Cybersecurity

If your utility has been putting off participating in a tabletop exercise (TTX) because it seems too resource-consuming, CISA has an alternative. Similar to its CTEPs (CISA Tabletop Exercise Packages), CISA released a new toolkit called the “Secure Tomorrow Series” designed to be self-facilitated and completed with fewer staff in less time.

Security researchers have identified a new remote access trojan (RAT) malware, dubbed Borat, available on criminal marketplaces which allows threat actors to deploy ransomware, conduct DDoS attacks, user account control (UAC) bypass, and more. It is unknown if Borat is sold or shared for free among cyber criminals, but researchers note the malware is distributed as a highly modular comprehensive package allowing criminals to mix and match technical exploits that can be tailored for targeted attacks.

The EPA and WaterISAC are aware that multiple water utilities have reported targeted phishing emails being sent to their employees during the past week. The emails, characterized as Business Email Compromise (BEC), have attempted to impersonate current employees or government officials. As they often do, these impersonation attempts have utilized official logos to give the phishing emails the appearance of legitimacy.

Today is World Backup Day and in honor of this celebration WaterISAC is reminding all members of the importance of keeping multiple secure backups to ensure the security and resilience of their data and technical operations. One of the most efficient methods for backing up your data is the “3-2-1” approach. The first part entails maintaining three separate copies of the data, one is the original version and the other two serve as backups. Second, two backup copies should be stored on different types of media, such as an external thumb drive, tape drive, or cloud infrastructure.