This DAP highlights – Neo-Nazis in Ohio and faith-based organizations targeted by multiple ransomware gangs. DAP also has More Faith-Based Stories and Select All-Hazard Stories. These updates are shared to help raise the situational awareness of Faith-Based organizations to best defend against and mitigate the impacts from all-hazards threats including physical security, cybersecurity, and natural disasters.
FB-ISAO Threat Level, December 2022 Update
This message is TLP:WHITE. Subject to standard copyright rules, TLP:WHITE information may be distributed without restriction.
The FB-ISAO Cyber Threat Intelligence, Operational Resilience (together, the Threat and Incident Response) working groups have been actively monitoring and sharing information, reports, and perspective regarding our threat environment. We have revisited our current advised threat level in light of recent events, including widespread acts of antisemitism, open threats to synagogues, attacks on LGBTQ targets and Pride events, vandalism of churches and pregnancy centers following the Supreme Court’s Dobbs decision, continued political polarization and threats in the aftermath of the 2022 midterm elections, and other considerations, including the newest DHS National Terrorism Advisory System (NTAS) Bulletin. These risks as well as the potential risks associated with outdoor events and celebrations around the winter holidays with their outdoor markets, crowds, history of attacks and cyber-scam opportunities, and enduring concerns over possible spillovers from the continuing ‘tridemic’ of COVID-19, RSV, and flu and significant international conflicts and other events. Based on this review, we have determined to maintain all threat levels at GUARDED, meaning that FB-ISAO is aware that a general risk of incidents exists, but there are no target or time specific threats requiring an escalation in our overall preparedness at this time.
- The Physical Threat Level remains at “GUARDED.” GUARDED means that FB-ISAO is unaware of any specificimpending terrorism events although a general risk of incidents exists.
- The Cyber Threat Level remains at “GUARDED.” GUARDED means FB-ISAO is unaware of any specific or targeted cyber attacks, but a general and pervasive risk of cyber attacks exists.
- The Pandemic Threat Level remains at “GUARDED.” GUARDED means FB-ISAO has determined that there is no specific threat at this time – in the context of the pandemic, meaning there is no specific outbreak or variant of significant concern – but a general risk of further outbreaks exists.
PHYSICAL THREAT: The TIG has determined to keep the Physical Threat Level at “GUARDED.” GUARDED means that FB-ISAO is unaware of any specific events, but a general risk of incidents exists.
Vandalism, property damage, harassment, and communicated threats continue to highlight the various threats faced by Faith-Based Organizations (FBO). Following on the January 2022 hostage and barricade situation at a synagogue in Colleyville, Texas, and the shooting at a Presbyterian church in Laguna Woods, California, in May, other notable events related to recent threats as reported in FB-ISAO reporting include:
- The sign of the Colorado Springs headquarters of the evangelical Christian ministry Focus on the Family was defaced. “Their blood is on your hands” and “five lives taken” were spray-painted onto the sign. In a similar vein, two Christian groups in Omaha, Nebraska, said on 3 December that they received threatening notes tied to radical abortion group Jane’s Revenge. One note threatens members will “shoot up” pro-lifers. These are instances in which FBOs are being targeted because of its advocacy of certain social, political, or ideological views.
- On 26 November, a car drove into a crowd of holiday shoppers at a Christmas Market in Congleton, Cheshire. Though there were no injuries, and the attack does not appear to be terror-related, it does highlight risks associated with outdoor events and activities.
- On 19 November, two men were arrested and charged in connection with online threats to attack a New York City synagogue. The arresting officers seized a semi-automatic weapon with a 30-round magazine; a Nazi armband; a large hunting knife; a bullet proof vest; and a black ski mask. It was believed that an imminent attack may have been prevented.
- On 14 November, the FBI announced that since January 2022, more than 50 HBCUs, houses of worship, and other faith-based and academic institutions across the country have received racially motivated threats of violence.
- On 10 November, FBI Director Christopher Wray made a statement to the Anti-Defamation League that “a full 63% of religious hate crimes are motivated by antisemitism—targeting a group that makes up just 2.4% of our population.”
- On 10 November, a New Jersey man was arrested after sending a manifesto online with threats to attack a synagogue and Jewish people, according to federal prosecutors. The man “expressed radical, extremist views and ideology, as well as an extreme amount of hate against the Jewish community.”
- While not an explicit threat, there have been several instances of prominent public figures including celebrities and politicians espousing antisemitic language and meeting with known antisemites and white supremacists. These actions, exacerbated by the recent lifting of hate-speech restrictions on Twitter, harbinger the ‘mainstreaming’ or ‘normalizing’ of racist and antisemitic rhetoric and bias/hate incidents, and have been celebrated by extremists.
- We note the recent occurrence of multiple letter bombs sent to Ukrainian embassies, the US Embassy and several defense contractors in Spain.
Following the May 2022 leak of the impending SCOTUS decision in Dobbs v Jackson that overturned the constitutional right to abortion, protesters vandalized over 130 churches and pro-life support facilities through October. Catholic Vote trackers cited attacks against at least 86 Catholic churches and 76 pregnancy resource centers and other pro-life organizations through early November. The National Abortion Federation reported that “incidents of arson, vandalism, blockades, bomb threats, and death threats doubled compared to May through August 2021.”
In addition, the Gay and Lesbian Alliance Against Defamation (GLAAD) reported that radical activists have targeted over 124 drag events this year, culminating in the 20 November shooting at a LGBTQ bar in Colorado Springs that killed 5 and wounded 25 patrons. Protests were widespread, occurring all but 2 states, with the majority in Texas, North Carolina, and Illinois.
The above incidents, many of which have occurred in the past quarter, are reflected in the latest National Terrorism Advisory System (NTAS) Bulletin, dated November 30, 2022. Specifically, “the United States remains in a heightened threat environment. Lone offenders and small groups motivated by a range of ideological beliefs and/or personal grievances continue to pose a persistent and lethal threat to the Homeland.” In addition, targets noted in the NTAS include “public gatherings, faith-based institutions, the LGBTQI+ community, schools, racial and religious minorities, government facilities and personnel, U.S. critical infrastructure, the media, and perceived ideological opponents.” The continuous threat against Faith-Based Organizations in particular led DHS to reconstitute the Faith-based Security Advisory Council (FBSAC) which “serves as an advisory body with the purpose of providing guidance and recommendations to the Secretary” on a variety of matters. We are proud that FB-ISAO Executive Director Mayya Saab is a member of this committee and contributes to the protection of FBOs.
Despite the lack of credible, specific threats, FB-ISAO and the Organizational Resilience Group remain concerned of ongoing stressors that cause risks to FBOs, workplaces, and public settings. Some domestic violent extremists continue to associate FBOs with policies and beliefs that continue to carry over from the pandemic, recent election cycles, as well as the ongoing holiday activities with their related risks and threats of violence. These concerns are coupled with continued foreign ideological extremist and domestic extremist propaganda and encouragement for violence. Active shooter incidents alone are up almost 100% since 2020, with more than 600 counted in the first eleven months of 2022. Continued caution and situational awareness is advised; continue to monitor the FB-ISAO daily journal and SLACK channels for threat information and review any holiday plans to ensure that adequate precautions against possible acts of violence are taken. Consult with local law enforcement regarding any special intelligence they may have that could impact on your plans.
CYBER THREAT: The TIG has determined to maintain the Cyber Threat Level at “GUARDED.” GUARDED means FB-ISAO is unaware of any specific or targeted cyber attacks, but a general and pervasive risk of cyber attacks exists. We continue to encourage preparedness and vigilance against routine threats and ongoing challenges such as ransomware and known exploited vulnerabilities.
- Tis the season for Holiday scams…the holiday season, coupled with severe weather, and upcoming key events (never too early for tax and romance scams) make this a winter wonderland for many threat actors who leverage scams to target individuals of all backgrounds and demographics.
- In addition, despite improvements in defensive security posture, ransomware remains a viable and disruptive event. These attacks on vendors and supply chain partners are a primary concern and FBOs are encouraged to develop and exercise incident response plans, to include communications, outreach, and reporting procedures.
- As always, geopolitical events and perceived political positions and other high-profile issue positions by FBOs or their leadership – real or perceived – may result in hacktivism or other online attacks, such as was experienced in an attack on the Papal website believed to be a related to Russia’s invasion of Ukraine.
The TIG will continue to assess the Cyber Threat Level and provide updates accordingly. Likewise, the cyber threat landscape will be continuously monitored, but this Cyber Threat Level determination is valid until further notice.
PANDEMIC THREAT: The TIG has determined to keep the Pandemic Threat Level at “GUARDED.” GUARDED means FB-ISAO has determined that there is no specific threat at this time and there is no specific outbreak or variant of significant concern. We note concerns regarding the onset of flu season, the rise and impact of RSV cases among infants and the elderly, and their effects on hospitals and public health infrastructure. We continue to be alert to a general risk of further disease outbreaks, and we continue to monitor rising cases and viruses occurring other parts of the world. Of note, the World Health Organizations recently expressed concern about the risk of measles around the world, especially in light of declining vaccinations resulting in outbreaks in countries that had previously eliminated the virus. Related to COVID, the success of vaccinations and availability of boosters has been encouraging, and FB-ISAO continues to monitor the spread of emerging variants. The potential of a new significant variant exists, and we believe that maintaining vaccinations, and being prepared to reestablish necessary safety protocols is important. The TIG will continue to assess the Pandemic Threat Level regularly and provide updates accordingly.
GENERAL. Given recent events and the known challenges of the upcoming holiday season, it is an important time for organizations to reassess their security processes and procedures. In addition, it is a good time to remind all employees, as well as members of their role in identifying suspicious events and how to respond appropriately to incidents. It is also important to note upcoming all-hazards preparedness, especially the risk of La Niña climate impacts, severe winter weather and the advent of hurricane season. Regardless of your institution’s exposure’s direct exposure to these impacts, this is an important time to review preparedness activities.
Members at the Champion and Hero levels are encouraged to review recent weekly reports that have included some related information and mitigation ideas. Additionally:
- Please refer to this post for an explainer on the FB-ISAO Threat Levels.
- Please refer to the current National Terrorism Advisory System (NTAS) Bulletin, date 30 November 2022 (expires, 24 May 2023)
- CISA SHIELDS UP information and guidance regarding Ukraine invasion-related threats.
- Please refer to this valuable resource developed by the Cybersecurity and Infrastructure Security Agency: Mitigating Attacks on Houses of Worship Security Guide.
Additional resources.
FB-ISAO maintains a resources page which may be accessed here and includes:
- Physical Threat (and given recent mail threats in Europe, members may want to review the Mail and Package and Bag Checks resources)
- Preparedness
- Cybersecurity
- Insider Threat
- Domestic Terrorism Threat
- Health and Natural Disaster
- Preparedness Videos and Training
- Resources for Schools
- COVID-19 and Pandemic Resources
- Domestic Terrorism Threat
Regular updates are being shared in the Faith-Based Daily Journal.
A good reference: NJCCIC Advisory: Cybersecurity Considerations as Geopolitical Tensions Increase
Cybersecurity Resources:
- CISA SHIELDS UP in particular.
- U.K. NCSC guidance on steps to take when the cyber threat is heightened
- Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure
- Russia Cyber Threat Overview and Advisories
International Travel Resources:
- U.S. Department of State—Bureau of Consular Affairs: Ukraine Travel Advisory
- U.S. Department of State—Bureau of Consular Affairs: Information for U.S. Citizens in Ukraine
- U.K. Foreign travel advice—Ukraine
Business Continuity Resources
- Continuity of Operations (COOP), Federal Emergency Management Agency (FEMA)