While the threat landscape is varied, the current ransomware scourge dominates the headlines and attack disclosures. From major gas and oil pipelines, food/meat processors, hospitals, schools, and countless city and municipal government entities – to include more than a few water and wastewater sector utilities – ransomware not only elevates the very real and present danger of cyber threats, but has been deemed a national security threat.
Today the U.K.’s National Cyber Security Centre (NCSC) announced it had migrated all of its device-related content to a new format intended to make it easier to configure the security of this equipment. As the NCSC notes, the format is intended to avoid confusion about the kinds of devices being referred to, clarifying that it’s a “one stop shop for device security.” The NCSC adds that some of the specialized content in the guidance includes information on purchasing devices and using obsolete products, adding that it’s working on more specialized content for the overarching guidance.
Microsoft has detected recent limited activity emanating from the threat tracked as Nobelium which was originally responsible for the compromise of SolarWinds Orion in December. According to Microsoft, this recent activity was targeted at specific customers, primarily IT companies (57%), followed by government (20%). Microsoft is contacting all customers that were compromised or targeted through its nation-state notification process.
Proofpoint BEC Taxonomy Series: Lures and Tasks (Part 5)
As part of the FBI’s Tech Tuesday series, the Phoenix, Arizona office has published an article warning of phishing and spoofing scams by criminal actors and actions to take to help prevent becoming a victim. It notes that phishing scams reported the most victims nationally in 2020, with more than 240,000 victims reporting about $50 million in losses. Meanwhile, spoofing scams saw significantly less victims, about 28,000, but victims reported a much higher money loss of more than $215 million.
So much from MITRE, so little time!! The NSA has announced plans to fund the development of a new MITRE project called D3FEND. The goal of D3FEND is to provide a knowledge base of defensive countermeasures and their relationships to offensive/adversary techniques. D3FEND has a similar look and feel, and is a complement to the MITRE ATT&CK® Framework knowledgebase of cyber adversary behavior.
With much focus on ransomware in recent weeks, it seems prudent to continue including some of the more notable developments for awareness. Today’s roundup includes threats, incidents, musings, and recent response guidance resources.
Threats
With all of the attention on ransomware lately, we can’t forget about phishing. Given the propensity for phishing to be the leading attack vector resulting in compromises – including ransomware – organizations need to continuously review their defense in depth strategies to combat phishing. Perry Carpenter, Chief Evangelist and Strategy Officer at KnowBe4, reviews three key elements of a good phishing defense approach that includes: policies, procedures and documentation; technical defenses; and security awareness training.
From ransomware attacks to analysis of threats, we have more notables on ransomware activity plaguing the threat landscape. Understanding the behaviors and traits of ransomware groups helps us improve our defenses and not be sitting ducks.
Last week the Senate confirmed Chris Inglis as the first-ever national cyber director, a role in which he is tasked with coordinating the government’s response to major cybersecurity incidents and threats. He will also coordinate cooperation between the government and the private sector on critical cybersecurity issues. Inglis will be expected to work closely with the National Security Council, as well as the Cybersecurity and Infrastructure Security Agency. Inglis spent nearly three decades at the NSA.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
