Evidence snapshot
- Network devices: Cisco Live Protect uses an eBPF agent to detect suspicious behavior on switches with unpatched OS and block exploits pre‑patch [1].
- Enterprise apps: Microsoft released Office updates dated Feb 10, 2026, indicating active patch cycles and risk if unpatched [3].
- Public utilities: Reporting flags widespread, prolonged water outages as a central national issue; no cyber attribution is provided in that source [2].
Recent incidents (last 6–12 months)
- Provided sources do not document specific ransomware events. Operational water outages are noted without cyber linkage [2].
Likely exposure vectors indicated by sources
- Unpatched network firmware/OS on switches, creating windows for exploit attempts [1].
- Unpatched Office components in enterprise environments [3].
Operator actions (practical, verifiable)
- Patch management: Prioritize deploying the Feb 10, 2026 Microsoft Office updates across fleets; verify installation and address stragglers [3].
- Pre‑patch protection on network gear: Where immediate firmware fixes are not possible, use agent‑based eBPF controls (e.g., Cisco Live Protect) to block exploit behavior until patched [1].
- Continuity readiness: Given reported prolonged water outages (no cyber cause stated), validate contingency plans and monitoring for water infrastructure operations [2].
Confidence/uncertainty
- No direct evidence in these sources of active ransomware against utilities; outage reporting is non‑attributed and policy‑focused [2].