This DAP highlights – FB-ISAO: What We Learned About Ransomware Resilience / Six things we learned from the LockBit takedown / FRC Publishes New Edition of Hostility Against Churches Report Indicating a Doubling of Attacks / Nonprofit Security Grant Program Webinar Series info from FEMA Bulletin. Every DAP also has More Faith-Based Stories and Select All-Hazard Stories. These updates are shared to help raise the situational awareness of Faith-Based organizations to best defend against and mitigate the impacts from all-hazards threats including physical security, cybersecurity, and natural disasters.
The FB-ISAO Cyber Threat Intelligence, Operational Resilience (together, the Threat and Incident Response) working groups actively monitor and share information, reports, and perspective regarding our threat environment. We have reviewed the September 2023 Department of Homeland Security Homeland Threat Assessment and considered it alongside our continued observance of a broad array of general threats and hostility to people and places of faith. These include widespread acts of faith-based hostilities and open threats to faith-based organizations based on their religious and political beliefs – (including antisemitism, islamophobia, anti-Christian and anti-Sikh sentiment, etc.), regularly occurring acts of violence such as arson, vandalism, and low-level attacks including Swatting and bomb threats, as well as commodity cyberattacks seen in all communities including Business Email Compromise (BEC) and ransomware. Additionally, the TIG is closely monitoring the COVID-19 threat, events and rhetoric relating to the 2024 U.S. election season, along with other considerations that may pose direct or indirect risks to organizations.
Based on this review, we have determined to maintain threat levels at GUARDED, meaning that FB-ISAO is aware that a general risk of incidents exists, but there are no target or time specific threats requiring an escalation in our overall preparedness at this time.
- The Physical Threat Level is “GUARDED.” GUARDED means that FB-ISAO is unaware of any specific impending terrorism events although a general risk of incidents exists.
- The Cyber Threat Level is “GUARDED.” GUARDED means FB-ISAO is unaware of any specific or targeted cyber attacks, but a general and pervasive risk of cyber attacks exists.
PHYSICAL THREAT: The TIG has determined to keep the Physical Threat Level to “GUARDED.” GUARDED means that FB-ISAO is unaware of any specific events, but a general risk of incidents exists.
We assess that Faith-Based Organizations (FBO) will continue to face vandalism, property damage, theft, harassment, and communicated threats, as well as other low-level acts of violence and, in rare instances, actual physical assaults on individuals and facilities, whether motivated by hate, politics, or criminal gain. The possibility that an active assailant may target an FBO remains an enduring threat. Of note, over recent months, swatting threats have been observed at numerous faith-based facilities. The vast majority of these have been Jewish facilities but threats have also been received at churches and mosques. Given the ease in which these threats can be made and with no expected decrease in hostilities towards faith-based people and organizations, this trend is likely to continue in the near-term. We also remain concerned that societal/political issues, such as positions on abortion, LGBTQ rights, racial justice, and other divisive topics will continue to be flashpoints for protest and violence near or at FBOs. This concern increases as we progress into a contentious election season.
While these threats and incidents encourage a continued level of heightened vigilance at FBOs, we assess that the majority of these will mostly remain nuisance activities short of actual physical violence. Activities such as leafletting, banner drops, graffiti, vandalism, swatting, bomb threats, etc. are low level, low skill and low risk activities which minimally expose the perpetrators to actual criminal or physical consequences. They successfully create fear, because they create the perception of threat – the fear of attack, of being targeted, but with little or no physical impact or damage. Such activities, however, combined with other factors, may incite some individuals towards violence. While we expect most of these threats to be hollow, we strongly urge members and others to treat all threats seriously, have procedures in place and maintain situational awareness to ensure detection of critical indicators of potential individual, group, criminal, and even nation-state aggression. We encourage members to assess and incorporate local threat information reported by local law enforcement, fusion centers, FB-ISAO Daily Awareness Post, weekly reports and other updates, and incorporate the information into your on-going threat and vulnerability assessments. We also encourage you to record and share your own observations of suspicious activities at your House of Worship with your local community faith partners, and contribute Suspicious Activity Reports to your local law enforcement agency, fusion center, FB-ISAO, Department of Homeland Security, and other religious and secular organizations that collect, collate, analyze and report on adversary trends, tactics, and procedures. It is through the widest collection of SARs and other pre-incident indicators that government, law enforcement and other analysts build their analysis of developing trends in the threat environment and allow them to advise us on what to expect.
CYBER THREAT: The TIG has determined to maintain the Cyber Threat Level at “GUARDED.” GUARDED means FB-ISAO is unaware of any specific or targeted cyber attacks, but a general and pervasive risk of cyber attacks exists. We continue to encourage preparedness and vigilance against routine threats and ongoing challenges such as ransomware and known exploited vulnerabilities (of which there are now over a 1,000!).
- Common cybersecurity threats are an enduring threat to FBOs, as they are to all organizations. BEC and ransomware continue to be significant areas of concern. Beyond direct attacks on an FBO, these attacks may occur with vendors and other supply chain partners, with cascading risks and impacts to members. FB-ISAO has noted, and reported, on an uptick in cyber threats as that affect faith-based organizations.
- We continue to caution members on scams of all kinds. This includes gift card and related scams with criminals pretending to be known faith-based leaders. This also includes common scams like those that follow disasters, various types of elder fraud, sextortion, and others, as well as emerging scams such as QR Code Scams. CISA encourages users to review the Federal Trade Commission’s Staying Alert to Disaster-related Scams and Before Giving to a Charity, and CISA’s Using Caution with Email Attachments and Tips on Avoiding Social Engineering and Phishing Attacks to avoid falling victim to malicious attacks.
- As always, geopolitical events and perceived political positions and other high-profile issue positions by FBOs or their leadership – real or perceived – may result in hacktivism or other online attacks, such as was experienced in an attack on the Papal website believed to be a related to Russia’s invasion of Ukraine.
- It is important to take at least basic actions to reduce risk.
- Keeping staff aware of threats, tactics, techniques, and procedures used in common attacks, and how to protect themselves and the FBO is an important basic risk reduction measure.
- FBOs are encouraged to develop and exercise incident response plans, to include communications, outreach, and reporting procedures.
- A best way to reduce risk remains to keep all devices updated with current operating systems and software. In addition, despite improvements in defensive security posture, ransomware remains a viable and disruptive event.
The TIG will continue to assess the Cyber Threat Level and provide updates accordingly. Likewise, the cyber threat landscape will be continuously monitored, but this Cyber Threat Level determination is valid until further notice.
GENERAL. The continuous threat against Faith-Based Organizations in particular led DHS to reconstitute the Faith-Based Security Advisory Council (FBSAC) which “serves as an advisory body with the purpose of providing guidance and recommendations to the Secretary” on a variety of matters. FB-ISAO Executive Director Mayya Saab is a member of the FBSAC. Members are encouraged to review recent weekly reports that have included some related information and mitigation ideas. Additionally:
- Please refer to this post for an explainer on the FB-ISAO Threat Levels.
- CISA – Protecting Places of Worship: Six Steps to Enhance Security Against Targeted Violence; Protecting Places of Worship: Six Steps to Enhance Security Against Targeted Violence Fact Sheet. The Cybersecurity and Infrastructure Security Agency, in partnership with the Federal Bureau of Investigation, developed the Protecting Places of Worship: Six Steps to Enhance Security Against Targeted Violence Fact Sheet to outline actions that faith-based organizations and community leaders can take to increase security, focusing on six overarching steps. The product details how taking these six steps can help protect places of worship against potential threats of targeted violence in a cost-effective manner that maintains an open and welcoming environment. The product also provides training, exercise, and grant resources, and interagency contact points to assist places of worship in identifying their security needs, develop actionable plans, obtain funds for security improvements, and recognize and report potential threats in their area. Protecting Places of Worship: Six Steps to Enhance Security Against Targeted Violence Fact Sheet.
- DHS CISA Guidance: Mitigating Attacks on Houses of Worship Security Guide.
- FB-ISAO – Catalogue of 2021 Hostile Events Affecting Faith-Based Organizations.
- CISA: Security Planning Workbook. The Security Planning Workbook is a comprehensive resource that can assist critical infrastructure owners and operators with the development of a foundational security plan. This workbook is designed to be flexible and scalable to suit the needs of most facilities. PDF: Security Planning Workbook.
- FB-ISAO Post: The Nonprofit Security Grant Program- A Resource to Faith-Based Organizations.
Regular updates are being shared in the Faith-Based Daily Awareness Post, shared via email and available on our blog.
FB-ISAO maintains a resources page which may be accessed here and includes:
- Physical Threat (and given recent mail threats in Europe, members may want to review the Mail and Package and Bag Checks resources)
- Insider Threat
- Domestic Terrorism Threat
- Health and Natural Disaster
- Preparedness Videos and Training
- Resources for Schools
- COVID-19 and Pandemic Resources
- Domestic Terrorism Threat
- CISA SHIELDS UP
- U.K. NCSC guidance on steps to take when the cyber threat is heightened
- NJCCIC Advisory: Cybersecurity Considerations as Geopolitical Tensions Increase
- June 2021 White House Memo on ransomware preparedness
- CISA: Stop Ransomware
- UK NCSC ransomware resources
International Travel Resources:
- U.S. Department of State—Bureau of Consular Affairs: Ukraine Travel Advisory
- U.S. Department of State—Bureau of Consular Affairs: Information for U.S. Citizens in Ukraine
- U.K. Foreign travel advice—Ukraine
Business Continuity Resources
- Continuity of Operations (COOP), Federal Emergency Management Agency (FEMA)