FB-ISAO Raises Physical Threat Level to “CRITICAL,” Maintains Cyber Threat Level at “ELEVATED”

The COVID-19 global pandemic is a complex and blended threat impacting members and the broader faith-based and charity community in numerous ways. FB-ISAO’s Threat and Incident Response Group (TIG) has continued to assess the ongoing threats and risks to our community and has made the following updates:

The TIG has determined to increase the Physical Threat Level from “SEVERE,” to “CRITICAL,” – our highest level of threat – as of 31 March 2020. The TIG will continue to assess the Physical Threat Level and provide updates accordingly. At present, this increase is valid through sunset on 30 April 2020, but that will be periodically re-evaluated.

The TIG has determined to maintain the Cyber Threat Level at “ELEVATED,” as it has been since 20 March 2020. The TIG will continue to assess the Cyber Threat Level and provide updates accordingly. At present, this increase is valid through sunset on 30 April 2020, but that will be periodically re-evaluated.

• Please refer to this post for an explainer on the FB-ISAO Threat Levels.
• Please see this post for the previous update to the physical threat level: FB-ISAO Moves Threat Level to “SEVERE,” 13 Mar.
• Please see this post for the previous update to the cyber threat level: FB-ISAO Raises Cyber Threat Level to “ELEVATED,” 21 Mar.

Regarding the cyber threat level, we do not assess a significant change from the 21 Mar assessment. We do consider a higher level of risk as organizations move to online processes – from routine assemblies to special events, and for online giving.

• The ploys are the same, but the deluge is unprecedented – With work, learning, and worship from home being status-quo for awhile, tactics leveraging coronavirus themes will likely continue to increase at an exponential rate before they plateau, as individuals who are not used to near-exclusive level of online interactions are bombarded with cyber attacks such as phishing, smishing (SMS phishing), disinformation, and counterfeit websites.
• Think critically – Cyber attackers will continue their attacks to seek financial gain or sow seeds of rumors and disinformation to create chaos and confusion for their amusement.
• Trust but verify – FB-ISAO members are encouraged to treat every coronavirus-themed communication or situational report with suspicion.

Regarding the physical threat level, the escalating threat of coronavirus in the United States and many countries around the world is on an upward trajectory and it is expected that the number of cases will increase in the coming weeks. Based on the health threat alone, we urge members to follow national guidance and state and local direction and, as directed, to limit the size of gatherings or to forgo physical assemblies, in accordance with that guidance. FB-ISAO strongly discourages defying state and local guidance and directives.

Beyond the pandemic threat on its own:

• With the upcoming major holidays of Passover and Easter;
• Continued extremist interest in conducting various attacks and hostile actions against people and places of faith (to include specific anti-Semitic rhetoric relating to exploiting COVID-19; see previous FB-ISAO reporting);
• As well as the anniversary of complex coordinated terrorist attacks in Sri Lanka last Easter, and other incidents that may serve to inspire extremists;

We assess the month of April to be a CRITICAL threat period.

Recent and upcoming reports and public posts speak to ideas elaborating on these various threats and on mitigation, including the public posts listed above, and recent weekly reports on maintaining preparedness for non-health threats during this pandemic and on upcoming threats. Please contact our team with any questions, needs for information, assistance or any other concerns.

• We encourage members to review the FB-ISAO Daily Journal for general threat awareness, updates and ideas on what other organizations are doing.
• Join the #covid-19 channel in FB-ISAO Slack to see more updates, details and conversation on this threat, and share your questions, ideas and actions for others.

This assessment has been developed by FB-ISAO and is our general, nationwide, cyber threat assessment for the U.S. community of faith. As always, for local threat information, members are encouraged to work closely with neighborhood partners, local law enforcement, state and local fusion centers, local FBI field offices, DHS Protective Security Advisors (PSAs), Cybersecurity Advisors (CSAs), and other local experts and responders.