Just as businesses depend on email for work, threat actors count on it for conducting malicious activity. According to Cofense, the three most prevalent types of attacks against email systems in 2021 were credential phishing, business email compromise (BEC), and malware delivery. Specifically, the data revealed that 70 percent of all email attacks were credential phishing.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Alerts, Updates, and Bulletins:
From known and routinely exploited vulnerabilities to routinely exploited controls and practices, cyber threat actors often stick with what works and take the path of least resistance. While there are sophisticated threat groups that research vulnerabilities and develop new exploits and attack behaviors, many repeatedly use the same tactics over and over. Essentially, bad guys keep using the same methods, because the same methods keep working when organizations are slow to bolster their cybersecurity postures with recommended practices such as patching and credential hardening efforts.
The FBI has published a TLP:WHITE FLASH warning that cyber actors are scraping credit card data from U.S. business’ online checkout page and maintaining persistence on victims’ devices by injecting malicious php code. The FLASH indicates that since January of this year, unknown threat actors have stolen credit card data from an online U.S. business and sent the scraped data to an adversary-controlled server that spoofed a legitimate card processing server.
Insider threats are becoming a greater challenge for companies to deal with and yet many companies still do not have established programs for monitoring and responding to potential insider threats. According to the cybersecurity firm Tessian, insider threat incidents increased by 47 percent between 2018 and 2020 and insiders are responsible for around 22 percent of all security incidents. Therefore, as the threat grows, companies can help mitigate against potential incidents by establishing insider threat programs.
To stay ahead of ransomware, organizations benefit by detecting other malicious activities that often precede the final deployment of a ransomware attack. More often than not, adversaries spend weeks to months on victims’ networks before the actual ransomware encryption code is executed. Therefore, when organizations prioritize proactive detection of malicious behaviors, the chance of succumbing to a ransomware attack will likely decrease.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Alerts, Updates, and Bulletins:
May 12, 2022
Email phishing lures are not the only way threat actors attempt to trick individuals into revealing their private information. URL spoofing is another common method adversaries exploit to steal information and conduct other malicious activity. Specifically, researchers have uncovered several URL spoofing bugs in popular Software-as-a-Service (Saas) platforms Box, Zoom, and Google Docs.
Security researchers have discovered a new sophisticated post-exploitation framework being primarily deployed on Exchange servers, dubbed IceApple. The toolset was discovered by CrowdStrike after an alert triggered on a new customer’s Microsoft OWA deployment. Researchers believe the developers behind IceApple prioritize keeping a low profile in network environments to achieve long-term objectives in targeted attacks.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
