Threat actors have recently been observed deploying tactics that evade cybersecurity phishing defenses, namely Natural Language Processing (NLP) detection methods. NLP involves analyzing the language used in emails or other text to identify patterns or phrases that may indicate spam or phishing attempts. It has gotten more advanced and effective as AI technology has advanced in recent years. NLP methods are similar to behavioral analysis tools, which go beyond regular anti-virus methods for detecting threats by looking for adverse patterns or anomalies.

Threat intelligence researchers from Egress, a Know-Be-4 cybersecurity firm, have demonstrated how threat actors will likely include benign text, links, or whitespace in phishing emails in hopes of being perceived as “safe” by NLP tools.

These findings are significant as they show continued successful attempts by threat actors to bypass security measures and provide more reason for utilities to implement a proactive plan to defend against phishing. 31% of all detected incidents involved phishing tactics, according to Verizon’s 2024 data breach investigations report. For more information, visit Cyberscoop or Egress.

See These Previously Shared Tips for Staying Safe

• Be Skeptical of Unexpected Requests. Treat any unexpected emails or messages with caution, especially those asking for sensitive information or urgent actions.
• Verify the Source. Always verify the sender’s email address and look for signs of impersonation before clicking links or opening attachments.
• Use Strong Multi-Factor Authentication. Use multi-factor authentication methods (not exclusively) that are more secure, such as authenticator apps or hardware tokens.
• Educate Yourself and Others. Participate in cybersecurity training and stay informed about the latest phishing tactics. Share this knowledge with your colleagues.
• Practice Phishing Drills. Part of every utility’s cybersecurity awareness training should include regular phishing drills for staff. CISA has free resources to assist, such as, Teach Employees to Avoid Phishing.
• Not Sure, Call. If you are not sure that the source of an email is legitimate, call the supposed sender through previously established phone numbers to confirm the request’s validity.
• Fall for a Phish, Contact Your IT Department. If you realize after the fact that you fell for a phishing email, or you think you might have, call your information technology group to find out what to do.

Additional Water and Wastewater Systems Sector Guidance & Resources:

• Recognize and Report Phishing | CISA
• Cybersecurity Fundamentals for Water and Wastewater Utilities | WaterISAC
• Top Cyber Actions for Securing Water Systems | CISA
• Water and Wastewater Sector - Incident Response Guide | CISA
• CISA's Free Cyber Vulnerability Scanning for Water Utilities | CISA
• Water and Wastewater Cybersecurity | CISA