FB-ISAO Raises Cyber Threat Level to “ELEVATED”

FB-ISAO‘s Cyber Threat Intelligence Group (CTIG) is closely monitoring COVID-19 and accompanying coronavirus-themed cyber threats and scams. Based on the current situation, the CTIG has decided to increase the Cyber Threat Level from “GUARDED,” to “ELEVATED,” as of 20 March 2020. The CTIG will continue to assess the Cyber Threat Level and provide updates accordingly. At present, this increase is valid through sunset on 31 March 2020, but will be re-evaluated periodically. Please refer to this post for an explainer on the FB-ISAO Threat Levels.

Cyber Threat Level. It is out of an abundance of caution that FB-ISAO has assessed the general Cyber Threat Level for U.S. Faith-Based Organizations as “ELEVATED.” As per FB-ISAO’s definitions of the Threat Levels, “ELEVATED” means FB-ISAO is not aware of any specific or targeted cyber threats, but there is a concern that the general risk of cyber threat activity is higher than normal.

We are all targets of opportunity, and malicious cyber actors are expectedly using this opportunity to prey on our curiosity, concern, anxiety, and fear during this tumultuous time. The increase of threats from coronavirus-based cyber attacks and scams were expected and are akin to spikes in seasonal scams, such as those waged during holiday and tax filing seasons, etc. But seasonal scams have a predictable and somewhat finite (albeit annually repeated) lifecycle. With many organizations, employees, and citizens in a state of flux and uncertainty, cyber threat actors have significantly stepped up their campaigns in hopes to capitalize on the numerous distractions and our eagerness for greater situational awareness during this time. With nearly everyone working and learning from home for the foreseeable future, cyber attackers are leveraging theses added distractions in their social engineering tactics. In other words, while the physical responses and manifestations are of the utmost importance during this pandemic, we live in a digital world, and that is how most people seek and obtain their information. Malicious cyber actors are no respecters of crisis’ and do not hesitate to use whatever means necessary to attack us; they follow the online news cycle and understand the online messaging organizations are disseminating. They continue to use likenesses we trust with subjects we expect to entice us to open their phishing emails, click on their fake websites, or spread their disinformation campaigns – all pretending to be trusted and authoritative sources.

Under normal circumstances, the use of coronavirus-themed cyber attack campaigns are actually more aligned with our lowest level of threat, which is “GUARDED.” GUARDED means FB-ISAO is unaware of any specific or targeted cyber attacks, but a general risk of cyber attacks exist. However, while this is the case, given the ongoing pandemic, widespread teleworking, abundance of news and updates from endless sources, and commensurate abounding distractions in businesses and homes across the United States, we assess that “ELEVATED” is a reasonable level at this time.

“What does this mean to me?” Given the very diverse nature of the populations at faith-based organizations – from places of worship to charities, schools, and others, we are encouraging FBOs to assess the evolving cyber threats to their places and people and consider appropriate actions to mitigate risk. Among those considerations and possible actions:

• Constantly assess the threat, operations, and mitigation activities.
  • We encourage members to review the FB-ISAO Daily Journal for general and cyber threat awareness, updates and ideas on what other organizations are doing.
  • Join the #covid-19 channel and #cybersecurity channel in FB-ISAO Slack to see more updates, details and conversation on this threat, and share your questions, ideas, and actions for others.
  • As employees are telecommuting (hopefully from home), enable them to do so securely. StaySafeOnline has a COVID-19 Security Resource Library with a compilation of numerous trusted and verified resources to enable safe telecommuting.
  • Provide threat awareness training to staff. There are many open source examples of emails, lures, images, and indicators of compromise being shared daily in the FB-ISAO Daily Journal. Consider finding appropriate ways to use that information to educate and better prepare staff. FB-ISAO is happy to help members develop education and cybersecurity awareness materials to disseminate to staff.

• Stop the spread (of malware).
  • Implement enhanced cyber hygiene procedures and increase cybersecurity awareness.
  • While it is understandable that we are all watching the physical trends and doing our part to stop the spread of the virus, it is important to remind staff they also play a vital role in stopping the spread of the coronavirus-themed malware that may evade your organization’s blocking technologies.
  • With countless organizations providing daily COVID-19 status updates and situational reports, it is crucial that we trust but verify before opening any emails or visiting websites that appear to be from legitimate or authoritative sources.
  • Rule of thumb: If you did not subscribe to it, delete it. Authoritative sources such as WHO and CDC will NEVER randomly send emails to anyone who did not actively subscribe to receive their updates.

This assessment has been developed by FB-ISAO and is our general, nationwide, cyber threat assessment for the U.S. community of faith. As always, for local threat information, members are encouraged to work closely with neighborhood partners, local law enforcement, state and local fusion centers, local FBI field offices, DHS Protective Security Advisors (PSAs), Cybersecurity Advisors (CSAs), and other local experts and responders.