Yesterday, cybersecurity firm Censys shared live search queries showing hundreds of potentially exposed Versa Director servers (CVE-2024-39717) presenting an open attack surface for threat actors.
Analyst comment (Jennifer Lyn Walker): It’s unclear if KnowBe4 has any empirical data at all or is just rehashing widely available reporting and making assumptions or quoting statistics from other’s research – it seems more like the latter. However, what KnowBe4 typically does well is provide resources to help organizations improve cyber resilience. The report does mention a couple of old incidents that impacted the water and wastewater sector. We are providing this report simply for awareness.
CISA, the FBI, and the Department of Defense Cyber Crime Center (DC3) have issued a joint Cybersecurity Advisory: “Iran-based Cyber Actors Enabling Ransomware Attacks on U.S. Organizations.” The advisory aims to alert network defenders about ongoing threats from a group of Iran-based cyber actors known to the private sector as Pioneer Kitten, Parisite, Rubidium, and Lemon Sandstorm. As late as August 2024, this group has been targeting U.S.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS security advisories, along with additional alerts, updates, and bulletins:
ICS Advisories:
The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure Vulnerabilities, Threats & Incidents
Barracuda Networks recently conducted research analyzing 200 reported incidents from August 2023 to July 2024. The findings involved 37 countries, 36 different ransomware groups, and included incidents in all industry sectors including financial services, infrastructure, education, municipalities, healthcare and more. Barracuda research highlights the most prevalent ransomware groups, ransomware-as-a-service (RaaS) models, targeted industries, and certain leading indicators of an unfolding ransomware attack.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS security advisories, along with additional alerts, updates, and bulletins:
ICS Advisories:
Additional Alerts, Updates, and Bulletins:
In a recent blog post, CISA Associate Director for the JCDC, Clayton Romans highlights the progress and achievements of the JCDC over the past three years, specifically in creating collaborative relationships between government and the private sector. Romans emphasizes the importance of teamwork and shared expertise in enhancing cybersecurity measures, developing coordinated defense strategies, and responding effectively to emerging threats and technologies.
As the demand for security, transparency, and accountability rises, water and wastewater sector organizations are noticing the need to turn to managed service providers (MSPs) for their IT infrastructure management and data security needs. While less resourced utilities often consider utilizing MSPs, there are several nuances to consider that each organization may wish to consider regardless of scope or size. That said, WaterISAC is sharing information regarding MSP, the different types, and what to consider when choosing one.
Yesterday, the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), CISA, FBI, NSA, and international partners released a joint guide titled “Best Practices for Event Logging and Threat Detection.” The guide is designed to assist organizations in defining a baseline for event logging to mitigate malicious cyber threats.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
