This DAP highlights – Neo-Nazis in Ohio and faith-based organizations targeted by multiple ransomware gangs. DAP also has More Faith-Based Stories and Select All-Hazard Stories. These updates are shared to help raise the situational awareness of Faith-Based organizations to best defend against and mitigate the impacts from all-hazards threats including physical security, cybersecurity, and natural disasters.
FB-ISAO Threat Level, June 2022 Update
This message is TLP:WHITE. Subject to standard copyright rules, TLP:WHITE information may be distributed without restriction.
The FB-ISAO Cyber Threat Intelligence, Operational Resilience (together, the Threat and Incident Response) working groups, have been actively monitoring and sharing information, reports, and perspective regarding our threat environment, to include any possible spillovers from the ongoing pandemic, general political climate, current national and local election cycles, impending Supreme Court decisions, and Russia’s invasion of Ukraine. We have determined to maintain all threat levels at GUARDED at this time.
- The Pandemic Threat Level at “GUARDED.” GUARDED means FB-ISAO has determined that there is no specific threat at this time – in the context of the pandemic, meaning there is no specific outbreak or variant of significant concern – but a general risk of further outbreaks exists.
- The Physical Threat Level as “GUARDED.” GUARDED means that FB-ISAO is unaware of any specific events, but a general risk of incidents exists.
- The Cyber Threat Level at “GUARDED.” GUARDED means FB-ISAO is unaware of any specific or targeted cyber attacks, but a general and pervasive risk of cyber attacks exists.
PANDEMIC THREAT: The TIG has determined to maintain the Pandemic Threat Level at “GUARDED.” GUARDED means FB-ISAO has determined that there is no specific threat at this time and there is no specific outbreak or variant of significant concern. We continue to be alert to a general risk of further outbreaks, and we continue to monitor rising cases occurring other parts of the world. The success of vaccinations and availability of boosters has been encouraging. We continue to monitor the spread of emerging variants but see no major threat of concern. The potential of a new significant variant exists, and we believe that maintaining vaccinations, and being prepared to reestablish necessary safety protocols is important. The TIG will continue to assess the Pandemic Threat Level regularly and provide updates accordingly.
PHYSICAL THREAT: The TIG has determined to maintain the Physical Threat Level at “GUARDED.” GUARDED means that FB-ISAO is unaware of any specific events, but a general risk of incidents exists. We remain concerned of ongoing stressors that cause concern to FBOs, workplaces, and public settings that have carried over from the pandemic. Among those are stressors and potential sparks relating to COVID (issues such as masking, vaccines, safeguards, etc. that may trigger people as they return to in-person activities), economic uncertainty (supply chain disruptions, shortages of goods, inflation, etc.), polarizing issues (including the war in Ukraine and the coming 2022 election campaign, media, and political hyperbole) and other considerations. These concerns are coupled with continued foreign ideological extremist and domestic extremist propaganda and encouragement for violence.
Of note, over the past month, there have been several hostile events, some of which have involved FBOs. These are yet one indicator of what has been a sharp increase in the amount of violence since 2020. In particular, active shooter incidents are up almost 100% since 2020. These trends, coupled with the move toward outdoor events and activities which are usually accompanied by larger, more centralized crowds, do present opportunities for threat actors. In addition, the upcoming decision on Roe v Wade could trigger a wave of protests and demonstrations, and low-level threat actions targeting FBOs who generally align with overturning the controversial court case. These can include but are not limited to harassment, and vandalism, but could escalate. That escalation could include an attack against public officials and FBO personnel who may appear to be connected to or support the decision and could occur at offices, FBOs, residences or other places of opportunity. One such incident occurred on 08 June, when a man with weapon detained near Supreme Court Justice Brett Kavanaugh’s home. The suspect admitted his anger at recent political events that it seems he was seeking to cause physical harm to Justice Kavanaugh.
Coupled with this was the release of the National Terrorism Advisory (NTAS) Bulletin on 07 June, with specific reference to recent incidents relevant to the faith-based community and expressing continued concerns including, “Given a high-profile U.S. Supreme Court case about abortion rights, individuals who advocate both for and against abortion have, on public forums, encouraged violence, including against government, religious, and reproductive healthcare personnel and facilities, as well as those with opposing ideologies.”
CYBER THREAT: The TIG has determined to maintain the Cyber Threat Level at “GUARDED.” GUARDED means FB-ISAO is unaware of any specific or targeted cyber attacks, but a general and pervasive risk of cyber attacks exists. We continue to encourage preparedness and vigilance against routine threats and ongoing challenges such as ransomware and known exploited vulnerabilities.
- Regarding potential threats associated with Russia’s war against Ukraine, we continue to echo CISA’s SHIELDS UP posture that, “while there are no specific or credible cyber threats to the U.S. at this time, Russia’s invasion of Ukraine, which has involved cyber-attacks on Ukrainian government and critical infrastructure organizations, could impact organizations both within and beyond the region, to include the U.S. homeland.” Furthermore, while we still do not see an increased threat aimed at Faith-Based Organizations (FBOs) specifically, there remains a general concern for all U.S. entities at this time. Therefore, it may be prudent to remind our communities to be extra cautious and avoid clicking on attachments contained in emails and texts that may appear as alerts containing photos of damage or appeal letters for items needed, resources, prayer wheels, or other attempts to lure victims. Likewise, avoid forwarding such items to members or other congregations.
- Regarding ransomware, both direct attacks and indirect attacks to vendors and supply chain partners is a concern. Organizations are encouraged to develop and exercise incident response plans, to include communications, outreach, and reporting procedures.
The TIG will continue to assess the Cyber Threat Level and provide updates accordingly. Likewise, the cyber threat landscape will be continuously monitored, but this Cyber Threat Level determination is valid until further notice.
GENERAL. Given the recent events, as well as the pending decision on Roe v Wade, it is an important time for organizations to reassess their security processes and procedures. In addition, it is a good time to remind all employees, as well as members of their role in identifying suspicious events and how to respond appropriately to incidents. It is also important to note upcoming all-hazards preparedness, especially the risk of severe weather, hurricanes, as well as the impact of wildfires in portions of the world, especially in the western U.S. Whether organizations are directly impacted through damage to property, indirectly impacted with supply chain impacts from areas impacted, or are used to help in the emergency response, this is an important time to review preparedness activities.
Members at the Champion and Hero levels are encouraged to review recent weekly reports that have included some related information and mitigation ideas. Additionally:
- Please refer to this post for an explainer on the FB-ISAO Threat Levels.
- Please refer to the current National Terrorism Advisory System (NTAS) Bulletin, date 07 Feb 2022 (expires, 07 June 2022)
- CISA SHIELDS UP information and guidance regarding Ukraine invasion-related threats.
- Please refer to this valuable resource developed by the Cybersecurity and Infrastructure Security Agency: Mitigating Attacks on Houses of Worship Security Guide.
Additional resources.
FB-ISAO maintains a resources page which may be accessed here and includes:
- Physical Threat
- Preparedness
- Cybersecurity
- Insider Threat
- Domestic Terrorism Threat
- Health and Natural Disaster
- Preparedness Videos and Training
- Resources for Schools
- COVID-19 and Pandemic Resources
- Domestic Terrorism Threat
Regular updates are being shared in the Faith-Based Daily Journal.
A good reference: NJCCIC Advisory: Cybersecurity Considerations as Geopolitical Tensions Increase
Cybersecurity Resources:
- CISA SHIELDS UP in particular.
- U.K. NCSC guidance on steps to take when the cyber threat is heightened
- Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure
- Russian State-Sponsored Cyber Actors Target Cleared Defense Contractor Networks to Obtain Sensitive U.S. Defense Information and Technology
- Russia Cyber Threat Overview and Advisories
International Travel Resources:
- U.S. Department of State—Bureau of Consular Affairs: Ukraine Travel Advisory
- U.S. Department of State—Bureau of Consular Affairs: Information for U.S. Citizens in Ukraine
- U.K. Foreign travel advice—Ukraine
Business Continuity Resources
- Continuity of Operations (COOP), Federal Emergency Management Agency (FEMA)