Much has been said about the new Executive Order (EO 14028), Improving the Nation’s Cybersecurity, released earlier this month (covered in the Security & Resilience Update for May 13, 2021). And if you have had time to read the EO, then feel free to move to the next write-up. However, those of us who haven’t reviewed it and what it could mean beyond federal networks, may find a series by aDolus Inc.
The FBI has published a TLP:WHITE FLASH report on Conti ransomware, which it indicates has impacted healthcare and first responder networks. The report also notes that Conti has affected municipalities in the last year. It states Conti typically both encrypts servers and workstations and steals files, selling or publishing the stolen data to a public site if the ransom isn’t paid. The report provides additional technical details and indicators and asks partners for any information that can be shared.
Dragos has finally been able to publicly release its findings from a prior Advisory Alert on February 17, 2021 to customers informing them of the watering hole potentially targeting water utilities along with defensive guidance and indicators.
If you haven’t read the April 2021 NSA Cybersecurity Advisory, Stop Malicious Cyber Activity Against Connected Operational Technology (included in the Security & Resilience Update for May 4, 2021), you are not alone.
We all dread them; we all need them – security audits. They can take multiple forms, but without security audits we are unable to measure cybersecurity improvements and many deficiencies may never be brought to light. Security audits involve evaluating or analyzing people, processes, and technology surrounding the security aspects of an organization. Likewise, as organizational networks and cyber threats are constantly changing, security audits should be performed regularly to assess if current controls and processes sufficiently reduce risk against the ever-changing threat landscape.
If your utility uses Microsoft Windows in a networked environment, there’s a near 100% chance you use Active Directory (AD) to centrally administer domains, machines, users, and groups. And like many legitimate tools, if not securely configured, can be a threat actor’s dream for gaining a foothold and hiding in plain sight within your environment. Using AD tactics is nothing new for threat actors, but two recent very large-scale compromises – SolarWinds and Microsoft Exchange – emphasize the importance of securing AD. When is the last time you reviewed your AD configurations?
The Cybersecurity and Infrastructure Security Agency (CISA) has published an Insights document intended for critical infrastructure on doxing, which it defines as the internet-based practice of gathering an individual’s personally identifiable information (PII) – or an organization’s sensitive information – from open source or compromised material and publishing it online for malicious purposes.
Pardon the lack of fanfare that this report deserves, but this serves as an FYI that arguably the most heralded cybersecurity industry report, the Verizon Data Breach Investigation Report, affectionately known as the “DBIR,” was released this morning. According to Verizon, the Verizon Business 2021 Data Breach Investigations Report (2021 DBIR) examines more breaches than ever before. Some of the high-level findings include:
The FBI has published a Private Industry Notification (PIN) advising that it in a recent spear phishing campaign, cyber actors impersonated a U.S.-based financial institution’s brand in an attempt to get recipients to download a Windows application unaffiliated with the financial institution. The unknown cyber actors tailored the campaign to spoof the financial institution through registered domains, email subjects, and an application, all appearing to be related to the institution. This product provides a threat overview and series of recommended mitigations.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
