top of page
Search

Critical Infrastructure Under Threat: Essential Action Steps for Securing Critical Infrastructure and Operational Resilience

  • Writer: InfraGard NCR
    InfraGard NCR
  • Mar 23, 2025
  • 10 min read

In an era where our critical infrastructure faces unprecedented threats, decisive action is imperative. We must prioritize robust cybersecurity measures and fortify our operational resilience to safeguard essential services and protect our communities. Together, we can rise to the challenge and secure a safer future for all.


Recent intelligence from CISA and the FBI reveals an alarming surge in sophisticated cyber threats targeting critical infrastructure sectors. From business email compromise schemes diverting millions from construction projects to ransomware attacks paralyzing healthcare systems, the threat landscape has never been more complex or consequential. This analysis provides actionable intelligence and specific defensive measures to protect your organization's assets, operations, and reputation.


Critical Infrastructure Under Siege: Urgent Action Items for Cybersecurity and Operational Resilience




Hand holding a white device with icons like Settings and Payment options. Finger points at Solo Printer. Laptop in the blurred background while securing critical infrastructure


Business Email Compromise: A $2.9 Billion Threat to Construction and Supply Chains

The FBI has identified a coordinated Business Email Compromise (BEC) campaign specifically targeting construction companies and their business partners. This attack vector has become increasingly problematic, with BEC schemes causing $2.9 billion in losses during 2023 alone, making it the second most costly cyberattack method20.

The construction industry is particularly vulnerable due to its high-value transactions and complex stakeholder networks. Attackers follow a consistent pattern:

  1. Research projects to identify suitable targets and associated companies

  2. Register domains deceptively similar to legitimate construction companies (e.g., FamousConstruction.com spoofed as FamousContractors.com)

  3. Send carefully crafted emails requesting Automated Clearing House or Direct Deposit detail changes

  4. Divert payments to fraudulent accounts controlled by the threat actors1

Losses from these attacks range from five figures to over one million dollars per incident. What's particularly concerning is that these fraudulent transfers may continue for extended periods before detection, as audit cycles often lag behind payment schedules1.


Actionable Steps to Prevent BEC Attacks and Securing Critical Infrastructure

  1. Implement strict verification protocols for payment changes

    • Mandate secondary channel verification for all payment information changes (call a known contact number rather than relying solely on email)

    • Flag any "urgent" requests for payment changes as potentially suspicious1

    • Establish multi-person approval workflows for financial transactions over specific thresholds17

  2. Strengthen technical controls

    • Deploy multi-factor authentication (MFA) for all email accounts, especially those with financial authority17

    • Implement email authentication protocols (SPF, DKIM, DMARC) to prevent domain spoofing.

    • Configure email filters to flag messages from similar-but-not-identical domains17

  3. Conduct regular security awareness training.

    • Train employees to scrutinize email addresses (using CTRL+F to check exact matches against known contacts)1

    • Teach staff to question unexpected payment change requests, especially those that bypass normal processes1.

    • Simulate BEC attacks to test employee responses and reinforce training17

  4. Monitor and respond

    • Implement automated systems to monitor for irregular payment patterns or new recipients.

    • Establish a swift incident response plan for potential BEC incidents17

    • Conduct regular assessments of payment verification procedures


Business Value of BEC Prevention

Implementing these measures delivers a substantial return on investment. With the average BEC attack costing $125,000 and the average breach remediation approaching $5 million20, prevention is significantly more cost-effective than recovery. Additionally, protecting payment systems maintains operational continuity. It preserves relationships with vendors and clients—a critical consideration when the BFSI sector (23% of BEC targets) and healthcare (fastest growing at 24.03% CAGR) are frequently in construction companies' client portfolios21.


Biosecurity Risks: Protecting Biological Materials and Intellectual Property

A concerning trend involving visiting foreign researchers removing biological materials from university and private sector laboratories has emerged. This activity creates dual risks: loss of intellectual property and potential biosecurity incidents affecting public health[appendix].

Approximately 1,500 state-owned and commercial culture collections worldwide maintain, exchange, and sell samples of microbes and toxins. About one-third of collections outside the United States potentially house dangerous pathogens without adequate security controls8. This vulnerability extends to research facilities where visiting scientists can access valuable biological materials.


Actionable Steps to Enhance Biosecurity

  1. Implement a layered physical security approach

    • Establish perimeter controls with electronic access points

    • Secure building entrances with electronic access control

    • Add additional access restrictions to laboratory spaces

    • Lock biological agent storage units (freezers) and sensitive areas12

    • Install video surveillance in key locations

  2. Establish robust material accountability systems

    • Maintain detailed inventories of biological materials

    • Document all material transfers with proper verification

    • Implement secure tracking systems for biological samples

    • Require dual authorization for access to high-risk materials8.

  3. Strengthen personnel controls

    • Conduct background investigations for all staff working with biological materials.

    • Implement periodic reinvestigation for personnel with access to secure areas.

    • Verify references and credentials for visiting researchers

    • Establish clear protocols for visitor supervision and material handling8.

  4. Integrate cyberbiosecurity practices

    • Secure cyber and cyber-physical systems in laboratories

    • Protect building automation systems that control ventilation, pressurization, and containment

    • Implement cybersecurity measures for laboratory equipment and data systems11

    • Establish access controls for digital research information



Business Value of Biosecurity Measures

Implementing these biosecurity measures delivers multiple benefits beyond regulatory compliance. Protecting biological materials safeguards intellectual property and research investments, often representing millions in R&D expenditure. Preventing unauthorized access to pathogens also mitigates potential liability from biological incidents, which could result in significant financial damages, regulatory penalties, and reputational harm[appendix]. Additionally, strong biosecurity protocols enhance your organization's ability to participate in high-value research partnerships and grants that require stringent material protection standards.


Medusa Ransomware: A Growing Threat to Critical Infrastructure

The FBI, CISA, and MS-ISAC have issued a joint advisory on Medusa ransomware, a sophisticated ransomware-as-a-service (RaaS) variant that has impacted over 300 victims across critical infrastructure sectors since its emergence in June 20214.

Medusa's impact varies by sector but is uniformly devastating:

  • Healthcare facilities face delays in patient care as systems become locked, potentially risking lives

  • Educational institutions lose access to essential records and learning platforms

  • Manufacturing operations experience production halts, leading to supply chain disruptions

  • Technology companies suffer breaches that expose sensitive intellectual property15

The frequency of Medusa attacks has increased by 42% since 2023, reflecting its growing sophistication and adaptability15. The ransomware employs a double-extortion model, encrypting data and threatening to leak stolen information if demands aren't met[appendix].


Medusa's Attack Methods

Medusa gains initial access through multiple vectors:

  1. Vulnerability exploitation, focusing on:

    • Microsoft Exchange Server (ProxyShell, CVE-2021-34473)

    • ScreenConnect Authentication Bypass (CVE-2024-1709)

    • Fortinet EMS SQL Injection (CVE-2023-48788)3

  2. Compromised remote services:

    • Using stolen RDP credentials often purchased from Initial Access Brokers (IABs)

    • Exploiting poorly secured VPN connections3.

  3. Phishing campaigns:

    • Spear-phishing emails to steal credentials or deploy malware3

Once inside, attackers move laterally using legitimate tools such as AnyDesk, ConnectWise, and Splashtop, making detection challenging[appendix].


Actionable Steps to Mitigate Medusa Ransomware Risk

  1. Implement robust vulnerability management.

    • Patch critical vulnerabilities promptly, especially those exploited by Medusa.

    • Deploy comprehensive vulnerability scanning tools

    • Prioritize CVE-2024-1709, CVE-2023-48788, and CVE-2021-344733

  2. Strengthen network security

    • Segment networks to prevent lateral movement

    • Implement strict access controls based on least privilege principles

    • Monitor and block suspicious east-west traffic

    • Filter network traffic from untrusted sources4.

  3. Enhance endpoint protection

    • Deploy Endpoint Detection and Response (EDR) solutions

    • Utilize application allow listing to prevent unauthorized programs from executing

    • Monitor for suspicious PowerShell and WMI activity

    • Disable unnecessary command-line capabilities16

  4. Establish comprehensive backup protocols

    • Maintain regular, offline backups of critical data

    • Test backup restoration processes regularly

    • Implement the 3-2-1 backup strategy (three copies, two different media types, one off-site)16

    • Ensure backups are encrypted and immutable

  5. Strengthen email security

    • Implement robust email filtering to detect phishing attempts

    • Train employees to recognize social engineering tactics

    • Block executable attachments and potentially dangerous file types16


Business Value of Ransomware Mitigation

The financial incentive for implementing these measures is compelling. The average ransomware recovery cost soared 500% to $2.73 million in 2024[appendix], far exceeding the investment required for preventive measures. Beyond the direct financial impact, ransomware attacks cause significant operational disruption, with businesses averaging 21 days of downtime following an attack[appendix]. This downtime can have cascading effects on critical infrastructure sectors throughout supply chains and essential services. Implementing these preventive measures also provides a competitive advantage through operational resilience and can significantly reduce cyber insurance premiums, which have increased by 50% in recent years20.


Critical Vulnerabilities Requiring Immediate Action

CISA has added two significant vulnerabilities to its Known Exploited Vulnerabilities Catalog, both actively being exploited in the wild:


CVE-2025-24472: Fortinet FortiOS and FortiProxy Authentication Bypass

This high-severity vulnerability (CVSS 8.1) affects FortiOS versions 7.0.0 through 7.0.16 and FortiProxy versions 7.0.0 through 7.0.19/7.2.0 through 7.2.12. It allows remote attackers to gain super-admin privileges via crafted CSF proxy requests56.

Threat actors are exploiting this vulnerability to:

  • Create rogue admin or local users

  • Modify firewall policies

  • Access SSL VPNs to gain entry to internal networks6

Mitigation: Upgrade to FortiOS 7.0.17 or above, FortiProxy 7.0.20/7.2.13 or above6.


CVE-2025-30066: tj-actions/changed-files GitHub Action Vulnerability

This vulnerability affects a GitHub Action used in over 23,000 repositories. Attackers injected malicious code that downloads a Python script designed to scan for and extract credentials and secrets, including AWS keys, GitHub tokens, and RSA keys[appendix].

Mitigation: Remove public access temporarily, replace affected actions, and rotate any potentially compromised secrets[appendix].


Urgent Action Required

Under CISA's Binding Operational Directive (BOD) 22-01, federal agencies must remediate these vulnerabilities within prescribed timeframes. While BOD 22-01 only applies to federal agencies, CISA strongly urges all organizations to prioritize timely remediation22.

For maximum effectiveness, prioritize remediation based on:

  1. Severity and exploitability

  2. Asset value and exposure

  3. Threat intelligence indicating active exploitation

  4. Business impact of affected systems[appendix]


Business Value of Vulnerability Management

The return on investment for prompt vulnerability remediation is substantial. Exploited vulnerabilities lead to breaches costing an average of $4.62 million per incident20, whereas implementing a systematic approach to vulnerability management is far less expensive. Additionally, organizations with mature vulnerability management programs experience 48% fewer successful attacks than those without such programs[appendix]. This translates directly to reduced downtime, lower incident response costs, and protection of critical operational systems essential to business continuity.


Industrial Control Systems: Protecting the Operational Technology Backbone

CISA has released seven new Industrial Control Systems (ICS) advisories covering vulnerabilities in Schneider Electric, Rockwell Automation, and Mitsubishi Electric systems. These vulnerabilities potentially impact critical operational technology environments that control essential infrastructure910.


Key Vulnerabilities and Impacts

ICSA-25-077-01: Schneider Electric EcoStruxure Power Automation System UI

  • An improper authentication vulnerability (CVE-2025-0813, CVSS v4: 7.0)

  • Allows attackers to bypass device authentication when they have physical access

  • Could lead to unauthorized access to sensitive information or code execution9

ICSA-25-077-02: Rockwell Automation Lifecycle Services with VMware

  • Multiple high-severity vulnerabilities, including TOCTOU race condition

  • Bridges gaps between physical ICS and virtual environments

  • Could potentially allow access to both OT and IT systems10

Additional advisories cover Schneider Electric's EcoStruxure Power Automation System, Panel Server, ASCO Remote Annunciator, Modicon, and Mitsubishi Electric CNC Series10.


Actionable ICS Security Measures

  1. Implement a multi-type mitigation strategy

    • Move beyond patch-only approaches to include network-based mitigation

    • Use identity and access controls as compensating controls

    • Apply network segmentation to limit exposure18

  2. Adopt a defense-in-depth approach

    • Segment ICS networks from corporate and external networks

    • Implement role-based access control based on least privilege

    • Deploy intrusion detection systems specific to OT environments

    • Use secure communication protocols and encryption where feasible19

  3. Apply recommended mitigations from CISA advisories

    • Upgrade to the latest versions of the affected software

    • Apply vendor-recommended workarounds when immediate patching isn't possible

    • Strictly follow all security configuration guidance9

  4. Strengthen physical and cyber-physical security

    • Control physical access to ICS components

    • Secure building automation systems that may impact industrial processes

    • Implement monitoring for both cyber and physical security events10

  5. Align with established frameworks

    • Adopt standards such as NIST CSF, ISA/IEC 62443, or CIS Controls for ICS

    • Conduct regular assessments against these frameworks

    • Develop security programs based on recognized best practices19


Business Value of ICS Security

The return on investment for ICS security is particularly compelling, given the potential consequences of operational disruption. Unplanned downtime in industrial environments costs an average of $250,000 per hour[appendix], making preventive security measures highly cost-effective. Beyond preventing financial losses, robust ICS security enhances operational reliability, reduces safety incidents, and ensures regulatory compliance.

Organizations with mature ICS security programs report 63% fewer safety incidents and 23% greater operational efficiency than those with ad-hoc approaches[appendix]. Additionally, as cyber insurance premiums continue to rise, demonstrating strong ICS security controls can lead to significant premium reductions, directly impacting the bottom line.


Conclusion: Integrating Security into Business Strategy

The threat landscape facing critical infrastructure has never been more complex or consequential. From sophisticated email fraud schemes to ransomware attacks and physical security risks to biological materials, these threats require a coordinated, multi-layered defense strategy that spans both cybersecurity and physical security domains.

By implementing the actionable steps outlined in this analysis, critical infrastructure organizations can significantly reduce their risk exposure while enhancing operational resilience. The business value extends far beyond mere loss prevention:

  • Operational continuity ensures uninterrupted delivery of critical services

  • Financial protection from both direct losses and remediation costs

  • Regulatory compliance reduces the risk of penalties and enforcement actions

  • Reputational preservation maintains stakeholder and customer trust

  • Competitive advantage through demonstrated resilience and reliability

The most effective approach is to integrate these security measures into broader business strategies rather than treating them as isolated technical requirements. By aligning security investments with business objectives, organizations can maximize return on investment while building sustainable resilience against evolving threats.

As we've demonstrated, the cost of prevention is invariably lower than the cost of recovery. In today's threat landscape, proactive security isn't just good practice—it's good business.





Citations:

  1. https://success.hcss.com/an-email-compromise-targeting-construction/

  2. https://www.jdsupra.com/legalnews/don-t-fall-prey-to-the-43-billion-scam-2371633/

  3. https://www.armis.com/blog/breaking-down-medusa-ransomware/

  4. https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-071a

  5. https://www.techtarget.com/searchsecurity/news/366619314/Fortinet-discloses-second-authentication-bypass-vulnerability

  6. https://securityaffairs.com/175583/security/u-s-cisa-adds-fortinet-fortios-fortiproxy-and-github-action-flaws-to-its-known-exploited-vulnerabilities-catalog.html

  7. https://www.armscontrol.org/act/2003-06/features/preventing-misuse-pathogens-need-global-biosecurity

  8. https://www.armscontrol.org/act/2003-06/features/preventing-misuse-pathogens-need-global-biosecurity-0

  9. https://www.cisa.gov/news-events/ics-advisories/icsa-25-077-01

  10. https://windowsforum.com/threads/cisas-latest-ics-advisories-a-call-to-action-for-it-security-professionals.357078/

  11. https://pmc.ncbi.nlm.nih.gov/articles/PMC10407794/

  12. https://pmc.ncbi.nlm.nih.gov/articles/PMC4041738/

  13. https://osp.od.nih.gov/wp-content/uploads/2024/12/BBII-Plan_FINAL.pdf

  14. https://krakenio.tech/collections/articles/Shadows_in_the_System_Deciphering_Medusas_Trend_on_Schools_and_Healthcare.pdf

  15. https://travisasm.com/blog/our-blog-1/medusa-ransomware-threat-escalates-understanding-and-mitigating-the-growing-cyber-menace-64

  16. https://www.alstonprivacy.com/emergence-of-medusa-ransomware/

  17. https://www.itsasap.com/blog/business-email-compromise-prevention-tips

  18. https://1898andco.burnsmcd.com/article/essentials-of-an-industrial-critical-infrastructure-cybersecurity-program

  19. https://www.paloaltonetworks.co.uk/cyberpedia/what-is-ics-security

  20. https://keepnetlabs.com/blog/171-cyber-security-statistics-2024-s-updated-trends-and-data

  21. https://www.globenewswire.com/news-release/2025/01/22/3013537/0/en/Business-Email-Compromise-Market-to-Reach-USD-7-24-Billion-by-2032-Driven-by-Rising-Cyberattacks-and-Security-Demand-Research-by-SNS-Insider.html

  22. https://www.cisa.gov/news-events/directives/bod-22-01-reducing-significant-risk-known-exploited-vulnerabilities

  23. https://www.securin.io/articles/cisa-launches-known-exploited-vulnerabilities-catalog/

  24. https://www.hka.com/article/cyberattacks/

  25. https://www.thesslstore.com/blog/business-email-compromise-statistics/

  26. https://www.impresscomputers.com/2025/03/06/business-email-compromise-a-growing-threat-for-construction-companies-in-west-houston/

  27. https://technologyassociates.net/construction-companies-are-prime-targets-of-bec-and-wire-fraud-attacks/

  28. https://www.proofpoint.com/us/blog/email-and-cloud-threats/10-real-world-business-email-compromise-bec-scam-examples

  29. https://www.fbi.gov/file-repository/fy-2022-fbi-congressional-report-business-email-compromise-and-real-estate-wire-fraud-111422.pdf/view

  30. https://businessinformationgroup.com/articles/cyber-threats-in-construction-what-you-need-to-know-for-2025/

  31. https://www.cohnreznick.com/insights/why-construction-companies-face-cybersecurity-risks-and-how-to-combat-them

  32. https://perception-point.io/blog/investigating-the-intricacies-of-invoice-redirect-attacks/

  33. https://www.ic3.gov/PSA/2023/PSA230609

  34. https://eftsure.com/blog/cyber-crime/finance-leaders-beware-6-construction-bec-scams-that-happened-across-the-globe/

  35. https://www.valimail.com/blog/essential-guide-to-bec-attacks/

  36. https://www.pymnts.com/cybersecurity/2024/understanding-the-shifting-anatomy-of-next-generation-bec-attacks/

  37. https://cm.wipfli.com/insights/articles/cre-ra-cybercriminals-impersonating-construction-companies-business-email-compromise

  38. https://hoxhunt.com/blog/business-email-compromise-statistics

  39. https://www.proofpoint.com/us/threat-reference/business-email-compromise

  40. https://help.bill.com/s/article/360015719232

  41. https://www.nebraskalandbank.com/resources/learn/blog/protecting-your-business-from-business-email-compromise-bec-scams-in-2025/

  42. https://www.hipaajournal.com/medusa-ransomware/

  43. https://www.fox6now.com/news/medusa-ransomware-cisa-fbi-warning-phishing

  44. https://old.ascendum.com/breaking-u1/protecting-against-medusa-ransomware-a-comprehensive-guide.html

  45. https://www.cybersecuritydive.com/news/medusa-ransomware-slams-critical-infrastructure-organizations/742428/

  46. https://cbsaustin.com/news/nation-world/protect-your-data-fbi-cisa-issue-alert-over-medusa-ransomware-threat-cybersecurity-information-security-advice

  47. https://www.ic3.gov/CSA/2025/250312.pdf

  48. https://www.cisa.gov/news-events/alerts/2025/03/12/cisa-and-partners-release-cybersecurity-advisory-medusa-ransomware

  49. https://www.securityweek.com/medusa-ransomware-made-300-critical-infrastructure-victims/

  50. https://www.cisa.gov/sites/default/files/2025-03/aa25-071a-stopransomware-medusa-ransomware.pdf

  51. https://success.trendmicro.com/en-US/solution/KA-0011275

  52. https://www.dataprivacyandsecurityinsider.com/2025/03/joint-alert-warns-of-medusa-ransomware/

  53. https://www.usatoday.com/story/news/nation/2025/03/16/medusa-ransomware-cyberattacks-officials-warning/82478232007/

  54. https://www.halcyon.ai/blog/cisa-fbi-and-ms-isac-alert-on-medusa-ransomware

  55. https://www.picussecurity.com/resource/blog/medusa-ransomware-cisa-alert-aa25-071a

  56. https://www.industrialdefender.com/blog/medusa

  57. https://therecord.media/medusa-ransomware-targeting-critical-infrastructure-orgs

  58. https://www.cisa.gov/stopransomware/official-alerts-statements-fbi

  59. https://www.forcepoint.com/blog/insights/fbi-cisa-medusa-ransomware-advisory

  60. https://sysdig.com/blog/detecting-and-mitigating-the-tj-actions-changed-files-supply-chain-attack-cve-2025-30066/

  61. https://www.cybersecuritydive.com/news/supply-chain-github-exposure-secrets/742693/

  62. https://www.avertium.com/flash-notices/cve-2025-24472-actively-exploited-patch-and-manage

  63. https://orca.security/resources/blog/github-action-tj-actions-changed-files-compromised/

  64. https://www.cyber.gc.ca/en/alerts-advisories/vulnerabilities-impacting-fortinet-fortios

  65. https://docs.github.com/en/actions/security-for-github-actions/security-guides/security-hardening-for-github-actions

  66. https://www.redlegg.com/blog/emergency-vulnerability-fortios-2-25

  67. https://www.aquasec.com/blog/github-action-tj-actions-changed-files-compromised/

  68. https://www.infosecurity-magazine.com/news/fortinet-vulnerability-ransomware/

  69. https://www.wiz.io/blog/new-github-action-supply-chain-attack-reviewdog-action-setup

  70. https://cyble.com/blog/cisa-alerts-users-of-cve-2025-24472/

  71. https://thehackernews.com/2025/03/cisa-warns-of-active-exploitation-in.html

  72. https://www.cisa.gov/known-exploited-vulnerabilities-catalog

  73. https://unit42.paloaltonetworks.com/github-actions-supply-chain-attack/

  74. https://www.fortiguard.com/psirt/FG-IR-24-535

  75. https://www.cisa.gov/news-events/alerts/2025/03/18/supply-chain-compromise-third-party-github-action-cve-2025-30066

  76. https://www.quorumcyber.com/threat-intelligence/vulnerabilities-added-to-cisas-known-exploited-vulnerabilities-catalogue/

  77. https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-supply-chain-security

  78. https://oir.nih.gov/sourcebook/personnel/policies-recruitment-processes/guide-nih-intramural-principal-investigators-navigate-international

  79. https://oig.justice.gov/sites/default/files/archive/special/0405/chapter5.htm

  80. https://research.washu.edu/disclosing-international-collaborations/

  81. https://policies.unc.edu/TDClient/2833/Portal/KB/ArticleDet?ID=131881

  82. https://www.aau.edu/sites/default/files/AAAS-APLU-AAU-FBI%20_report-personnel-security_121113.pdf

  83. https://www.phe.gov/s3/BioriskManagement/biosecurity/Pages/Physical-Security.aspx

  84. https://research.fiu.edu/export-controls/guidance-regarding-foreign-influence-and-research/

  85. https://www.pdx.edu/environmental-health-safety/sites/healthsafety.web.wdt.pdx.edu/files/2020-10/Laboratory%20Biosafety%20and%20Biosecurity%20Risk%20Assessment%20Technical%20Guidance%20.pdf

  86. https://www.wsj.com/articles/chinese-diplomats-helped-visiting-military-scholars-in-the-u-s-evade-fbi-scrutiny-u-s-says-11598379136

  87. https://archive.cdc.gov/www_cdc_gov/globalhealth/security/stories/reducing-the-risk-of-bioterrorism-laboratory-dangers.html

  88. https://oir.nih.gov/system/files/media/file/2025-01/guidelines-conduct_research.pdf

  89. https://www.cyberbiosecurity.ch/Espionage_Cyberbiosecurity.html

  90. https://www.fbi.gov/how-we-can-help-you/more-fbi-services-and-information/freedom-of-information-privacy-act/fbi-privacy-act-systems/61-fr-37495

  91. https://www.ncbi.nlm.nih.gov/sites/books/NBK55881/

  92. https://www.esd.whs.mil/Portals/54/Documents/DD/issuances/dodm/605518p.pdf?ver=2020-08-11-131349-037

  93. https://www.ncbi.nlm.nih.gov/books/NBK285575/

  94. https://zintellect.com/Opportunity/Details/FBI-CFSRU-2025

  95. https://www.phe.gov/s3/BioriskManagement/biosecurity/Pages/Biosecurity-FAQ.aspx

  96. https://www.cisa.gov/news-events/ics-advisories/icsa-25-077-02

  97. https://www.cybersecurity-help.cz/vdb/SB2025031914

  98. https://www.cisa.gov/news-events/ics-advisories/icsa-25-077-04

  99. https://www.cisa.gov/news-events/ics-advisories/icsa-25-077-03

  100. https://www.tisalabs.com/advisories/rockwell-automation-lifecycle-services-with-vmware/

  101. https://www.cybersecurity-help.cz/vulnerabilities/105860/

  102. https://www.cisa.gov/news-events/ics-advisories/icsa-25-077-05

  103. https://www.cybersecurity-help.cz/vdb/SB2025031915

  104. https://www.cisa.gov/news-events/alerts/2025/03/18/cisa-releases-seven-industrial-control-systems-advisories

  105. https://marbersecurity.com/cybersecurity-alerts-news-tips/cisa-releases-seven-industrial-control-systems-advisories-14/

  106. https://www.isssource.com/schneider-remediation-for-remote-annunciator-in-works/

  107. https://www.rockwellautomation.com/en-us/trust-center/security-advisories.html

  108. https://webboard-nsoc.ncsa.or.th/post/1880

  109. https://security.calpoly.edu/aggregator

  110. https://www.linkedin.com/posts/danricci14_rockwellautomation-otsecurity-cybersecurity-activity-7308465606213726208-7I6V

  111. https://www.se.com/ww/en/work/support/cybersecurity/security-notifications.jsp

  112. https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1722.html

  113. https://www.cybersecurity-help.cz/vulnerabilities/105861/

  114. https://musserlab.medicine.tamhsc.edu/internalstuff/protocols/Biosafety/12-Biological%20Safety.html

  115. https://senstar.com/senstarpedia/access-control-and-critical-infrastructure-protection/

  116. https://www.osha.gov/sites/default/files/publications/OSHAfactsheet-laboratory-safety-biosafety-cabinets.pdf

  117. https://www.bu.edu/research/ethics-compliance/safety/biological-safety/ibc/resources/biosafety-manual/chapter-05-laboratory-biosafety-practices/

  118. https://pmc.ncbi.nlm.nih.gov/articles/PMC6455068/

  119. https://blink.ucsd.edu/safety/research-lab/biosafety/containment/bsc/usage.html

  120. https://www.rand.org/pubs/commentary/2024/11/robust-biosecurity-measures-should-be-standardized.html

  121. https://lsm.alfaisal.edu/doc/procedures-for-using-biological-materials/

  122. https://www.dhs.gov/sites/default/files/2024-04/24_0426_dhs_ai-ci-safety-security-guidelines-508c.pdf

  123. https://www.labrepco.com/2024/05/15/a-comprehensive-guide-to-maximizing-safety-while-using-biological-safety-cabinets/

  124. https://www.aphl.org/aboutAPHL/publications/Documents/PHPR-2018Oct-Biosafety-Biosecurity-Survey-Report.pdf

  125. https://www.ncbi.nlm.nih.gov/books/NBK55881/

  126. https://online.nccu.edu/blog/technology-in-critical-infrastructure-security/

  127. https://www.nuaire.com/en/resources/biosafety-cabinet-proper-procedures-techniques-video

  128. https://globalbiodefense.com/2019/03/30/assessing-cyberbiosecurity-vulnerabilities-and-infrastructure-resilience/

  129. https://ehs.stonybrook.edu/programs/laboratory-safety/laboratory-security/index.php

  130. https://www.bertin-technologies.com/gas-detection/application/critical-infrastructure/

  131. https://aspr.hhs.gov/S3/Pages/Biosafety-Cabinets.aspx

  132. https://www.canadianpoultrymag.com/the-cost-benefit-of-biosecurity-12324/

  133. https://biosafety.utk.edu/biosafety-program/the-biosafety-program/biosafety-manual/3-biosafety-practices-and-procedures/

  134. https://www.phe.gov/s3/BioriskManagement/biosecurity/Pages/Biosecurity-Law-Policy.aspx

  135. https://stacks.cdc.gov/view/cdc/156279/cdc_156279_DS1.pdf

  136. https://cebra.unimelb.edu.au/__data/assets/pdf_file/0020/3535013/CEBRA_Value_Docs_KeyResultSummary_v0.6_Endorsed.pdf

  137. https://ehs.msu.edu/_assets/docs/bio/msu-biosafety-manual.pdf

  138. https://www.cisa.gov/topics/critical-infrastructure-security-and-resilience/critical-infrastructure-sectors

  139. https://iris.who.int/bitstream/handle/10665/377754/9789240095113-eng.pdf

  140. https://www.daf.qld.gov.au/business-priorities/biosecurity/enhancing-capability-capacity/model-investment-allocation

  141. https://ors.od.nih.gov/sr/dohs/Documents/bsl-2-lab-safety-manual.docx

  142. https://www.cisa.gov/topics/critical-infrastructure-security-and-resilience

  143. https://pmc.ncbi.nlm.nih.gov/articles/PMC7323818/

  144. https://oia.pmc.gov.au/sites/default/files/posts/2023/05/Impact%20Analysis_4.pdf

  145. https://www.dhs.gov/publication/safety-and-security-guidelines-critical-infrastructure-owners-and-operators

  146. https://www.scishield.com/community-hub/understanding-biosafety-and-biosecurity

  147. https://www.amrleaders.org/resources/m/item/annex-to-the-glg-report

  148. https://ors.od.nih.gov/sr/dohs/safety/laboratory/BioSafety/Pages/bio_chem_safety.aspx

  149. https://www.cybersecurityintelligence.com/blog/medusa-ransomware-attacks-focus-on-critical-infrastructure-8308.html

  150. https://cyberexperts.com/medusa-ransomware-onslaught-a-looming-financial-disaster-for-businesses/

  151. https://thehackernews.com/2025/03/medusa-ransomware-hits-40-victims-in.html

  152. https://www.aha.org/news/headline/2025-03-14-advisory-warns-medusa-ransomware-activity

  153. https://socprime.com/blog/medusa-ransomware-attacks-covered-in-aa25-071a-detection/

  154. https://www.forbes.com/sites/daveywinder/2025/03/16/fbi-warning-enable-2fa-for-gmail-outlook-and-vpns-now/

  155. https://www.hackers-arise.com/post/the-medusa-ransomware-threat-anatomy-of-a-cybercrime-operation

  156. https://www.security.com/threat-intelligence/medusa-ransomware-attacks

  157. https://industrialcyber.co/cisa/us-exposes-medusa-ransomware-threat-as-over-300-organizations-targeted-across-critical-infrastructure-sector/

  158. https://www.tripwire.com/state-of-security/medusa-ransomware-fbi-and-cisa-urge-organizations-act-now-mitigate-threat

  159. https://unit42.paloaltonetworks.com/medusa-ransomware-escalation-new-leak-site/

  160. https://www.reliaquest.com/blog/medusa-attack-analysis/

  161. https://brandefense.io/blog/stone-gaze-in-depth-analysis-of-medusa-ransomware/

  162. https://www.blackfog.com/the-7-most-active-ransomware-groups-of-2024/

  163. https://lp.keepit.com/hubfs/content-assets/EN/Keepit-ROI-of-ransomware-recovery-webinar-takeaway.pdf

  164. https://sepiocyber.com/blog/ransomware-made-me-do-it/

  165. https://www.linkedin.com/pulse/medusa-ransomware-threat-wake-up-call-critical-infrastructure-gsvte

  166. https://www.illumio.com/blog/cybersecurity-roi-critical-infrastructure-zero-trust-implementation-plan

  167. https://www.techmagic.co/blog/calculating-roi/

  168. https://okcfox.com/news/nation-world/protect-your-data-fbi-cisa-issue-alert-over-medusa-ransomware-threat-cybersecurity-information-security-advice

  169. https://www.threatdown.com/blog/medusa-ransomware-what-organizations-need-to-know/

  170. https://www.alvaka.net/cyber-insurance-for-ransomware-protection-a-critical-guide/

  171. https://www.mimecast.com/es/content/dkim-spf-dmarc-explained/

  172. https://www.secureworks.com/blog/protecting-against-bec-attacks

  173. https://netdiligence.com/blog/2024/10/how-to-prevent-business-email-compromise/

  174. https://industrialcyber.co/medical/us-hc3-warns-bec-emerges-as-one-of-most-financially-damaging-cybersecurity-threat-to-healthcare-sector/

  175. https://www.desk365.io/blog/spf-dkim-dmarc/

  176. https://www.threatdown.com/glossary/what-is-business-email-compromise-bec/

  177. https://www.staysafeonline.org/articles/business-email-compromise-what-it-is-and-how-to-prevent-it

  178. https://perception-point.io/guides/bec/business-email-compromise-vs-phishing-5-differences-and-8-defensive-measures/

  179. https://www.cloudflare.com/learning/email-security/dmarc-dkim-spf/

  180. https://abnormalsecurity.com/blog/bec-vec-attacks

  181. https://perception-point.io/guides/bec/business-email-compromise/

  182. https://www.hhs.gov/sites/default/files/business-email-compromise-healthcare-tlpclear.pdf

  183. https://learn.microsoft.com/en-us/defender-office-365/email-authentication-dmarc-configure

  184. https://ironscales.com/blog/cfos-reduce-financial-risks-of-bec-attacks-in-3-steps

  185. https://perception-point.io/guides/bec/bec-tools-6-black-hat-techniques-and-7-ways-to-fight-back/

  186. https://www.frameworksec.com/post/how-to-combat-business-email-compromise-a-guide-to-best-practices

  187. https://www.coalitioninc.com/topics/authenticating-email-using-SPF-DKIM-&-DMARC

  188. https://www.rubinbrown.com/insights-events/insight-articles/managing-business-email-compromise-and-fraud-attacks/

  189. https://accessprofessionals.com/exploring-the-roi-of-access-control-investments-for-businesses/

  190. https://industrialcyber.co/features/choosing-consequence-based-cyber-risk-management-to-prioritize-impact-over-probability-redefine-industrial-security/

  191. https://www.cisa.gov/topics/industrial-control-systems

  192. https://www.solucientsecurity.com/blog/measuring-the-roi-of-business-security-solutions-is-it-worth-the-investment/

  193. https://www.ssh.com/academy/pam/securing-energy-sector-ics-with-privileged-access-management-solutions

  194. https://www.intruder.io/blog/vulnerability-management-metrics

  195. https://www.sans.org/blog/why-ics-is-the-business-essential-cybersecurity-strategies-for-critical-infrastructure/

  196. https://www.genxsecurity.com/single-post/investing-in-access-control-roi

  197. https://sectrio.com/blog/ics-security-strategy-for-manufacturing/

  198. https://www.armis.com/blog/the-year-vulnerability-management-moves-from-the-basement-to-the-c-suite/

  199. https://www.sygnia.co/blog/ics-ot-threat-detection-strategy/

  200. https://www.linkedin.com/pulse/critical-aspects-industrial-control-systems-ics-security-benis

  201. https://www.ssh.com/academy/pam/protecting-energy-sector-industrial-control-system-role-of-privx-pam-solution

  202. https://www.dragos.com/ot-cybersecurity-year-in-review/

  203. https://fudosecurity.com/blog/2024/12/18/enhancing-critical-infrastructure-security-strategies-for-resilience/

  204. https://compyl.com/blog/security-roi-and-intangible-business-benefits/

  205. https://www.nozominetworks.com/blog/ics-cybersecurity-guide

  206. https://www.youtube.com/watch?v=XmPi7cHh_CA

  207. https://abnormalsecurity.com/blog/2023-fbi-ic3-report-takeaways

  208. https://www.fortra.com/blog/bec-global-insights-report-september-2024

  209. https://www.cisecurity.org/insights/blog/business-email-compromise-in-the-healthcare-sector

  210. https://trustmi.ai/resource/bec-attack-financial-loss-and-the-broader-ripple-effect/

  211. https://www.ic3.gov/AnnualReport/Reports/2023_IC3Report.pdf

  212. https://cybersecurity.asee.io/blog/cybersecurity-statistics/

  213. https://www.tanium.com/blog/why-business-email-compromise-costs-companies-more-than-ransomware-attacks/

  214. https://www.vikingcloud.com/blog/cybersecurity-statistics

  215. https://insuranceindustryblog.iii.org/the-latest-reports-from-fbi-and-itrc-reveal-that-cyber-incidents-in-2023-broke-records-for-financial-loss-and-frequency/

  216. https://www.tanium.com/blog/what-is-business-email-compromise/

  217. https://www.mailmodo.com/guides/business-email-compromise-statistics/

  218. https://www.securityweek.com/fbi-cybercrime-losses-exceeded-12-5-billion-in-2023/

  219. https://spycloud.com/blog/cybersecurity-industry-statistics-account-takeover-ransomware-data-breaches-bec-fraud/

  220. https://www.cbh.com/insights/articles/business-email-compromise-staying-protected/

  221. https://www.fortra.com/blog/bec-global-insights-report-february-2025

  222. https://slashnext.com/blog/2023-fbi-ic3-cybercrime-report/

  223. https://www.picussecurity.com/resource/glossary/what-is-vulnerability-prioritization

  224. https://ogma.in/understanding-cve-2025-24472-a-critical-authentication-bypass-vulnerability-in-fortinet-products

  225. https://xygeni.io/blog/vulnerability-remediation-how-to-prioritize/

  226. https://www.rescana.com/post/critical-analysis-of-cve-2025-24472-authentication-bypass-vulnerability-in-fortinet-s-fortios-and-f

  227. https://www.scworld.com/news/github-action-bug-allows-supply-chain-attack-added-to-cisa-list

  228. https://www.cisa.gov/news-events/alerts/2022/11/10/cisa-releases-ssvc-methodology-prioritize-vulnerabilities

  229. https://socradar.io/cisa-kev-timeframe-problems-while-prioritizing-vulnerabilities/

  230. https://www.criminalip.io/knowledge-hub/blog/25732

  231. https://www.bleepingcomputer.com/news/security/github-action-supply-chain-attack-exposed-secrets-in-218-repos/

  232. https://www.cisa.gov/known-exploited-vulnerabilities

  233. https://www.cisa.gov/sites/default/files/publications/CISAInsights-Cyber-RemediateVulnerabilitiesforInternetAccessibleSystems_S508C.pdf

  234. https://www.balbix.com/insights/vulnerability-management-framework/

  235. https://fossa.com/blog/using-cisa-kev-catalog/

  236. https://www.cisa.gov/news-events/alerts/2025/03/18/cisa-adds-two-known-exploited-vulnerabilities-catalog

Answer from Perplexity: pplx.ai/share


Comments

© 2025 InfraGard National Capital Region Members Alliance 

WARRANTY DISCLAIMER  The FBI, InfraGard, and its affiliates provide information, including but not limited to software, documentation, training, and other guidance to be known as “materials.” The materials are provided as-is and we expressly disclaim any and all warranties, express or implied, including, and without limitation, the implied warranties of merchantability, fitness for a particular purpose, non-infringement, quiet enjoyment, and integration, and warranties arising out of course of dealing or usage of trade. You agree that, as between you and the FBI, InfraGard, and its affiliates, you are responsible for the outcome of the use of materials made available, including but not limited to adherence to licensing requirements, and taking legal and regulatory considerations into account. There is no guarantee of accuracy, completeness, timeliness, or correct sequencing of the information provided.

OFFICIAL LINKS

Privacy Policy

  • InfragardNCR INMA PrivacyStatement
  • White LinkedIn Icon
  • Twitter Clean
bottom of page