With countless utilities having implemented teleworking for much of their non-critical roles during the COVID-19 situation, it is likely that many did not have policies, procedures, or even infrastructure or devices in place to support a remote workforce. As such, many staff were probably sent home with little knowledge or resources on how to perform their jobs securely from remote locations and/or personal devices.
While most of the nation is working and learning remotely (hopefully at home) to stop the spread of COVID-19, it is up to critical infrastructure owners and operators to keep the water running, toilets flushing, heat and lights on, and the shelves stocked with critical supplies. While many utilities are finding the proper balance between social distancing and maintaining operations, cyber threat actors across all categories have stepped up their campaigns in hopes to capitalize on the numerous distractions and our eagerness for greater situational awareness during this time.
CISA has published an advisory on relative path traversal, incorrect default permissions, inadequate encryption strength, insecure storage of sensitive information, and stack-based buffer overflow vulnerabilities in VISAM Automation Base (VBASE). VBASE Editor, version 11.5.0.2 and VBASE Web-Remote Module are affected.
CISA has published an advisory on path traversal and missing authentication for critical function vulnerabilities in Schneider Electric IGSS SCADA software. Versions 14 and prior using the service IGSSupdate are affected. Successful exploitation of these vulnerabilities could result in unauthorized access to sensitive data and functions. Schneider Electric has provided IGSS14 Version 14.0.0.20009 to address these vulnerabilities. CISA also recommends a series of measures to mitigate the vulnerabilities.
Microsoft has released a security advisory to address remote code execution vulnerabilities in Adobe Type Manager Library affecting all currently supported versions of Windows and Windows Server operating systems. A remote attacker can exploit these vulnerabilities to take control of an affected system. Microsoft is aware of limited, targeted attacks exploiting these vulnerabilities in the wild.
Part Five: MITRE ATT&CK for ICS – Practical Applications for Device Restart/Shutdown
CISA has published an advisory on a cross-site scripting vulnerability in Systech NDS-5000 Terminal Server. NDS/5008 (8 Port, RJ45), firmware Version 02D.30 is affected. Successful exploitation of this vulnerability could allow information disclosure, limit system availability, and may allow remote code execution. Systech released firmware Version 02F.6 that eliminates this vulnerability. CISA also recommends a series of measures to mitigate the vulnerabilities. Read the advisory at CISA.
In a blog, the National Institute for Standards and Technology (NIST) offers some tips for holding a secure virtual meeting, something many organizations are likely interested in right now given increased implementation of telework options amid COVID-19 concerns. Some of the tips include limiting reuse of codes, especially if you’ve used the same one for a while; enabling notifications when attendees join by playing a tone or announcing names; and using a dashboard to monitor attendees (if available), among other advice.
The FBI’s Portland, Oregon office has published an advisory discussing best practices for mobile apps, such as those used for messaging, banking, gaming, and more. Some of these apps might have legitimate work functions and been vetted by an organization for use. In workplaces where employees are allowed to connect their personal devices to business networks, other apps are likely being accessed. If these other apps have vulnerabilities, that constitutes a vulnerability for the network.
Malware authors are really good at modifying malware code to evade detection by antivirus and other security products, including artificial intelligence and machine learning security engines. They also predictably incorporate trending news for their lures. So it comes as no surprise that miscreants are currently using coronavirus-themed news to bypass detection technologies. Specifically, BleepingComputer recently observed Emotet and TrickBot samples using strings from actual CNN news stories in their malware files.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
