Forescout Research – Vedere Labs published its Global Threat Roundup Report for 2023 which included key findings related to OT/ICS infrastructure. Most notable were several OT protocols, of which five were listed as constant targets and made up 98% of OT-related attacks. These five include Modbus, Ethernet/IP, Step7, DNP3, and IEC10X.
Water utility giant, Veolia North America, is the latest victim of a ransomware attack adding to the recent spate of cyber attacks impacting entities across the water and wastewater systems sector. As the investigation ensues, it appears the attack was limited to the company’s internal back-end servers and affected its bill payment systems. While Veolia has stated that there is “no evidence to suggest it affected our water or wastewater treatment operations,” experts and investigators are still assessing the full extent of the attack’s impact.
WaterISAC convened its monthly Water Sector Cyber Resilience Briefing on January 24. Dawn Cappelli, Director of OT-CERT, and Gus Serino, OT-CERT/I&C Secure, Inc., presented.
Agenda - Do You Struggle with OT/ICS Cybersecurity or Just Need a Sanity Check?
The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure
The third annual Data Privacy Week began January 21, and continues through Saturday, January 27, 2024, as announced by the National Cybersecurity Alliance (NCA). While Data Privacy Day began in the United States in 2008, this year marks the third annual Data Privacy Week – two years ago, the National Cybersecurity Alliance (NCA) expanded Data Privacy Day into Data Privacy Week. NCA’s goal is to spread awareness about online privacy and help consumers understand that we do have the right and ability to manage our own data.
Outlook is a near ubiquitous communications application. Additionally, with so many social engineering/phishing tactics targeting users through their inboxes, vulnerabilities left unpatched often become an attractive threat vector. One of three Microsoft vulnerabilities recently disclosed by Varonis has the ability to steal hashed passwords through Outlook’s calendar invitation with just one click. This vulnerability was assigned CVE-2023-35636 and Microsoft distributed the patch on December 12, 2023.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
CISA Releases Six Industrial Control Systems Advisories
Products are used across multiple sectors, please check these latest advisories for specific equipment used across your ICS environments and address accordingly.
Yesterday, CISA and the FBI published the “Cybersecurity Guidance: Chinese-Manufactured UAS” action guide. This resource was developed to increase awareness of the threats posed by Chinese-manufactured UAS and provide UAS cybersecurity recommendations that reduce risks to networks and sensitive information.
Pardon the play on arguably one of the most famous lines from the movie, “A Few Good Men,” but that’s what this recent blog post from WaterISAC Champion, Gate 15 is all about. Gate 15 has a lot of experience helping clients prepare for a ransomware attack BEFORE it happens by exercising response plans.
Today, CISA, the Federal Bureau of Investigation (FBI), and the Environmental Protection Agency released a joint Incident Response Guide for the Water and Wastewater Systems (WWS) Sector. The guide includes contributions from over 25 WWS Sector organizations spanning private industry, nonprofit, and government entities – including WaterISAC.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
