In the second half of 2022, security researchers at Fortinet observed destructive wiper malware attacks impacting more organizations around the world, as well as cybercriminals retooling existing botnets and reusing code to power more sophisticated attacks.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Alerts, Updates, and Bulletins:
Many of the vulnerabilities successfully exploited by ransomware groups in 2022 were years old and permitted attackers to establish persistence and move laterally to compromise an organization, according to new research from the IT company Ivanti.
The LockBit ransomware gang claims to have successfully compromised a Portuguese municipal water utility and is threatening to leak its stolen data. At the time of writing, it is still unknown how the attackers breached the utility or what type of data was stolen.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Over the past few years, the number of ransomware attacks has continued to increase alongside an evolution of tactics, techniques, and procedures (TTPs) employed by threat actors to compromise a network. The latest development, ransomware attacks targeting cloud-based infrastructure.
The U.K.’s National Cyber Security Centre (NCSC) posted guidance for mapping an organization’s supply chain. The document is aimed at medium to large organizations who need to gain confidence or assurance that mitigations are in place for vulnerabilities associated with working with suppliers. Supply chain mapping (SCM) is the process of recording, storing, and using information gathered from suppliers who are involved in a company’s supply chain.
Help Net Security has written an article covering research by Picus Security which found that multipurpose malware – or malware with multiple malicious capabilities – is becoming increasingly more popular to create and deploy. Researchers analyzed over 550,000 malware samples and mapped each one’s capabilities to the cyber kill chain.
Bleeping Computer has written an article covering a malicious campaign abusing Google ads that was discovered by researchers from Sentinel Labs. The malvertising campaign redirected victims to a fake Amazon Web Services login page, registered to what is believed to be a Brazilian threat actor. The most notable thing to remember is that in many instances the bad ads rank very high in the search results. For instance, when searching for “aws,” this campaign’s malicious result appeared second, right behind Amazon’s own promoted search result.
Dark Reading has written an article about the recent reddit hack and how the details that have been released demonstrate the limitations of two-factor authentication and the benefits of employee training. Despite reddit requiring the use of two-factor authentication internally, attackers were still able to convince an employee to click on a malicious link and harvest their credentials.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
