This DAP highlights – GMU student charged in mass-casualty plot targeting Jews. DAP also has More Faith-Based Stories and Select All-Hazard Stories. These updates are shared to help raise the situational awareness of Faith-Based organizations to best defend against and mitigate the impacts from all-hazards threats including physical security, cybersecurity, and natural disasters.
Faith-Based Daily Awareness Post 15 September 2023
- cybersecurity, faith, General, Headlines, News, preparedness, resiliency, Resources, security, threat assessment
Faith-Based Security Headlines
These updates are shared to help raise the situational awareness of Faith-Based organizations to best defend against, and mitigate the impacts from all-hazards threats including physical security, cybersecurity, and natural disasters.
Diocese of Virginia among victims in $400,000 cyberattack on church investment funds
The Episcopal News Service has reported that more than $400,000 was stolen in a cyberattack on the trust funds managed on behalf of the Diocese of Virginia and its churches, prompting the diocese’s fund manager to implement new security measures.
The fraud occurred in November and December 2022. After it was discovered, the diocese first released details in January, though the full scope of the attack wasn’t known until more recently, according to statements released on Sept. 8.
The cyberattack involved three transactions, two intended for parishes and one for the diocese. Cyber criminals were able to divert $412,868 in payments to unauthorized accounts. The fraud was discovered when the two parishes notified the diocese’s investments manager, known as Trustees of the Funds, that they had not received the $327,541 requested in withdrawals from their two accounts. Another payment of $85,327 intended for the diocese also was diverted, but that fraud was not detected until recently because it was part of a routine distribution.
Analyst Comments:
This is not the first of this type of cyber attack against faith-based organizations. FB-ISAO has written many reports to its members advising and warning of these types of incidents. The attack relies on social engineering to impersonate a trusted entity. This attack is a phishing-based tactic known as a Business Email Compromise (BEC) and is one of the most prolific types of cyber attacks today.
The success of this attack is in its ability to bypass technical email controls and engender the recipient that the stated request is legitimate by posing as someone they currently transact business with. The scam typically targets people who deal with finances and ultimately instructs them to change the account number where requested funds are to be sent – it is typically part of an expected payment, such as an invoice, or in this case the request of a distribution from an investment account.
Because this attack is purposefully designed to trick users, one of the best defense methods is cybersecurity awareness training and recurring refreshers to remind staff and volunteers of these types of scams. It is also important that strict security protocols be put in place to verify and validate such requests and that staff and volunteers closely follow established procedures.
To assist with greater cybersecurity awareness to protect your faith-based organization, visit Faith-Based ISAO’s Cybersecurity Resources page. Additionally, members are encouraged to check out this post (from Huntress) if your FBO deals with any sort of payments. The post discusses a BEC incident – it doesn’t use any fancy/techy language and is appropriate for all staff. As Huntress states and is typical for BEC attacks, this incident wasn’t flagged by a flashy security tool or even its own solution. This is a story of good ol’ fashioned security awareness training and security-focused business procedures.
More Faith-Based Stories
Jesus statue beheaded at Louisiana catholic school; vandalism suspect sought
Thief steals gas from South Carolina church bus; Pastor invites thief to church
Hong Kong employers ‘should discuss religious practices’ with helpers before hiring
‘I’m going to massacre you’: Young Jewish man attacked in Marseille
Conyers Police call synagogue bomb threat ‘a hoax’
‘A little more alert than usual’: Dogs, security checks at US synagogues for festivals
Biden to Jewish leaders: I have your back
US Homeland Security assures synagogues will be safe for Jewish high holidays
CAIR-OK Highlights Growth of Muslim Community, Ongoing Islamophobia in New Guide
CAIR-Texas Welcomes Guilty Pleas for 2015 Anti-Muslim Murder of Man in Dallas
Missouri pastor who called autism a ‘demon’ resigns from school board after backlash
“Deepfakes” Are AI-Produced Digitally Manipulated Media (Churchleaders.com)
US school shootings reach new high, doubled in past year
DHS Continues to See High Risk of Foreign and Domestic Terrorism in 2024 Homeland Threat Assessment
Secretary Mayorkas Delivers Remarks at a Homeland Security Advisory Council Meeting
ADL: Hate Parties: Sharing Links on Fringe Platforms Drives Antisemitic Comments on YouTube
Neo-Nazi protests organizer previously cited for littering antisemitic material
Select All-Hazards Stories
Weather Happens – CISA Helps Keep Critical Infrastructure Prepared
Hurricane Watches and Tropical Storm Warnings as Hurricane Lee continues moving north towards New England and the Atlantic Canada National Weather Service
Key Messages regarding Hurricane Lee
FEMA Advisory: FEMA Urges Public to Prepare Ahead of Hurricane Lee, Pay Attention to Local Officials (September 14, 2023)
President Joseph R. Biden, Jr. Approves Maine Emergency Declaration
President Joseph R. Biden, Jr. Approves New Hampshire Disaster Declaration
The world just sweltered through its hottest August on record
Feature Article: SAGE Advice—S&T Collaborates with Canada on Emergency Response Best Practices
CISA panel pitches idea of a National Cybersecurity Alert System
Watch: US CCTV shows airport staff allegedly stealing from bags
Social media firms ‘not ready to tackle misinformation’ during global elections
More countries are concerned about the iPhone 12’s EMF radiation profile
Hackers say they stole 6 terabytes of data from casino giants MGM, Caesars
The Cybersecurity 202 – DHS warns about 2024’s cyberthreats
Pay your student loans — not scammers
CISA Adds One Known Vulnerability to Catalog (for Adobe Acrobat and Reader)
Microsoft promises to act as Teams continues to get pummeled by phishing attacks
Threat actors target remote endpoints to conduct BECs, steal credentials and load malware
Wordfence Intelligence Weekly WordPress Vulnerability Report (September 4, 2023 to September 10, 2023)
Drupal security advisory (AV23-557)
More Security-focused Content
The FB-ISAO’s sponsor Gate 15 publishes a free daily newsletter called the SUN. Curated from their open source intelligence collection process, the SUN informs leaders and analysts with the critical news of the day and provides a holistic look at the current global, all-hazards threat environment. Ahead of the daily news cycle, the SUN allows current situational awareness into the topics that will impact your organization. To sign-up for The SUN, please sign up below.
Add Your Heading Text Here
Related Posts
This DAP highlights – Abundant Life Christian School shooter had disturbing fascination with other school shooters / CDC Confirms First Severe Case of H5N1 Bird Flu in the United States. DAP also has More Faith-Based Stories and Select All-Hazard Stories. These updates are shared to help raise the situational awareness of Faith-Based organizations to best defend against and mitigate the impacts from all-hazards threats including physical security, cybersecurity, and natural disasters.
This DAP highlights – Police chief: 'Combination of factors' likely fueled motive in Abundant Life Christian School shooting. DAP also has More Faith-Based Stories and Select All-Hazard Stories. These updates are shared to help raise the situational awareness of Faith-Based organizations to best defend against and mitigate the impacts from all-hazards threats including physical security, cybersecurity, and natural disasters.