The Conti ransomware group is employing new techniques to cripple a victim’s backup software, according to a recent report from the cyber-risk prevention company Advanced Intelligence. The Conti ransomware gang has earned its spot as one of the more prolific ransomware groups for many of its advanced tactics, techniques, and procedures (TTPs), especially its propensity to destroy backups.
A prior post, ICS Preparedness/Resilience – More on Following NERC Guidance, Even Though it’s Not Required, discussed the benefits for water and wastewater utilities to voluntarily follow NERC CIP, especially given the cross-sector dependencies.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Alerts, Updates, and Bulletins:
We often train users about email-based phishing and common signs of an impersonated or fraudulent email address.
The COVID-19 pandemic and the resultant mass movement to remote work significantly accelerated the development toward a more distributed and fragmented network infrastructure. This paradigm reinforced the need to implement stricter security controls around user and device access.
Attention: Members who use VMware vCenter Server within their environments are encouraged to review available advisories, address accordingly, and apply the necessary updates for impacted systems. Active scanning has been specifically observed for CVE-2021-22005. On September 21, 2021, CISA posted current activity report, VMware Releases Security Updates.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Alerts, Updates, and Bulletins:
On Tuesday, Microsoft’s security researchers published a report detailing a massive phishing-as-a-service campaign known as BulletProofLink. Phishing-as-a-Service offerings, or phishing kits, arm even the most novice threat actors with sophisticated platforms to launch widespread phishing campaigns with little more than a computer and a few hundred dollars. Researchers at Microsoft discovered this operation while investigating a separate phishing operation.
Approximately 100,000 Windows users worldwide have had their credentials leaked due to a flaw in the Microsoft Exchange Autodiscover feature. The Autodiscover feature is used by Microsoft Exchange to automatically configure a user’s email client with their organization’s predefined mail settings. After a user enters their credentials into an email client, the program attempts to authenticate to multiple Exchange Autodiscover URLs. It’s during this process that clear-text credentials could be routed to third-party untrusted websites to be collected.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
