Cybersecurity

Threat Awareness – Google AMP URLs Being Abused to Generate Trust for Phishing Campaigns

Cofense shares recent analysis diving into a new phishing tactic that utilizes Google Accelerated Mobile Pages (AMP), an open-source HTML framework for browser and mobile websites. By using websites hosted on Google AMP URLs, threat actors are able to gain trust with users who think they are accessing a Google domain. This tactic is designed to steal login credentials of enterprise employees and has been successful at bypassing secure email gateways to reach users inboxes.

Read more about Threat Awareness – Google AMP URLs Being Abused to Generate Trust for Phishing Campaigns

Supplemental Cyber Highlights – August 1, 2023

The following posts are useful for general awareness of current threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.

ICS/OT/SCADA

Read more about Supplemental Cyber Highlights – August 1, 2023

ICS Ransomware Trends – Dragos Analyzes ICS Ransomware Attacks for Q2 2023

Dragos continues tracking ransomware incidents impacting industrial organizations and has published its latest findings for Q2 2023. Overall, ransomware activity targeting industrial organizations and infrastructure is sustaining its trend upward resulting in more incidents and new or rebranded threat groups compared to last quarter. Dragos called it “an exceptionally active period” and assesses with moderate confidence that the current trend will continue.

Read more about ICS Ransomware Trends – Dragos Analyzes ICS Ransomware Attacks for Q2 2023

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins –August 1, 2023

The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:

ICS Vulnerability Advisories:

CISA Releases One Industrial Control Systems Advisory

Products are used across multiple sectors, please check these latest advisories for specific equipment used across your ICS environments and address accordingly.

Read more about CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins –August 1, 2023

CISA and Partners Release Joint Cybersecurity Advisory on Preventing Web Application Access Control Abuse

The Australian Cyber Security Centre, the U.S. Cybersecurity and Infrastructure Security Agency, and the U.S. National Security Agency have released a joint Cybersecurity Advisory to warn vendors, designers, and developers of web applications and organizations using web applications about insecure direct object reference (IDOR) vulnerabilities.

Read more about CISA and Partners Release Joint Cybersecurity Advisory on Preventing Web Application Access Control Abuse

Ransomware Awareness – Abyss Locker Joins Ransomware Trend of Adding Capabilities Targeting VMware ESXi

Dark Reading has written an article discussing Abyss Locker’s recent addition of the capability to target VMware’s ESXi virtualized environments for encryption, increasing risks for ICS owners and operators.

Read more about Ransomware Awareness – Abyss Locker Joins Ransomware Trend of Adding Capabilities Targeting VMware ESXi

H2OSecCon Sponsorship Opportunities Now Available!

Expand your exposure and support this one-of-a-kind virtual event focused on security for the water and wastewater sector. The 2nd annual H2OSecCon will be held virtually from October 19 - 20. This conference brings together hundreds of attendees from water and wastewater utilities to provide panels and sessions around IT and OT security, physical security, and resilience. Sponsorships start at $1,500. Full prospectus with pricing and details can be found in the PDF below.

Read more about H2OSecCon Sponsorship Opportunities Now Available!

Threat Awareness – Nitrogen Malware Propagates via Search Engine Ads to Conduct Ransomware Attacks

A recently discovered initial access malware family dubbed Nitrogen exploits Google and Bing search advertisements to promote fake software webpages that can infect victims with Cobalt Strike and ransomware payloads, according to security researchers at Sophos.

Read more about Threat Awareness – Nitrogen Malware Propagates via Search Engine Ads to Conduct Ransomware Attacks

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – July 27, 2023

The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:

ICS Vulnerability Advisories:

CISA Releases Five Industrial Control Systems Advisories

Read more about CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – July 27, 2023

Cyber Resilience – CISA Announces Effort to Create Sector-Specific Cybersecurity Performance Goals

CISA is working with Sector Risk Management Agencies (SRMAs) to directly engage with each critical infrastructure sector to develop Sector-Specific Goals (SSGs). In most instances, these goals will likely consist of either new, unique goals with direct applicability to a given sector, or materials to assist sector constituents with effective implementation of the existing cross-sector CPGs.

Read more about Cyber Resilience – CISA Announces Effort to Create Sector-Specific Cybersecurity Performance Goals

You are here

Cybersecurity

Pages

Footer Email Signup