Cybersecurity

Ransomware Awareness – New Ransomware Group “Cicada3301” Surfaces with Connections to ALPHV Network

Security researchers have identified a new ransomware group named "Cicada3301," linked to the ALPHV/BlackCat variant and the Brutus botnet. Cicada3301 has been observed targeting VMware ESXi environments, aiming to disrupt virtual machines by shutting them down, deleting snapshots, and encrypting data. The group's first data leak site post appeared on June 25, followed by an invitation for new affiliates to join on the cybercrime forum Ramp. WaterISAC is sharing for broader awareness of threat actor groups and tactics.

Read more about Ransomware Awareness – New Ransomware Group “Cicada3301” Surfaces with Connections to ALPHV Network

Ransomware Resilience – The Always Shifting Ransomware Landscape

Given the constantly evolving nature of the ransomware landscape, it is essential to keep abreast of the latest trends and tactics employed by threat actors. Recent observations such as adapting cybercriminal operations to increased competition, shifting criminal structures in light of law enforcement action, as well as lack of trust among ransomware affiliates highlight the ever-changing nature of this growing threat.

The following five recently observed developments within the ransomware landscape underscore some of the current notable shifts within the ecosystem:

Read more about Ransomware Resilience – The Always Shifting Ransomware Landscape

Cyber Resilience – CISA Releases New Incident Reporting Portal

CISA has announced the transition of its cyber incident reporting form to a new CISA Services Portal, aimed at enhancing the reporting process. WaterISAC joins CISA in reminding members of the importance of reporting incidents as it benefits not only their utility but the entire sector and wider community as a whole.

Read more about Cyber Resilience – CISA Releases New Incident Reporting Portal

CISA ICS Advisories, Additional Alerts, Updates, and Bulletins – September 3, 2024

The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS security advisories, along with additional alerts, updates, and bulletins:

ICS Advisories:

Read more about CISA ICS Advisories, Additional Alerts, Updates, and Bulletins – September 3, 2024

Joint Cybersecurity Advisory - #StopRansomware: Ransomhub Ransomware

Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware.

Read more about Joint Cybersecurity Advisory - #StopRansomware: Ransomhub Ransomware

Supplemental Cyber Highlights – August 29, 2024

The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.

Critical Infrastructure Vulnerabilities & Threats

Read more about Supplemental Cyber Highlights – August 29, 2024

Threat Awareness - Censys Reports Hundreds of Versa Director Servers May be Exposed to Volt Typhoon Exploitation

Yesterday, cybersecurity firm Censys shared live search queries showing hundreds of potentially exposed Versa Director servers (CVE-2024-39717) presenting an open attack surface for threat actors.

Read more about Threat Awareness - Censys Reports Hundreds of Versa Director Servers May be Exposed to Volt Typhoon Exploitation

Report – KnowBe4 Report Reviews Cyber Attacks Targeting Critical Infrastructure

Analyst comment (Jennifer Lyn Walker): It’s unclear if KnowBe4 has any empirical data at all or is just rehashing widely available reporting and making assumptions or quoting statistics from other’s research – it seems more like the latter. However, what KnowBe4 typically does well is provide resources to help organizations improve cyber resilience. The report does mention a couple of old incidents that impacted the water and wastewater sector. We are providing this report simply for awareness.

Read more about Report – KnowBe4 Report Reviews Cyber Attacks Targeting Critical Infrastructure

CISA Advisory – Iran-based Cyber Actors Enabling Ransomware Attacks on U.S. Organizations

CISA, the FBI, and the Department of Defense Cyber Crime Center (DC3) have issued a joint Cybersecurity Advisory: “Iran-based Cyber Actors Enabling Ransomware Attacks on U.S. Organizations.” The advisory aims to alert network defenders about ongoing threats from a group of Iran-based cyber actors known to the private sector as Pioneer Kitten, Parisite, Rubidium, and Lemon Sandstorm. As late as August 2024, this group has been targeting U.S.

Read more about CISA Advisory – Iran-based Cyber Actors Enabling Ransomware Attacks on U.S. Organizations

CISA ICS Advisories, Additional Alerts, Updates, and Bulletins – August 29, 2024

The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS security advisories, along with additional alerts, updates, and bulletins:

ICS Advisories:

Read more about CISA ICS Advisories, Additional Alerts, Updates, and Bulletins – August 29, 2024

You are here

Cybersecurity

Ransomware Awareness – New Ransomware Group “Cicada3301” Surfaces with Connections to ALPHV Network

Ransomware Resilience – The Always Shifting Ransomware Landscape

Cyber Resilience – CISA Releases New Incident Reporting Portal

CISA ICS Advisories, Additional Alerts, Updates, and Bulletins – September 3, 2024

Joint Cybersecurity Advisory - #StopRansomware: Ransomhub Ransomware

Supplemental Cyber Highlights – August 29, 2024

Threat Awareness - Censys Reports Hundreds of Versa Director Servers May be Exposed to Volt Typhoon Exploitation

Report – KnowBe4 Report Reviews Cyber Attacks Targeting Critical Infrastructure

CISA Advisory – Iran-based Cyber Actors Enabling Ransomware Attacks on U.S. Organizations

CISA ICS Advisories, Additional Alerts, Updates, and Bulletins – August 29, 2024

Pages

You are here

Cybersecurity

Pages

Footer Email Signup