A recent study of ransomware attacks between July and September 2021 reveals that the banking, utilities, and retail sectors are the most targeted industries. The utilities sector was the second most targeted by ransomware during the time period, accounting for 20 percent of detected attacks. All three sectors in combination accounted for 58 percent of all detected attacks.
A current phishing scam is purporting to be a message from the U.S. Postal Service (USPS) claiming recipients have missed an important delivery, but instead contains a malicious link. In recent phishing awareness posts, WaterISAC has highlighted threat actors using trusted brands in phishing campaigns to fool users more easily into downloading various malware.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
by Andrew Hildick-Smith, WaterISAC Advisor
The White House has just released the first edition of a guidebook to help state, local, and other levels of government unlock the benefits from the Bipartisan Infrastructure Law that was signed into law in November.
Yesterday, the National Security Agency (NSA) released Cybersecurity Advisory (CSA), Protecting VSAT Communications. VSAT (very small aperture terminal) networks are largely used for remote communications when other options are not feasible.
Today, the water sector, EPA and the White House National Security Council announced the launch of the Industrial Control Systems Cybersecurity Initiative – Water and Wastewater Sector Action Plan - a 100-day “surge” to investigate the pros and cons of utilities implementing industrial control system (ICS) monitoring and sharing monitoring results with the Cybersecurity and Infrastructure Security Agency (CISA).
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Alerts, Updates, and Bulletins:
The FBI has published a TLP:WHITE Private Industry Notification (PIN) providing context and recommendations to protect against malicious activity by Iranian cyber group Emennet Pasargad. While some of the Emennet’s most notable cyber activities have involved information operations, particularly election interference activities, it has also conducted traditional cyber exploitation activity targeting several sectors, including oil and petrochemical, financial, and telecommunications, in the U.S., Europe, and the Middle East.
A new report by the Identify Theft Resource Center (ITRC) reveals that data compromises are greatly increasing. The report recorded 1,862 data compromises in 2021, up more than 68 percent compared to 2020. Utilities and manufacturers witnessed a 217 percent increase in data compromise in 2021 compared to the previous year. While phishing was the number one cause of data compromises, ransomware related data breaches have doubled every year for the past two years.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
