Summary: WaterISAC has been made aware of water industry-related websites that have been infected with SocGholish malware. Certain links on these websites have been observed re-directing users to fake browser update webpages. This is done to trick the user into downloading a payload which ultimately infects the system with SocGholish malware.
Analyst Note: WaterISAC is sending this as a reminder to members to use caution when visiting water industry or sector related websites and to urge users to report anything that looks suspicious, out of the norm, or that may indicate the potential for malware. A certain level of risk is inherent in any kind of internet use; therefore, caution should always be taken even when visiting legitimate websites. As this threat is currently impacting the water sector, Proofpoint’s previous in-depth analysis of this threat is particularly applicable.
Additional Reading:
- Are You Sure Your Browser is Up to Date? The Current Landscape of Fake Browser Updates
- SocGholish
- Cybersecurity Best Practices | CISA
Related WaterISAC PIRs: 6, 10
