As China-backed threat groups have been linked to recent attacks on telecom networks, the U.S. Treasury and other high-value targets, one issue has become increasingly clear: Good cyber hygiene could have limited damage from many of the attacks. 

Organizations have little in the way of defenses against advanced persistent threats (APTs) exploiting unknown zero-day vulnerabilities – at least until there’s an available patch – but they can make it harder for those threat actors to move laterally once inside their network. 

No incident drives that point home more than one cited by Anne Neuberger, U.S. deputy national security advisor for cyber and emerging technology, in a December 27 press briefing. 

Admin Account Had Access to 100,000 Routers 

Many of the media questions focused on China’s infiltration of U.S. telecom networks. Neuberger noted that a ninth telecom service provider has now been identified as a victim. When asked for details, she noted one startling fact about one of the breaches: 

“in one telecoms case, there was one administrator account that had access to over 100,000 routers,” Neuberger said. “So, when the Chinese compromised that account, they gained that kind of broad access across the network. That’s not meaningful cybersecurity to defend against a nation-state actor.” 

Lack of access controls gave the threat actors “broad and full access” to networks. “[W]e believe that’s why they had the capability to geolocate millions of individuals, to record phone calls at will, because they had that broad access.” 

Neuberger expressed support for an FCC effort to mandate stronger telecom network security, and said she hopes it includes network segmentation. “Even if an attacker like the Chinese government gets access to a network, they’re controlled and they’re contained,” she said. 

An FCC vote on the new telecom security rules could come on January 15. 

Other important cybersecurity practices cited by Neuberger – and included in hardening guidance from the NSA and CISA – included: 

• Improved configuration management 
• Securing the management plane 
• Better vulnerability management of networks 
• Improved information sharing on incidents and techniques 

“The Chinese, you know, were very careful about their techniques,” Neuberger said. “They erased logs. In many cases, companies were not keeping adequate logs. So, there are details likely … that we will never know regarding the scope and scale of this.” 

Treasury Hack, Ivanti Zero-Day Exploits Attributed to China 

Other recent attacks attributed to China include the U.S Treasury Department breach and an Ivanti zero-day exploit. 

The Ivanti Connect Secure, Policy Secure and ZTA Gateways vulnerabilities – CVE-2025-0282 and CVE-2025-0283 – were added to CISA’s Known Exploited Vulnerabilities catalog on January 8, and CISA also published mitigation guidance for the vulnerabilities the same day. 

In response to the growing cyber threat from China, the Biden Administration is reportedly rushing out an executive order to harden federal networks against attacks. 

Cyber Hygiene Recommendations from Cyble 

Cyber hygiene also figures prominently in Cyble’s annual threat landscape report and an accompanying podcast, which will be released next week and will be available as a free Cyble research report. 

In the podcast, Kaustubh Medhe, Cyble’s Vice President of Research and Cyber Threat Intelligence, noted that perimeter security products such as VPNs, firewalls, WAFs, and load balancers from Fortinet, Cisco, Ivanti, Palo Alto, Citrix, Ivanti, Barracuda and others are “being exploited for ransomware and data theft. 

“What’s concerning is that the patching window for enterprises continues to shrink as ransomware gangs and APT groups are quick to weaponize and exploit zero-day vulnerabilities on a mass scale months before these vulnerabilities becoming public,” Medhe said. 

He listed a number of cybersecurity lapses that commonly lead to breaches and cyberattacks: 

• Local copies of sensitive data stored on end user systems and laptops 
• Insecure file servers, network shares or cloud storage, with weak or non-existent access policies, exposed on the internet 
• Lack of secure hardening configurations on endpoints, servers and IT infrastructure 
• Lack of network segmentation, allowing lateral movement 
• Inadequate protection of API keys, access tokens and passwords in public code repositories 
• Weak or ineffective endpoint protection and anti-malware solutions, and failure to detect and prevent infostealer infections that lead to credential compromise and theft 
• Weak endpoint and network-level monitoring controls to detect and prevent high-volume data exfiltration 
• Security misconfigurations on internet-facing applications and servers and cloud infrastructure 
• Weak API security settings, inadequate authentication, lack of proper input validation, absence of rate limiting, lack of API monitoring, and weak detection controls 
• Poor security hygiene at third parties with access to sensitive data 

Conclusion 

Recent cyberattacks linked to Chinese APT groups strongly suggest that while not every cyberattack can be prevented – particularly those involving exploitation of unknown zero days – basic security practices like proper access control and permissions, network segmentation, and proper application, device and cloud configuration could go a long way toward limiting damage from attacks that do occur. 

The good news is that proper cyber hygiene often doesn’t cost anything more than the time to get it right. 

The post U.S. Telecom, Zero-Day Attacks Show Need for Cybersecurity Hygiene appeared first on Cyble.

Blog – Cyble – ​Read More

Welcome to the first edition of the Threat Source newsletter for 2025.  

Upon returning to work this week from my Lindt chocolate reindeer coma, my first task was to write this newsletter. As I stared at a blank template hoping for inspiration to suddenly strike, I did what any security professional should do at the start (and indeed any) time of year. I listened to Wendy Nather. 

Legendary Security Hall of Famer Wendy recently gave the keynote at BSides NYC and the video has just landed. The theme? “When do we get to play in easy mode?” I.e why is security still so hard? 

Wendy showed a list of the InfoSec Research Council’s “Hard Problems” list of 2005. Any of these sound familiar? 

• Global scale identity management 
• Insider threat 
• Availability of time critical systems 
• Building scalable secure systems 
• Attack attribution and situational understanding 
• Information provenance 
• Security with privacy 
• Enterprise level security metrics 

If the toughest challenges we face in 2025 are also the same challenges we were dealing with twenty years ago, what hope is there? 

Plus, if anything, security is even harder today than it was then, due to all the added complexity. Wendy also pointed out the larger ripple effect of breaches today due to supply chains, stolen credentials up for sale, and shared infrastructure. 

Jeez Hazel, way to start 2025 on a massive downer. 

However, something we can perhaps do more of this year is to go a bit easier on ourselves. Plus, if something you’ve been trying for a while isn’t working and is only leading to deeper frustrations, is it possible to come at from it a different way? 

One of Wendy’s recommendations on how to do just that uses the example of user awareness training. As she said in her keynote, it’s easy to get someone to click on a link (sorry to any bad guys reading this, but you’re not exactly carrying out rocket surgery with your phishing campaigns). 

Getting 1000 people NOT to click on a link is infinitely harder. Wendy even said that she once worked in an organization where the people who attended cybersecurity awareness training were even MORE likely to click on malicious links. The theory being that these people really wanted to help the security team, and were more than happy to respond to emails asking them to test the strength of their passwords. 

And that’s where social engineering, defender style, can come in. “People are your greatest asset, if you treat them that way.” 

I’m seeing a lot of “how to thrive in 2025!” posts right now. For anyone who isn’t ready for that, or tired of it all, I just want to say, I’m right there with you. But if you’re also feeling like it’s “new year, same problems”  perhaps there’s one thing that you can pick this year which has the potential to change that story.

Wendy’s keynote contains a bunch of insights for defenders on how to go about picking something to change or improve, from knowledge sharing, to hiring, and addressing complexity. I’m also looking forward to reading the upcoming National Academy of Science’s report on Cyber Hard Problems, of which Wendy is on the committee for. 

I’d thoroughly recommend checking out the full keynote, if only to see Wendy yielding a hammer in a moderately threatening manner.

The one big thing

Attacks in which malicious actors are deliberately installing known vulnerable drivers, only to exploit them later, is a technique referred to as Bring Your Own Vulnerable Driver (BYOVD).   

Cisco Talos recently published our research into the real-world application of the BYOVD technique. We identified three major payloads used, as well as recent activity linked to ransomware groups. 

 Why do I care?  

With the wide availability of tools exploiting vulnerable drivers, exploitation has moved from the domain of advanced threat actors into the domain of commodity threats – primarily ransomware. Malicious actors use corrupted drivers to perform a myriad of actions that help them achieve their goals, such as escalating privileges, deploying unsigned malicious code, or even terminating EDR tools. 

So now what?  

There are a few things we can do to mitigate the risks and detect potential campaigns using BYOVD technique. This could include enforcement of Extended Validation (EV) and Windows Hardware Quality Labs (WHQL) certified drivers, preventing risks associated with legacy drivers. If the blocking of all legacy drivers is not possible, employing the Windows Defender Application Control (Windows Security) drivers blocklist is recommended way to prevent the execution of known vulnerable drivers. Read more in the Talos blog. 

Top security headlines of the week   

• CISA says there is ‘no indication’ of a wider government hack beyond the treasury, following the disclosure that the department had been the target of a “major incident” in December. TechCrunch 
• FireScam Android spyware campaign fakes the Telegram Premium app and delivers information-stealing malware. Researchers say this is a prime example of the rising threat of adversaries leveraging everyday applications. Dark Reading. 
• Meduza stealer analysis: A closer look at its techniques and attack vector. Splunk Threat Research 

Can’t get enough Talos?  

• Talos Takes is now in video format! Catch up on the latest discussion, all about the major shifts and changes in ransomware since the very first iteration over 35 years ago. 

• The evolution and abuse of proxy networks – check out this piece of research by Nick Biasini and Vitor Ventura. 

Upcoming events where you can find Talos     

Cisco Live EMEA (February 9-14, 2025)  

Amsterdam, Netherlands  

Most prevalent malware files of the week

SHA 256:
9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507
MD5: 2915b3f8b703eb744fc54c81f4a9c67f

VirusTotal: https://www.virustotal.com/gui/file/9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507
Typical Filename: VID001.exe
Detection Name: Simple_Custom_Detection

SHA 256:
7b3ec2365a64d9a9b2452c22e82e6d6ce2bb6dbc06c6720951c9570a5cd46fe5  
MD5: ff1b6bb151cf9f671c929a4cbdb64d86  

VirusTotal : https://www.virustotal.com/gui/file/7b3ec2365a64d9a9b2452c22e82e6d6ce2bb6dbc06c6720951c9570a5cd46fe5
Typical Filename: endpoint.query  
Claimed Product: Endpoint-Collector  
Detection Name: W32.File.MalParent  

SHA 256: a31f222fc283227f5e7988d1ad9c0aecd66d58bb7b4d8518ae23e110308dbf91  
MD5: 7bdbd180c081fa63ca94f9c22c457376 

VirusTotal: https://www.virustotal.com/gui/file/a31f222fc283227f5e7988d1ad9c0aecd66d58bb7b4d8518ae23e110308dbf91/details%C2%A0
Typical Filename: c0dwjdi6a.dll 
Claimed Product: N/A  
Detection Name: Trojan.GenericKD.33515991 

SHA 256:47ecaab5cd6b26fe18d9759a9392bce81ba379817c53a3a468fe9060a076f8ca 
MD5: 71fea034b422e4a17ebb06022532fdde 

VirusTotal:  https://www.virustotal.com/gui/file/47ecaab5cd6b26fe18d9759a9392bce81ba379817c53a3a468fe9060a076f8ca
Typical Filename: VID001.exe
Claimed Product: N/A  
Detection Name: Coinminer:MBT.26mw.in14.Talos

SHA256:873ee789a177e59e7f82d3030896b1efdebe468c2dfa02e41ef94978aadf006f 
MD5: d86808f6e519b5ce79b83b99dfb9294d  

VirusTotal: https://www.virustotal.com/gui/file/873ee789a177e59e7f82d3030896b1efdebe468c2dfa02e41ef94978aadf006f 
Typical Filename: n/a 
Claimed Product: n/a  
Detection Name: Win32.Trojan-Stealer.Petef.FPSKK8  

Cisco Talos Blog – ​Read More

Imagine: you get up in the night for a glass of water, walk across the unlit landing, when out of the darkness a voice starts yelling at you. Not nice, you’d surely agree. But that’s the new reality for owners of vulnerable robot vacuums, which can be commanded by hackers to turn from domestic servants into foul-mouthed louts. And that’s not all: hackers can also control the robot remotely and access its live camera feed.

The danger is clear and present: recently, cases of cyberhooligans hijacking vulnerable robot vacuums to prank people (and worse) have been seen in the wild. Read on for the details…

How a robot vacuum works

Let’s start with the fact that a modern robot vacuum is a full-fledged computer on wheels, usually running on Linux. It comes with a powerful multi-core ARM processor, a solid chunk of RAM, a capacious flash drive, Wi-Fi, and Bluetooth.

Today’s robot vacuum is a full-fledged computer on wheels Source

And of course, the modern robot vacuum has sensors everywhere: infrared, lidar, motion, camera (often several of each), and some models also have microphones for voice control.

The Ecovacs DEEBOT X1 has not only a camera, but an array of microphones Source

And naturally, all modern robot vacuums are permanently online and hooked up to the vendor’s cloud infrastructure. In most cases, they communicate aplenty with this cloud — uploading piles upon piles of data collected during operation.

Vulnerabilities in Ecovacs robot vacuums and lawn mowers

The first report of vulnerabilities in Ecovacs robot vacuums and lawnmowers surfaced in August 2024, when security researchers Dennis Giese (known for hacking a Xiaomi robot vacuum) and Braelynn Luedtke gave a talk at DEF CON 32 on reverse engineering and hacking Ecovacs robots.

The Ecovacs GOAT G1 can also be equipped with GPS, LTE and a long-range Bluetooth module Source

In their talk, Giese and Luedtke described several methods for hacking Ecovacs robot vacuums and the mobile app that owners use to control them. In particular, they found that a potential hacker could access the feed from the robot’s built-in camera and microphone.

This is possible for two reasons. First, if the app is used on an insecure network, attackers can intercept the authentication token and communicate with the robot. Second, although in theory the PIN code set by the device owner secures the video feed, in practice it gets verified on the app side — so it can be bypassed.

The PIN code for securing the video feed from an Ecovacs robot vacuum is verified on the app side, which makes the mechanism extremely vulnerable Source

The researchers also managed to gain root access to the robot’s operating system. They found it was possible to send a malicious payload to the robot via Bluetooth, which in some Ecovacs models gets turned on after a scheduled reboot, while in others it’s on all the time. In theory, encryption should protect against this, but Ecovacs uses a static key that’s the same for all devices.

Armed with this knowledge, an intruder can get root privileges in the operating system of any vulnerable Ecovacs robot and hack it at a distance of up to 50 meters (~165 feet) — which is precisely what the researchers did. As for robot lawnmowers, these models are hackable at more than 100 meters (~330 feet) away, since they’ve got more powerful Bluetooth capabilities.

Add to that that, as mentioned already, today’s robot vacuums are full-fledged Linux-based computers, and you can see how attackers can use one infected robot as a means to hack others nearby. In theory, hackers can even create a network-worm to automatically infect robots anywhere in the world.

Bluetooth vulnerability in Ecovacs robots could lead to a chain of infection Source

Giese and Luedtke informed Ecovacs about the vulnerabilities they found, but received no response. The company did try to close some of the holes, say the researchers, but with little success and ignoring the most serious vulnerabilities.

How the Ecovacs robot vacuums were hacked for real

It appears that the DEF CON talk generated great interest in the hacker community — so much so that someone seems to have taken the attack a step further and deployed it on Ecovacs robot vacuums out in the real world. According to recent reports, owners in several U.S. cities had been hit by hackers and made to suffer abuse from their robot servants.

In one incident in Minnesota, an Ecovacs DEEBOT X2 started moving by itself and making strange noises. Alarmed, its owner went into the Ecovacs app and saw that someone was accessing the video feed and remote-control feature. Writing it off as a software glitch, he changed the password, rebooted the robot and sat down on the couch to watch TV with his wife and son.

But the robot kicked back into life almost straight away — this time emitting a continuous stream of racial slurs from its speakers. Not knowing what to do, the owner turned off the robot, took it into the garage and left it there. Despite this ordeal, he is grateful that the hackers made their presence so obvious. Far worse, he says, would have been if they’d simply secretly monitored his family through the robot without revealing themselves.

Hijacking a live video feed of an Ecovacs robot vacuum Source

In a similar case, this time in California, another Ecovacs DEEBOT X2 chased a dog around the house, again shouting obscenities. And a third case was reported from Texas, where, you guessed it, an Ecovacs robot vacuum went walkabout and hurled abuse at its owners.

The exact number of hacks of Ecovacs robot vacuums is unknown. One reason for this, alluded to above, is that the owners may not be aware of it: the hackers may be quietly observing their daily lives through the built-in camera.

How to guard against robot vacuum hacking?

The short answer is: you can’t. Unfortunately, there’s no universal method of protecting against robot vacuum hacking that covers all bases. For some models, in theory, there’s the option of hacking it yourself, getting root access, and unlinking the machine from the vendor’s cloud. But this is a complex and time-consuming procedure that the average owner won’t consider attempting.

A serious problem with IoT devices is that many vendors, sadly, still pay insufficient attention to security. And they often prefer to bury their heads in the sand — even declining to respond to researchers who helpfully report such issues.

To reduce the risks, try do your own research on the security practices of the vendor in question before purchasing. Some actually do a pretty good job of keeping their products safe. And, of course, always install firmware updates: new versions usually remove at least some of the vulnerabilities that hackers can exploit to gain control over your robot.

And remember that a robot connected to home Wi-Fi, if hacked, can become a launchpad for an attack on other devices connected to the same network — smartphones, computers, smart TVs, and so on. So it’s always a good idea to move IoT devices (in particular, robot vacuums) to a guest network, and install reliable protection on all devices where possible.

Kaspersky official blog – ​Read More

Overview 

The Cybersecurity and Infrastructure Security Agency (CISA) released two critical Industrial Control Systems (ICS) advisories. These advisories, ICSA-25-007-01 and ICSA-25-007-02, aim to inform users and administrators about vulnerabilities in key ICS products. The goal is to mitigate potential risks to vital infrastructure sectors by highlighting existing security weaknesses that could be exploited by cyber attackers. 

ICSA-25-007-01: ABB ASPECT-Enterprise, NEXUS, and MATRIX Series Products 

The first advisory, ICSA-25-007-01, addresses multiple vulnerabilities within ABB’s ASPECT-Enterprise, NEXUS, and MATRIX series products. ABB, a leading provider of industrial automation and control systems, has reported numerous security flaws that could severely impact system integrity. These vulnerabilities range from weak passwords to critical code injection weaknesses, and they pose a significant risk to critical manufacturing sectors. 

Key Vulnerabilities 

Several vulnerabilities have been identified within ABB’s products, which include: 

• Files or Directories Accessible to External Parties (CVE-2024-6209) 

• Improper Validation of Specified Type of Input (CVE-2024-6298) 

• Cleartext Transmission of Sensitive Information (CVE-2024-6515) 

• Cross-site Scripting (XSS) (CVE-2024-6516) 

• Server-Side Request Forgery (SSRF) (CVE-2024-6784) 

• Code Injection (CVE-2024-48839) 

• Weak Password Requirements (CVE-2024-48845) 

• Unrestricted Upload of Dangerous Files (CVE-2024-51548) 

The most severe vulnerabilities carry a CVSS v3 score of 10.0, indicating they are highly exploitable and could lead to remote code execution, unauthorized access, or denial of service (DoS). These vulnerabilities were present across multiple versions of ABB products, including ASPECT-Enterprise (ASP-ENT-x), NEXUS Series (NEX-2x), and MATRIX Series (MAT-x), with affected versions prior to 3.08.02. 

Affected Products 

The following products are affected by these vulnerabilities: 

• ABB ASPECT-Enterprise (ASP-ENT-x <= 3.08.02) 

• ABB NEXUS Series (NEX-2x, NEXUS-3-x) 

• ABB MATRIX Series (MAT-x) 

These products are deployed worldwide and are critical to operations in sectors like critical manufacturing. The vulnerabilities affect systems in both industrial and commercial environments, making them high-priority targets for cybersecurity professionals. 

Mitigations 

ABB has recommended users upgrade their systems to version 3.08.02 or later, which resolves many of these issues. Additionally, users are urged to apply security patches and adopt stronger password policies to mitigate the risk of unauthorized access. 

CISA’s advisory highlights that these vulnerabilities could be exploited remotely, with low complexity and without requiring direct access to the devices. Exploits could allow attackers to execute arbitrary code, gain unauthorized access to sensitive data, or disrupt operations. Thus, the ICSA-25-007-01 advisory serves as a critical call to action for administrators to update their systems and implement security best practices immediately. 

ICSA-25-007-02: Nedap Librix Ecoreader 

The second advisory, ICSA-25-007-02, addresses vulnerabilities in the Nedap Librix Ecoreader. Nedap is a well-known provider of RFID solutions, and the Ecoreader is used in access control and inventory management. The advisory highlights several flaws in the system that could expose sensitive data and allow attackers to manipulate access controls. 

While the ICSA-25-007-02 advisory lacks the extensive list of vulnerabilities that appear in the ABB advisory, it still outlines critical risks, particularly in environments where physical security and data integrity are paramount. 

Conclusion  

The release of CISA’s ICS advisories, ICSA-25-007-01 and ICSA-25-007-02, highlights the critical need for prompt action to secure industrial control systems against emerging cyber threats. These advisories identify vulnerabilities in ABB’s and Nedap’s products that could compromise ICS integrity, leading to operational disruptions and data breaches.  

With cyberattacks on infrastructure becoming more sophisticated, organizations must prioritize security updates and proactive measures. Cybersecurity experts like Cyble can help organizations better defend against cyber threats, ensuring the protection of critical infrastructure and operations. 

References:

• https://www.cisa.gov/news-events/alerts/2025/01/07/cisa-releases-two-industrial-control-systems-advisories
• https://www.cisa.gov/news-events/ics-advisories/icsa-25-007-01
• https://www.cisa.gov/news-events/ics-advisories/icsa-25-007-02

The post CISA Releases Two New Industrial Control Systems Advisories for 2025 appeared first on Cyble.

Blog – Cyble – ​Read More

Overview 

The water sector is experiencing a rise in cyber threats, with critical infrastructure, including both IT and operational technology (OT) systems, becoming primary targets for malicious actors. These attacks, which exploit vulnerabilities in internet-facing OT systems and industrial control systems (ICS), pose cybersecurity risks to public health, business continuity, and national security.  

MyCERT, the Malaysian Computer Emergency Response Team, has issued MA-1228.012025, an advisory aimed at raising awareness of cybersecurity risks in the water sector and providing recommendations to mitigation stratergies. While there have been no cyber incidents reported in Malaysia’s water systems, the MyCERT advisory stresses the importance of vigilance and proactive defense strategies. 

MyCERT Advisory Highlights the Growing Cybersecurity Threat to Water Systems 

Water systems control essential services such as pumping stations, chlorination processes, and valves, all of which are critical to public health and safety. However, older systems with outdated software and weak security measures are increasingly susceptible to cyber-attacks. Many of these attacks exploit simple security weaknesses, such as default passwords and unprotected access points, enabling attackers to gain unauthorized access to sensitive systems. 

Cyberattacks targeting water systems can take many forms, from ransomware attacks demanding payment to prevent data exposure, to more insidious breaches targeting programmable logic controllers (PLCs) and other ICS devices. While large utilities have strengthened their defenses, smaller systems remain especially vulnerable. 

The recent cyber incident in October 2024, involving American Water in New Jersey, is one of such examples of these attacks. Although the attack did not result in operational disruptions at American Water’s facilities, it stresses the importance of cybersecurity vulnerabilities in the sector. The attack primarily affected computer networks and administrative systems, underlining the necessity for water utilities worldwide, including those in Malaysia, to enhance their security measures. 

Potential Impacts of Cyberattacks on Water Systems 

Cybersecurity incidents in the water sector can have a wide range of destructive consequences, both direct and indirect. Among the most concerning impacts are: 

• Cyberattacks can interfere with the normal functioning of water systems, leading to delays in water treatment, pumping, and distribution processes. 
• If attackers gain control of critical water system functions, they could contaminate drinking water or improperly manage chemicals, posing serious risks to public health. 
• Industries relying on water, such as agriculture and manufacturing, could face operational shutdowns, leading to economic losses. 
• Attackers who gain access to sensitive water system data could compromise confidential information, resulting in reputational damage and erosion of public trust. 
• These attacks exploit vulnerabilities in water systems to hold sensitive data hostage. If ransoms are not paid, attackers may leak confidential data, including trade secrets and personal information, leading to further harm. 
• Recovering from a cyberattack often involves substantial costs, including expenses for system restoration, legal fees, and potential fines for data breaches. 

MyCERT Advisory for Securing Water Systems 

To mitigate the cybersecurity risks facing water systems, MyCERT has outlined a series of best practices aimed at improving resilience and reducing the likelihood of successful attacks. Water system administrators are encouraged to follow these guidelines to protect critical assets: 

1. Immediately replace default passwords with strong, unique passwords. This is one of the most basic yet effective steps to secure systems. 
2. Minimize the number of critical systems exposed to the public internet, thereby reducing the attack surface for potential threats. 
3. Ensure that user accounts have access only to the data and systems necessary for their role. This can limit the damage caused by compromised accounts. 
4. MFA provides an added layer of security by requiring additional verification steps before granting access to critical systems. 
5. Apply network segmentation in water treatment facilities to isolate key systems from non-essential systems, preventing widespread damage in the event of an attack. 
6. Ensure that all systems, both OT and IT, are updated with the latest security patches and antivirus definitions. This is crucial to defending against known vulnerabilities. 
7. Perform daily backups of both OT and IT systems and store backup copies in remote locations. Regularly test backup processes to ensure they function correctly during a disaster recovery scenario. 
8. Provide annual cybersecurity training for all staff members, ensuring they understand the latest threats and how to avoid common pitfalls like phishing or clicking on malicious links. 
9. Regularly update disaster recovery and business continuity plans to account for emerging threats and vulnerabilities. Ensure these plans are well-practiced in the event of an actual breach. 

Conclusion  

The MyCERT advisory emphasizes the need to strengthen cybersecurity in Malaysia’s water systems, which are crucial for public health and the economy. As these systems become more digital and interconnected with sectors like agriculture and manufacturing, their exposure to cyber risks grows. 

By adopting best practices like updating passwords, using multi-factor authentication, and applying security patches, water utilities can improve defenses against cyber threats. MyCERT encourages staying updated on cybersecurity developments and conducting regular assessments. While Malaysia has not faced major cyber incidents in water systems, the rising threats require vigilance. Platforms like Cyble, with AI-driven threat intelligence, help protect these vital infrastructures. 

References 

• https://www.mycert.org.my/portal/advisory?id=MA-1228.012025 

The post MyCERT Advisory Recommends Cybersecurity Practices for Water Systems appeared first on Cyble.

Blog – Cyble – ​Read More