide water and wastewater utility OT and IT staff (operators, engineers, analysts, managers, supervisors, executives, etc.) an opportunity to practice cyber incident response processes and procedures based on an OT-impacting ransomware incident.
For Cybersecurity Awareness Month the key behavior we are highlighting today is using strong passwords. Using strong passwords is one of the key action steps that everyone can implement to increase their cybersecurity posture. Passwords are strong when they are greater than twelve characters.
Last week, the Cybersecurity and Infrastructure Security Agency (CISA) in partnership with the Department of Energy’s Pacific Northwest National Lab released RedEye, an interactive open-source analytic tool for use by network defenders and Red Teams to visualize and report command and control activities.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
The U.K.’s National Cyber Security Centre (NCSC) published guidance offering practical steps to assist medium to large organizations in more confidently assessing and strengthening their supply chain cybersecurity.
Its Fall, the leaves are changing color, and we continue our observance of Cybersecurity Awareness Month. This month is intended to engage and educate public and private-sector partners through events and initiatives with the goal of raising awareness about cybersecurity to increase the resiliency of the nation and the critical infrastructure that sustains our communities.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
