Cybersecurity

REGISTRATION NOW OPEN FOR H2OSecCon 2023!

WaterISAC is excited to announce that registration for this year’s H2OSecCon - Surging Toward Safety & Security event is now open. This virtual conference on IT and OT cybersecurity, physical security, and resilience is being hosted over two days October 19 - 20. Each day will begin at 10 AM ET and feature water utility and security experts sharing their experiences and best practices across 14 different sessions and panels on two tracks.

Topics will cover items including:

Read more about REGISTRATION NOW OPEN FOR H2OSecCon 2023!

Supplemental Cyber Highlights – August 15, 2023

The following posts are useful for general awareness of current threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.

ICS/OT/SCADA Vulnerabilities & Threats

Read more about Supplemental Cyber Highlights – August 15, 2023

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – August 15, 2023

The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:

ICS Vulnerability Advisories:

CISA Releases Two Industrial Control Systems Advisories

Products are used across multiple sectors, please check these latest advisories for specific equipment used across your ICS environments and address accordingly.

Read more about CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – August 15, 2023

Security Awareness – The Potential Risks of AI-Powered Cybercrime

Talos has written a blog discussing the potential risks that will arise as threat actors begin to experiment with AI-powered capabilities. While the practical deployment of AI is still in its infancy, there are some predicted areas of concern.

Read more about Security Awareness – The Potential Risks of AI-Powered Cybercrime

Threat Awareness – Complex Social Engineering Attack Uses Phone Pressure to Get Victims to Click

Sophos has written a blog describing its investigation into a social engineering-based attack chain that used a unique approach to get the victim to click on a malicious payload. This peer-pressure based tactic allowed the attackers to infect the network, despite the victim quickly detecting it.

Read more about Threat Awareness – Complex Social Engineering Attack Uses Phone Pressure to Get Victims to Click

Don’t Delay! – MITRE’s NO-COST Research Proposal for Water and Wastewater Cyber Resilience

As originally heard during WaterISAC’s July Cyber Threat Briefing, MITRE is extending an offer to 5 water or wastewater utilities to participate in its NO-COST research project that will aid in gaining valuable insights into your OT environment. Don’t delay! MITRE is looking to finalize the participants before the end of August.

The goal of this project is to:

Read more about Don’t Delay! – MITRE’s NO-COST Research Proposal for Water and Wastewater Cyber Resilience

Supplemental Cyber Highlights – August 10, 2023

ICS/OT/SCADA Vulnerabilities & Threats

Read more about Supplemental Cyber Highlights – August 10, 2023

Security Awareness – A Must Read if your Utility Uses Email and Pays Invoices: BEC with a New Twist

by Jennifer Lyn Walker

Read more about Security Awareness – A Must Read if your Utility Uses Email and Pays Invoices: BEC with a New Twist

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – August 10, 2023

The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:

ICS Vulnerability Advisories:

CISA Releases Twelve Industrial Control Systems Advisories

Read more about CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – August 10, 2023

Threat Trend Awareness – CrowdStrike 2023 Threat Hunting Report: Attackers Preferring Interactive Hands-on-Keyboard Intrusions

CrowdStrike released its 2023 Threat Hunting Report, with a key takeaway being that the average time between attackers gaining an initial foothold on a victim’s network and compromising additional devices is 79 minutes, down from 84 minutes in 2022.

Read more about Threat Trend Awareness – CrowdStrike 2023 Threat Hunting Report: Attackers Preferring Interactive Hands-on-Keyboard Intrusions

You are here

Cybersecurity

REGISTRATION NOW OPEN FOR H2OSecCon 2023!

Supplemental Cyber Highlights – August 15, 2023

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – August 15, 2023

Security Awareness – The Potential Risks of AI-Powered Cybercrime

Threat Awareness – Complex Social Engineering Attack Uses Phone Pressure to Get Victims to Click

Don’t Delay! – MITRE’s NO-COST Research Proposal for Water and Wastewater Cyber Resilience

Supplemental Cyber Highlights – August 10, 2023

Security Awareness – A Must Read if your Utility Uses Email and Pays Invoices: BEC with a New Twist

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – August 10, 2023

Threat Trend Awareness – CrowdStrike 2023 Threat Hunting Report: Attackers Preferring Interactive Hands-on-Keyboard Intrusions

Pages

You are here

Cybersecurity

Pages

Footer Email Signup