Faith-Based Daily Awareness Post 26 February 2025

These updates are shared to help raise the situational awareness of Faith-Based organizations to best defend against and mitigate the impacts from all-hazards threats including physical security, cybersecurity, and natural disasters. 

Weekly Security Sprint EP 100! Hitting the century mark with DOGE, CISA and insider threat 

The Gate 15 Security Sprint is a weekly rundown of the week’s notable all-hazards security news, risks and threats and some of the key focus areas for organizations to consider behind the headlines. Gate 15 team members discuss physical security, cybersecurity, natural hazards, health threats and other issues across our environment.   

In this week’s Security Sprint, Dave and Andy covered the following topics:

• DOGE 
• The private sector 
• Insider threats 
• Info sharing  

Information on other Gate 15 podcasts can be found here. 

A Disney Worker Downloaded an AI Tool. It Led to a Hack That Ruined His Life 

Matthew Van Andel, a Disney employee, experienced a major hack after downloading a free AI tool from GitHub. The software, which created AI-generated images, was actually malware that gave hackers access to his computer and sensitive data. The hacker stole Van Andel’s work login credentials, personal information, and private communications, including Slack messages from Disney. The breach exposed millions of internal Disney messages and private data, causing significant personal and professional turmoil for Van Andel.  

After the hack, Van Andel’s credit card details were used fraudulently, and his job at Disney was terminated due to alleged misconduct related to inappropriate content on his work device, which he denies. 

 Analyst Comments: This case emphasizes the overlap between personal and professional security. In Van Andel’s situation, his personal device served as the entry point for the breach of Disney’s internal systems. It is important to review any tool before downloading, particularly when it involves AI or other advanced technologies, as these can sometimes contain hidden malicious code. 

• Protect Your Personal Information Hackers and Scammers 

Pro-ISIS Media Outlet Releases Poster Targeting Festivals in Europe 

The National Counterterrorism Center (NCTC) is reporting that on the 24th of February 2025, a pro-ISIS media outlet, Al-Saif Media, released a poster titled “Choose Your Next Target!” which listed four upcoming festivals and parades in Europe as potential targets for attacks. The poster also included images of a bloody knife and pistol, encouraging attacks at these events. 

Analyst Comments: We have uploaded this advisory, along with another recent (U//FOUO) NCTC publication which examines extremists using vehicles as weapons, to Slack. It is important to note that religious events and ceremonies remain attractive targets, and understanding adversary attack methods can help refine threat assessments.  

As always, FB-ISAO’s website has valuable resources at Resource Library – FB-ISAO 

Reminders of FB-ISAO Events  

The next session in our monthly education on standing up teams takes place on 05 March 2025 at 12pm ET.  

The discussion will focus on developing and training the operational team. Protecting houses of worship is a unique undertaking due to the particulars of the environment and the community being served. Bearing in mind that the very nature of the threat environment is always dynamic and the teams flexibility to work with those dynamics will be paramount to its success. While developing a team, it is very important to remember that training that should focus on the original vision. Members of the team should have corresponding skills that meet the unique circumstances for each house of worship. And while it is beneficial to leverage the existing skill set of the members of the team, it is equally important to avoid making assumptions about the applicability of their prior training. 

Register HERE. 

For information on these and other events, go to Events – FB-ISAO.