Incident Awareness – Major Water Utility Experiences Cyber Attack (Update - October 15, 2024)
October 15, 2024
H2OSecCon 2025- a virtual security event for the water sector - happening May 20th. Register Now!
Cybersecurity
Joint Cybersecurity Advisory – Update on SVR Cyber Operations and Vulnerability Exploitation
Last week, the NSA, FBI, and other federal and international partners issued a joint Cybersecurity Advisory (CSA) “Update on SVR Cyber Operations and Vulnerability Exploitation”. The joint CSA warns of ongoing Russian Federation Foreign Intelligence Service (SVR) cyber threats, highlighting how SVR actors are currently exploiting a set of software vulnerabilities and have intentions to exploit additional vulnerabilities.
Supplemental Cyber Highlights – October 15, 2024
The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure Resilience & OT/ICS Vulnerability Management
CISA ICS Advisories, Additional Alerts, Updates, and Bulletins – October 15, 2024
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS security advisories, along with additional alerts, updates, and bulletins:
ICS Advisories:
CISA Alert – Best Practices to Configure BIG-IP LTM Systems
CISA has observed cyber threat actors leveraging unencrypted persistent cookies managed by the F5 BIG-IP Local Traffic Manager (LTM) module to enumerate other non-internet facing devices on the network. F5 BIG-IP is a suite of hardware and software solutions designed to manage and secure network traffic. A malicious cyber actor could leverage the information gathered from unencrypted persistence cookies to infer or identify additional network resources and potentially exploit vulnerabilities found in other devices present on the network.
Threat Awareness – Microsoft Warns of Increased BEC Attack Tactics via File Hosting Services
Microsoft has recently observed more attack campaigns misusing file hosting services and which are increasingly using defense evasion tactics involving files with restricted access and view-only restrictions. They issued a warning in their threat intelligence blog on Tuesday, explaining that these attacks are intended to compromise identities and devices, and usually lead to further business email compromise (BEC) attacks.
Supplemental Cyber Highlights – October 10, 2024
The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure Resilience & OT Vulnerability Management
CISA ICS Advisories, Additional Alerts, Updates, and Bulletins – October 10, 2024
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS security advisories, along with additional alerts, updates, and bulletins:
ICS Advisories:
Supplemental Cyber Highlights – October 8, 2024
The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure Resilience
OT/ICS Awareness – Password Attacks Observed on SCADA Network VPN Web Clients
The Colorado Information Analysis Center (CIAC) recently shared intelligence with WaterISAC regarding password attack activity targeting the SCADA networks of a water sector entity. WaterISAC is sharing this TLP:CLEAR report (attached below) for member awareness of targeted attacks in the water sector.
Pages
