The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) released its Analysis of FY21 Risk and Vulnerability Assessments along with an infographic mapping to the MITRE ATT&CK® Framework of 112 Risk and Vulnerability Assessments (RVAs) conducted in Fiscal Year 2021.
The infamous Emotet malware was the most common type of malware observed in the first quarter of 2022, according to analytics from the HP Wolf Security threat research team. The researchers found a 28-fold increase in detections resulting from Emotet malicious spam campaigns compared to the fourth quarter of 2021. Emotet represents 9 percent of all malware analyzed by the researchers. The Cybersecurity and Infrastructure Security Agency (CISA) described Emotet as one of the most destructive and costly malware to remediate.
Attention: Members using impacted F5 BIG-IP products are strongly encouraged to pass this information along to IT support personnel and/or third party service providers to be promptly addressed.
Just as businesses depend on email for work, threat actors count on it for conducting malicious activity. According to Cofense, the three most prevalent types of attacks against email systems in 2021 were credential phishing, business email compromise (BEC), and malware delivery. Specifically, the data revealed that 70 percent of all email attacks were credential phishing.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Alerts, Updates, and Bulletins:
From known and routinely exploited vulnerabilities to routinely exploited controls and practices, cyber threat actors often stick with what works and take the path of least resistance. While there are sophisticated threat groups that research vulnerabilities and develop new exploits and attack behaviors, many repeatedly use the same tactics over and over. Essentially, bad guys keep using the same methods, because the same methods keep working when organizations are slow to bolster their cybersecurity postures with recommended practices such as patching and credential hardening efforts.
The FBI has published a TLP:WHITE FLASH warning that cyber actors are scraping credit card data from U.S. business’ online checkout page and maintaining persistence on victims’ devices by injecting malicious php code. The FLASH indicates that since January of this year, unknown threat actors have stolen credit card data from an online U.S. business and sent the scraped data to an adversary-controlled server that spoofed a legitimate card processing server.
Insider threats are becoming a greater challenge for companies to deal with and yet many companies still do not have established programs for monitoring and responding to potential insider threats. According to the cybersecurity firm Tessian, insider threat incidents increased by 47 percent between 2018 and 2020 and insiders are responsible for around 22 percent of all security incidents. Therefore, as the threat grows, companies can help mitigate against potential incidents by establishing insider threat programs.
To stay ahead of ransomware, organizations benefit by detecting other malicious activities that often precede the final deployment of a ransomware attack. More often than not, adversaries spend weeks to months on victims’ networks before the actual ransomware encryption code is executed. Therefore, when organizations prioritize proactive detection of malicious behaviors, the chance of succumbing to a ransomware attack will likely decrease.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
