This DAP highlights – Neo-Nazis in Ohio and faith-based organizations targeted by multiple ransomware gangs. DAP also has More Faith-Based Stories and Select All-Hazard Stories. These updates are shared to help raise the situational awareness of Faith-Based organizations to best defend against and mitigate the impacts from all-hazards threats including physical security, cybersecurity, and natural disasters.
Faith-Based Daily Awareness Post 20 August 2024
- cybersecurity, faith, General, Headlines, News, preparedness, Resilience, resiliency, Resources, security, threat assessment
Faith-Based Security Headlines
These updates are shared to help raise the situational awareness of Faith-Based organizations to best defend against and mitigate the impacts from all-hazards threats including physical security, cybersecurity, and natural disasters.
Best Laid Plans: TA453 Targets Religious Figure with Fake Podcast Invite Delivering New BlackSmith Malware Toolset | Proofpoint US
Starting 22 July 2024, TA453 contacted multiple email addresses for a prominent Jewish figure while pretending to be the Research Director for the Institute for the Study of War (ISW). The lure purported to invite the target to be a guest on a podcast hosted by ISW. After receiving a response from the target (outside of Proofpoint visibility), TA453 replied with a DocSend URL. The DocSend URL was password protected and led to a text file that contained a URL to the legitimate ISW Podcast being impersonated by TA453. It is likely that TA453 was attempting to normalize the target clicking a link and entering a password so the target would do the same when they delivered malware.” Key findings:
- Proofpoint identified Iranian threat actor TA453 targeting a prominent religious figure with a fake podcast interview invitation.
- The initial interaction attempted to lure the target to engage with a benign email to build conversation and trust to then subsequently click on a follow-up malicious link.
- The attack chain attempted to deliver a new malware toolkit called BlackSmith, which delivered a PowerShell trojan dubbed AnvilEcho by Proofpoint.
- The malware, which uses encryption and network communication techniques similar to previously observed TA453 samples, is designed to enable intelligence gathering and exfiltration.
- AnvilEcho contains all of TA453’s previously identified malware capabilities in a single PowerShell script rather than the modular approach previously observed.
Analyst Comments:
Members can expect to see a more detailed analysis of this threat in next week’s FB-ISAO Security Advisory.
Phishing occurs when criminals try to get us to open harmful links, emails or attachments that could request our personal information or infect our devices. Phishing messages or “bait” usually come in the form of an email, text, direct message on social media or phone call. These messages are often designed to look like they come from a trusted person or organization, to get us to respond. CISA offers three simple tips to avoid phishing scams.
Recognize: Look for these common signs:
- Urgent or emotionally appealing language, especially messages that claim dire consequences for not responding immediately
- Requests to send personal and financial information
- Untrusted shortened URLs
- Incorrect email addresses or links, like amazan.com
A common sign used to be poor grammar or misspellings although in the era of artificial intelligence (AI) some emails will now have perfect grammar and spelling, so look out for the other signs.
Resist: If you suspect phishing, resist the temptation to click on links or attachments that seem too good to be true and may be trying to access your personal information. Instead, report the phish to protect yourself and others. Typically, you’ll find options to report near the person’s email address or username. You can also report via the “report spam” button in the toolbar or settings.
Delete: Delete the message. Don’t reply or click on any attachment or link, including any “unsubscribe” link. Just delete.
Best Practices for Securing Your Donation Sites
Many Faith-Based Organizations use online donation / giving sites where they can collect dues, tithes and other gifts. These types of tools enable members of the congregation to give securely from anywhere, at any time. They may include features such as secure payment processing to accept donations via credit/debit cards, ACH transfers, and mobile wallets, recurring giving that helps set up automated contributions, customizable donation forms to collect specific information from donors, donation tracking to provide donors with contribution summaries for tax purposes, and communication tools to send thank-you notes to donors.
Analyst Comments:
This new Security Awareness product from the FB-ISAO provides key details that organizations should be considering to fortify their donation sites. Some of the key considerations that are expanded upon in the document are:
- Use a secure payment gateway
- Consider CAPTCHA and MFA when creating donation web forms
- Update website with latest security patches
- Install a website firewall
- Avoid storing Personal Identifiable Information (PII) on your site
- Limit access to sensitive data
Members are encouraged to review the full document for additional insights and best practices.
100,000 Impacted by Jewish Home Lifecare Data Breach
New York City-based nonprofit healthcare organization Jewish Home Lifecare has revealed that a data breach disclosed earlier this year impacts more than 100,000 individuals. Jewish Home Lifecare, which is now called The New Jewish Home and which specializes in providing healthcare services to the elderly, informed customers in February that it had discovered unusual activity on its network on January 7.
It said at the time that hackers may have gained access to information related to patients and other members of the community, including their name, address, date of birth, Social Security number, financial account information, payment card information, passport number, and medical record and medical treatment details.
Analyst Comments:
The ransomware group known as Alphv and BlackCat took credit for the attack on Jewish Home Lifecare in February 2024. The cybercriminals claimed at the time that they had obtained clinical research databases, financial documents, employee and client documents, and “documents proving misuse of donated funds”. The hackers posted several screenshots in an effort to demonstrate their claims.
It’s unclear if the stolen files were ever made public on the ransomware group’s website. BlackCat disappeared from the scene in early March in what appeared to be an exit scam, and its website is no longer accessible.
You can read more from CISA about ALPHV/BlackCat here, and as we shared yesterday, CISA offers many ransomware resources including their Stop Ransomware website.
CISA recommends the following mitigation steps to fight against ransomware:
- Routinely take inventory of assets and data to identify authorized and unauthorized devices and software.
- Prioritize remediation of known exploited vulnerabilities.
- Enable and enforce multifactor authentication with strong passwords.
- Close unused ports and remove applications not deemed necessary for day-to-day operations.
More Faith-Based Stories
South Carolina church secretary accused of stealing $404K from congregation
“It was like home.” Fire damaging historic Nevada, Mo., church investigated as arson
Chula Vista elementary school vandalized with racial slurs, swastikas
MCPD Respond to Reports of Bias-Related Vandalism at Multiple MCPS Schools
Protecting Places of Worship Weeks of Action- Fall Religious Observance Security Briefing
Select All Hazard Stories
Anti-Israel march on DNC draws smaller crowd than predicted
Joint ODNI, FBI, and CISA Statement on Iranian Election Influence Efforts
Columbus officials warn victims, witnesses after ransomware leak of prosecutor files
National Public Data Published Its Own Passwords
Mitigating Active Shooter Risks Through Lessons Learned and Existing Standards
Firefighters significantly tame California’s fourth-largest wildfire on record
FBI Announces Nationwide ‘Take A Beat’ Campaign to Increase Awareness of Frauds and Scams
More Security-focused Content
The FB-ISAO’s sponsor Gate 15 publishes a free daily newsletter called the SUN. Curated from their open source intelligence collection process, the SUN informs leaders and analysts with the critical news of the day and provides a holistic look at the current global, all-hazards threat environment. Ahead of the daily news cycle, the SUN allows current situational awareness into the topics that will impact your organization. To sign-up for the SUN, send an email to [email protected].
Related Posts
This DAP highlights – Anniversary of the Hate Crimes Prevention Act and CISA publishes venue guide for security considerations. DAP also has More Faith-Based Stories and Select All-Hazard Stories. These updates are shared to help raise the situational awareness of Faith-Based organizations to best defend against and mitigate the impacts from all-hazards threats including physical security, cybersecurity, and natural disasters.
This DAP highlights – Neo-Nazi marches and OIDAC Europe Report 2024. DAP also has More Faith-Based Stories and Select All-Hazard Stories. These updates are shared to help raise the situational awareness of Faith-Based organizations to best defend against and mitigate the impacts from all-hazards threats including physical security, cybersecurity, and natural disasters.