The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure Resilience & OT Vulnerability Management
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS security advisories, along with additional alerts, updates, and bulletins:
ICS Advisories:
On October 22, 2024, CISA Released One Industrial Control Systems Advisory for products used across multiple sectors, please check these latest advisories for specific equipment used across your ICS/SCADA environments and address accordingly:
Israeli organizations have been targeted by a malicious email campaign impersonating the IT security company ESET. By utilizing the systems of Comsecure, the exclusive distributor of ESET products within Israel, an unknown threat actor is sending an otherwise seemingly legitimate email, signed by ESET’s Advanced Threat Defense team, that encourages recipients to download a .zip file and execute a malicious .exe containing a wiper program.
SANS has released its 2024 State of ICS/OT Cybersecurity report, which offers key insights and benchmarks for industrial cybersecurity programs worldwide through a survey of 530 professionals. Based on inputs from cyber professionals across multiple critical infrastructure sectors, it provides actionable guidance as to how organizations can manage industrial cyber risk effectively.
Key insights from the report include:
CSO Online has published an article revealing details on a recent ICS/OT-related cyberattack targeting the water system of Stanton, Texas. Despite only serving a population of 2,700, Russia-linked hacktivists still breached the utility’s network in order to access a human-machine interface (HMI) and manipulate its settings. Due to the threat actor’s inexperience, they were only capable of randomly changing settings, resulting in the loss of some untreated water. However, a more sophisticated state adversary with the same level of access could cause more significant damage.
The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure Resilience & OT Vulnerability Management
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS security advisories, along with additional alerts, updates, and bulletins:
ICS Advisories:
Threat actors have recently been observed deploying tactics that evade cybersecurity phishing defenses, namely Natural Language Processing (NLP) detection methods. NLP involves analyzing the language used in emails or other text to identify patterns or phrases that may indicate spam or phishing attempts. It has gotten more advanced and effective as AI technology has advanced in recent years. NLP methods are similar to behavioral analysis tools, which go beyond regular anti-virus methods for detecting threats by looking for adverse patterns or anomalies.
Yesterday, CISA and the FBI released joint guidance on Product Security Bad Practices, giving an overview of exceptionally risky product security practices for software manufacturers who produce software in support of critical infrastructure or national critical functions.
Yesterday, CISA and other federal and international partners released a joint Cybersecurity Advisory (CSA) “Iranian Cyber Actors' Brute Force and Credential Access Activity Compromise Critical Infrastructure.” The advisory highlights known indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) used by Iranian cyber threat actors to disrupt organizations across critical infrastructure sectors.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
