Yesterday the White House issued an executive order focused on improving the digital defenses of federal agencies and contractors but that could eventually become common practice, including in the private sector.
Ransomware attacks have ubiquitous relevance for all organizations, regardless of targeting set/victimology or targeted system (IT or OT) of the attributed ransomware group/family for any given incident. For every cyber threat group that claims they don’t target particular sectors or types of organizations, there are many more groups that do not espouse similar tenets. For example, while Darkside proclaims to only support targeting high-value victims capable of paying outrageous demands, many other ransomware groups are indiscriminate and opportunistic and project no such illusion.
The National Security Agency (NSA), the Office of the Director of National Intelligence (ODNI), and the Cybersecurity and Infrastructure Security Agency (CISA) have published Potential Threat Vectors to 5G Infrastructure, an analysis paper that identifies and assesses risks and vulnerabilities introduced by 5G adoption. The analysis paper examined three major threat vectors in 5G: standards, the supply chain, and threats to systems architecture.
Given cross-sector dependencies with electric utilities, many water and wastewater utilities are familiar with the North American Electric Reliability Corporation (NERC) and its Critical Infrastructure Protection (CIP) Reliability Standards. Some larger and more resourced water and wastewater utilities reference NERC CIP standards as they are applicable to many cybersecurity practices.
As part of its Tech Tuesday series, the FBI's Portland, Oregon office has published an article on building a digital defense against robocalls. For this, the FBI relays a series of tips from the Federal Communications Commission (FCC). One tip is that if you answer the phone and the caller – or a recording – asks you to hit a button to stop getting the calls, you should just hang up. It explains scammers often use this trick to identify potential targets.
The Cybersecurity and Infrastructure Security Agency (CISA) has released an analysis report and malware analysis report of the FiveHands ransomware, which it reports was used in a a recent, successful cyberattack against an organization. These reports provide analysis of the threat actor’s tactics, techniques, and procedures as well as indicators of compromise (IOCs). They also provide CISA’s recommended mitigations for strengthening networks to protect against, detect, and respond to potential FiveHands ransomware attacks.
In 2004, Bill Gates prematurely postulated that passwords were dead. According to a recent DarkReading post, in 2005 security expert Mark Burnett wrote a book called Perfect Passwords, in which he floated the idea of dedicating one day in the calendar each year when everybody should change their passwords. Here we are in 2021 and passwords are still pertinent today and for the projected future.
In a heroic feat to maintain operations at a record-setting pace, countless IT and security teams rushed to provide accommodations for a new remote workforce leaving the office behind over one year ago. As we begin inhabiting those abandoned buildings there are bound to be some ghosts lurking around the office due to unintentional oversights when we left. If IT and security staff haven’t been on the premises during the past year, now is a good time to exorcise those ghosts before the masses return.
The Ransomware Task Force, a group made up of more than 60 experts spanning government, industry, and nonprofit sectors, released a report calling ransomware an urgent national security threat and proposing sweeping recommendations to the public and private sectors on combatting this growing problem. The 81-page Combating Terrorism report begins by discussing how ransomware has evolved and grown into an increasing problem, threatening businesses and governments not just i
The National Security Agency (NSA) has released the Cybersecurity Advisory, “Stop Malicious Cyber Activity Against Connected Operational Technology,” detailing how to evaluate risks to systems and improve the security of connections between OT and enterprise networks. This guidance is intended to provide a pragmatic evaluation methodology to assess how to best improve OT and control system cybersecurity for mission success, to include understanding necessary resources for secure systems.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
