October marks the start of Fall, but for security professionals October is known for Cybersecurity Awareness Month (CSAM) – previously known as the National Cybersecurity Awareness Month. The purpose of CSAM is to underscore the holistic societal responsibility all of us share in ensuring that our communities, organizations, and individuals are practicing proper cyber hygiene.
The worst time to figure out what you are going to do about an incident is in the middle of the incident – cyber or physical. From fire drills to business continuity exercises, it has become standard practice for organizations to develop and drill on physical incident plans. Conversely, few organizations develop and practice cyber incident response plans, despite the endless barrage of cyber attacks. Organizations with an effective cyber incident response plan will limit damage and reduce recovery time and costs of a cyber incident or attack.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Business email compromise (BEC) attacks cost organizations millions of dollars every year and there are no signs of them abating any time soon. In addition, executive level (C-suite) email accounts are witnessing significant numbers of attacks and their network privileges are making defensive measures more challenging. As such, there are a few simple cyber hygiene measures organizations can implement to protect themselves and mitigate further attacks. First, executives should receive role-based awareness training for recognizing suspicious emails.
A new advanced persistent threat (APT) actor, known as ChamelGang, has been observed targeting aviation and energy companies in Russia and government organizations in at least nine other countries. The threat actor has not been linked to any existing APT and its nationality is unknown. ChamelGang was first detected after it breached a Russian energy firm, which was followed by the APT’s identification by the cybersecurity company Positive Technologies (PT).
The Conti ransomware group has jumped on the bandwagon of recent threats made by similar groups about calling in the experts or otherwise publicly sharing information about ransomware attacks. Last week, the Conti ransomware group released a statement threatening to publish victims’ data if details or screenshots of ransomware negotiations are leaked to media or security researchers.
If you’ve missed WaterISAC’s prior posts (listed below) on the exploitation of critical vulnerabilities and importance of patching VPN devices, you’re in luck! The NSA and CISA released a cybersecurity information sheet Selecting and Hardening Standards-based Remote Access VPN Solutions to address the potential security risks associated with using Virtual Private Networks (VPNs).
The Conti ransomware group is employing new techniques to cripple a victim’s backup software, according to a recent report from the cyber-risk prevention company Advanced Intelligence. The Conti ransomware gang has earned its spot as one of the more prolific ransomware groups for many of its advanced tactics, techniques, and procedures (TTPs), especially its propensity to destroy backups.
A prior post, ICS Preparedness/Resilience – More on Following NERC Guidance, Even Though it’s Not Required, discussed the benefits for water and wastewater utilities to voluntarily follow NERC CIP, especially given the cross-sector dependencies.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
