As many organizations had to fast-track remote access implementations to support a new and nearly exclusive stay-at-home workforce, it is possible security awareness reminders fell by the wayside. However, the seemingly endless digests of coronavirus-related cyber scams demonstrate the importance of maintaining a cybersecurity culture throughout the lifecycle of this pandemic and beyond.
The Canadian Centre for Cyber Security (the Cyber Centre) has published a guide containing focused cybersecurity advice during the COVID-19 pandemic. This guide, which is organized into sections of guidance for IT management, IT implementation, and client awareness, offers a curated selection of the Cyber Centre’s collection of advice and other products. For example, the IT management section highlights the Cyber Centre’s Cloud Security Risk Management guide, which outlines an integrated risk management approach to establishing cloud-based services.
Another week of coronavirus means another week of cyber activity regarding coronavirus. Today we bring you some scam highlights, key developments, and interesting research. We start off with some intriguing COVID-19 Key Developments from risk intelligence organization Flashpoint, including government responses, law enforcement actions, cybercrime activity related to coronavirus, and trends in mis/disinformation.
The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has published an Alert providing recommendations related to Microsoft Office 365 (O365) deployments, which organizations can review to ensure their environments have been properly configured to protect, detect, and respond against potential attackers. CISA adds that since many organizations have recently migrated to cloud collaboration services, such as O365, and perhaps did so speedily, they may not have fully considered the security configurations of these platforms.
With cybersecurity firm Zscaler reporting a near 30,000 percent increase in COVID-19 themed attacks since January, there is no shortage of scams to report.
The Canadian Internet Registration Authority (CIRA, the non-profit agency that managers the .ca Internet domain) and Canadian Centre for Cyber Security have teamed up to offer Canadian Shield, a free protected domain name system (DNS) service that prevents Canadians from connecting to malicious websites that might infect their devices and steal their personal information. CIRA is providing the threat blocking technology while the Canadian Centre for Cyber Security is offering its threat intelligence services – basically a who's-who list of every bad actor roaming the web.
The Israel National Cyber Directorate issued an alert on April 23, stating the agency received reports of cyber intrusion attempts at wastewater treatment plants, water pumping stations, and sewers. Details are extremely limited, but based on guidance issued to energy and water sectors to immediately report any operational disruption and change passwords with emphasis on operational systems, particularly regarding chlorine control in water supplies, the attempted attack is believed to have targeted SCADA systems.
CISA has published an advisory on exposure of sensitive information to an unauthorized actor and improper input validation vulnerabilities in LCDS LAquis SCADA. Versions 4.3.1 and prior are affected. Successful exploitation of these vulnerabilities could allow unauthorized attackers to view sensitive information and create files in arbitrary locations. LCDS recommends users update to the latest version of LAquis SCADA. CISA also recommends a series of measures to mitigate the vulnerabilities.
An SRU would not be complete these days without highlights of coronavirus-related cyber activity. Today, we bring you another COVID-19 Key Developments from risk intelligence organization Flashpoint, including government responses, law enforcement actions, cybercrime activity related to coronavirus, and trends in mis/disinformation.
April 23, 2020
CISA has updated this advisory with additional details on the affected products and mitigation measures. Read the advisory at CISA.
August 20, 2019
The NCCIC has updated this advisory with additionally information on mitigating measures. Read the advisory at CISA.
May 2, 2019
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
