Overall malware detections have decreased from their record high in the first half of 2021, but there was an increase in encrypted malware and threats targeting Chrome and Microsoft Office, according to WatchGuard Threat Lab’s latest report.
Yesterday, the cybersecurity company Sophos released a new report, The State of Ransomware in State and Local Government 2022, which provides insights into ransomware attack trends, costs and recovery, and ransom payouts in state and local government organizations over the last year. To conduct the report, Sophos polled 5,600 IT professionals in mid-sized organizations across 31 countries, including 199 respondents from the state and local government sector. The study found that ransomware attacks against state and local governments are significantly increasing.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
by Jennifer Lyn Walker
The risk posed by insider threats is increasing. Organizations routinely fall victim to cyber attacks due to both intentional and unintentional insider threats. There are two broad categories of insider threats: the malicious insider and the unwitting asset. Malicious insiders can be motivated by financial or political factors or be driven by personal grievances against an employer. They also may be a disgruntled former employee. While malicious insiders have negative intentions, unwitting assets are also a concern.
Threat actors have been observed compromising vulnerable Microsoft SQL servers and infecting them with FARGO ransomware. Disrupting database servers can lead to significant disruption of business operations. They are often compromised via brute force, dictionary attacks, or by exploiting unpatched vulnerabilities. According to security researchers at AhnLab, this attack chain involves downloading a .Net file and PowerShell, followed by the execution of a BAT file, which eventually leads to the deployment of the FARGO ransomware and a ransom note on a victim’s device.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Last week, researchers began noticing at least one ransomware group attempting to “up” the data extortion game. Researchers at Cyderes and Stairwell observed a BlackCat/ALPHV sample attempting to corrupt files within the victim’s environment rather than encrypting them and then staging the files for destruction. The data destruction functionality is being linked to Exmatter, a tool that has previously been associated with BlackMatter.
The U.K.’s National Cyber Security Center (NCSC) recently published guidance highlighting how organizations can strengthen access and identity management security by implementing additional authentication methods beyond just using passwords.
Credential stuffing attacks became so pervasive in the first quarter of 2022, that the malicious traffic surpassed that of legitimate login attempts from normal users in some countries, according to security researchers at Okta.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
