Faith-Based Daily Awareness Post 13 March 2024

These updates are shared to help raise the situational awareness of Faith-Based organizations to best defend against and mitigate the impacts from all-hazards threats including physical security, cybersecurity, and natural disasters.

FB-ISAO Newsletter

Volume 6, Issue 3

March-2024

Stories in this month’s newsletter include:

• Keeping Your WordPress Website Secure

This story includes security measures for the popular web content management system and common indicators that your WordPress site has been hacked.  

• Considerations for the Use of Security Cameras

The benefits of security cameras and planning considerations for cameras are discussed in this story.

The newsletter also Spotlights the FB-ISAO Community Meeting (21 March at 12pm ET).

The newsletter also covers the FB-ISAO Advisory Board, current Threat Levels, how to join FB-ISAO, and upcoming FB-ISAO events.

The March 2024 Newsletter has been directly distributed to members and may be accessed here.

Want this newsletter delivered directly to your inbox each month? Membership in FB-ISAO is open to all Faith-Based Organizations including Houses of Worship, Charities, Faith-Based Schools and their affiliated organizations. Join FB-ISAO!

The 2024 Sophos Threat Report: Cybercrime on Main Street

Based on that data and Sophos threat research, we see that ransomware continues to have the greatest impact on smaller organizations. But other threats also pose an existential threat to small businesses:

• Data theft is the focus of most malware targeting small and medium businesses-password stealers, keyboard loggers, and other spyware made up nearly half of malware detections. Credential theft through phishing and malware can expose small businesses’ data on cloud platforms and service providers, and network breaches can be used to target their customers as well.
• Attackers have stepped up the use of web-based malware distribution-through malvertising or malicious search engine optimization (“SEO poisoning”)-to overcome difficulties created by the blocking of malicious macros in documents, in addition to using disk images to overwhelm malware detection tools.
• Unprotected devices connected to organizations’ networks-including unmanaged computers without security software installed, improperly configured computers and systems running software fallen out of support by manufacturers-are a primary point of entry for all types of cybercrime attacks on small businesses.
• Attackers have turned increasingly to abuse of drivers-either vulnerable drivers from legitimate companies or malicious drivers that have been signed with stolen or fraudulently obtained certificates-to evade and disable malware defenses on managed systems.
• Email attacks have begun to move away from simple social engineering toward more active engagement with targets over email, using a thread of emails and responses to make their lures more convincing.
• Attacks on mobile device users, including social engineering-based scams tied to the abuse of third-party services and social media platforms, have grown exponentially, affecting individuals and small businesses. These range from business email and cloud service compromise to pig butchering scams.

Analyst Comments:

Sophos reports on cyber threats to small and medium businesses. Many Faith-Based Organizations (FBO) can be thought of as small or medium businesses. As such, the information in the Sophos report can be useful to FBOs.

Also, FB-ISAO’s 06 October 2023 Daily Awareness Post contains many cybersecurity resources.

As always, Faith-Based ISAO’s website provides resources in the Resource Library, including information on Protecting Digital Assets.