FB-ISAO

Tag: covid-19

  • December 2020: FB-ISAO Physical Threat Level Remains SEVERE; Cyber Threat Level Remains GUARDED

    December 2020: FB-ISAO Physical Threat Level Remains SEVERE; Cyber Threat Level Remains GUARDED

    This message is TLP:WHITE. Subject to standard copyright rules, TLP:WHITE information may be distributed without restriction.

    The ongoing COVID-19 global pandemic is a complex and blended threat impacting members and the broader faith-based and charity community in numerous ways and that continues to impact security and response, both to manmade and natural threats. FB-ISAO’s Threat and Incident Response Group (TIG) continues to assess the ongoing threats and risks to our community and has made the following updates to our Threat Level Assessments:

    The TIG has determined to maintain the Physical Threat Level at “SEVERE.” SEVERE means an event is highly likely. Given the ongoing threat of the COVID-19 pandemic and the approaching U.S. winter season and associated health concerns, we have determined to maintain the broad Physical Threat Level at SEVERE and anticipate this level being maintained until a decrease in the threat of the pandemic (such as via an effective vaccine being administered) and / or the end of the winter health threats. The TIG will continue to assess the Physical Threat Level regularly and provide updates accordingly. This determination will be periodically re-evaluated, especially with respect to non-COVID-19-related threats.

    The TIG has determined to maintain the Cyber Threat Level at “GUARDED.” GUARDED means FB-ISAO is unaware of any specific or targeted cyber attacks, but a general risk of cyber attacks exist, particularly with respect to holiday shopping scams. The TIG will continue to assess the Cyber Threat Level and provide updates accordingly. Likewise, the cyber threat landscape will be continuously monitored, but this Cyber Threat Level determination is valid until further notice. Please see below for on-going considerations regarding the Cyber Threat Level.

    Concerns Regarding the Physical Threat Level

    COVID-19 Pandemic. As we continue through this pandemic, with jurisdictions around the country and internationally  having moved back to more stringent local restrictions based on the continued surge of COVID-19, FB-ISAO continues to strongly encourage members “hold the line.” By hold the line, we mean continue to follow FSLTT guidance and directives and reopen, reenter and resume operations in accordance with, and not ahead of, such guidance and directives. Especially during the start of flu season, and the likely confluence of COVID-19 and annual influenza threats, members are advised to respect and adhere to FSLTT guidance.

    The pandemic has not peaked and in fact, new cases and fatalities are at very high levels as cases continue to rise and at the time of this assessment, COVID cases continue to increase rapidly during the current surge, with recent record highs and daily deaths known increasing from what had been a generally flat pace of around 800 a day in the previous assessment to almost double that at the time of this assessment.  As of 27 Nov, we are approaching four million new cases since our last assessment (from 8.68 million cases and over 225,084 deaths, to almost 12.5 million cases ansd 259,005 deaths) and as of 23 Nov, the CDC reports that the national ensemble forecasting predicts significantly increasing numbers of anticipated deaths with “10,600 to 21,400 new deaths likely to be reported in the week ending December 19, 2020. The national ensemble predicts that a total of 294,000 to 321,000 COVID-19 deaths will be reported by this date.” Based on current behaviors and trends, the surge in cases and deaths will continue into the winter with no clear end to that surge in sight until the effective distribution of vaccines to the population. Additionally, a potential surge in cases from Thanksgiving travel and events could further the surge in both new cases and resulting deaths. As noted above, this current situation is further complicated by annual flu season, which has the potential to complicate and overwhelm healthcare professionals and facilities. Some have referred to this as a potential “twindemic” – meaning the continuation of the COVID-19 pandemic and the start of flu season. Exacerbating these challenges is the increasing challenge of “pandemic fatigue,” as Americans grow tired of restrictions and seek to return to normalcy. While understandable, a decrease in vigilance and safety will only prolong recovery and a return to a more open and safe environment. 

    While there is a lot of conflicting reporting and varied assessments regarding the threat, and as both personally and organizationally, many are understandably feeling pandemic fatigue, the coronavirus remains a very active health threat with continued local outbreaks or broader flare-ups, with more potential concerns particularly if established best practices such as social distancing and mask wearing are not followed. FB-ISAO assesses that we remain in a high risk period.

    Worth noting, many FBOs have begun or continued phased reopening and by applying smart practices and safety measures, they have been able to avoid outbreaks at their facilities and among their congregations. These successes are commendable but recognizing success should not lead to complacency or a false sense that the threat has passed. As we wrestle with pandemic fatigue and the continued surge in cases, we need to avoid the danger of overconfidence. Outbreaks can happen quickly and lead to closures and broad infections, as has been observed in communities and FBOs around the country. For those that have been successful, we encourage you to maintain discipline and hold on to your success.

    As leaders, we encourage members to fight complacency and fatigue. FBOs should not base policies or enforcement on personal feelings, politics, or other subjective considerations. While as individuals we may agree or disagree with specific measures, FB-ISAO continues to strongly discourage defying state and local guidance and directives and encourages members to reopen, reenter and resume operations in accordance with government guidance and directives.

    Again, we encourage members to adhere to established best practices such as social distancing and mask wearing, and to make informed decisions based on observable data, not personal or political feelings.

    Beyond the explicit health threat, we have other security concerns, including:

    • Protests. Since June, we have expressed concern over the potential of protest activities – whether relating to social justice, elections, or other topics – would continuen to post direct and indirect threats to FBOs. Observed throughout this period and noted in previous threat assessments and FB-ISAO reporting, whether seen as supportive of protests – directly, logistically, or as sanctuaries or meeting places – or if seen as being opposed to protests, FBOs have been attacked from both sides. Given recent events, ongoing protests, a tense political election season, and other considerations, we continue to assess protests may pose direct and indirect risks to FBOs. With continued frustrations over the 2020 elections or with new frustrations that may develop with an incoming presidential administration, protests may again flare-up in the weeks ahead.
    • Hostile Events and the Targeting of FBOs, Both People and Facilities. As acts of violence, vandalism and arson are being reported regularly in the FB-ISAO Daily Journal, including hate crimes such as spray-painting hate symbols and the destruction of statues, arson and stabbings, it is important to note there are often connections between other issues and events and actions that may be taken at FBOs. Relating to protests and for other issues, and sometimes for no clear grievance, FBOs have been targeted by a variety of types of aggression and violence – at facilities, on statues, with threats, and more. This is unlikely to change in our current environment. Further, Europe has seen several low-tech terrorism attacks conducted by violent jihadists. While such attacks have not occurred recently in the U.S., terrorist propaganda continues to promote attacks and it is possible would-be jihadists could seek to conduct attacks domestically, and potentially aimed at FBOs, as has been observed overseas.
    • Disgruntled Individuals. Individuals who do not agree with positions taken by an FBO during periods of closure and reopening may take action against those organizations or others. We have continued to see various protests and violent actions aimed at COVID restrictions and individuals enforcing safety procedures. On 24 Aug, the CDC released Limiting Workplace Violence Associated with COVID-19 Prevention Policies in Retail and Services Businesses. While not aimed at FBOs, the guidance may be useful for safety and security personnel to consider. As FBOs reopen and welcome back individuals, it is possible that some may have heightened sensitivities regarding these issues and may not respond well to personnel attempting to enforce safety actions. FBOs should prepare “frontline” staff and volunteers regarding how to engage personnel, when to ask for help from senior personnel, and other considerations to prepare them to effectively communicate and assist visitors.
    • The Winter Holiday Season. As we move into fall, holidays and celebrations continue, with annual major events to include Hanukkah (10-18 Dec), Christmas Eve / Christmas Day (24, 25 Dec) and New Year’s events, the possibility of potential targeting of FBOs and people of faith may increase. A less direct threat to FBOs but one that may impact members and visitors of FBOs is the continued concern around increased domestic violence during the pandemic. Since at least this summer there have been concerns over the “shadow pandemic” of violence against intimate partners – particularly women. A recent post notes, “Cases of violence against women have surged in 2020. According to the United Nations Population Fund, for every three months the COVID-19 lockdown continues, an additional 15 million women are expected to be directly affected by violence.” Domestic violence and continued stress relating to new COVID restrictions may have cascading implications to FBOs.

    Concerns Regarding the Cyber Threat Level

    FB-ISAO assess the current volume of coronavirus-related cyber attack campaigns continues to recede and the pre-pandemic frequency of non-coronavirus lures is consistent with a general “GUARDED” posture. While we assess remaining at “GUARDED” is reasonable, increased vigilance is still recommended due to the ongoing pandemic and associated concerns and distractions. Furthermore, as the holiday shopping season is upon us, members are urged to treat every sale and solicitation communication with suspicion. Likewise, members are encouraged to review the #cybersecurity channel in FB-ISAO Slack for a general level of awareness to on-going incidents.

    As we offer the constant reminder that WE ARE ALL TARGETS of opportunity, the following are general considerations for continued vigilance:

    • Gift Card Impersonation Scams. As highlighted in a recent FB-ISAO blog post, an increase in holiday bonus gift card impersonation phishing scams should be anticipated. Scammers are highly likely to use the “after such a challenging year” ploy to cajole COVID-weary employees or volunteers into unwitting accomplices to help the boss secretly procure gift cards to use for things like company bonuses or charitable donations. But whatever the financial or information-stealing theme, employees should be repeatedly reminded to never act on such requests. But since it may be excruciatingly difficult to tell the boss “no,” it is up to bosses and leaders to empower employees and volunteers to NOT act and to report said activity. Likewise, it is up to bosses and leaders to make any legitimate special, secret, or surprise requests in-person, and not through an email or text. For more tips on shopping safely this holiday season, visit the resources at NCSA and CISA.
    • Phishing. Cyber tactics such as phishing, smishing (SMS phishing), vishing (voice phishing), whaling (targeting of high-profile targets), disinformation/misinformation, and counterfeit websites leveraging current events represent a perpetual threat. Phishing is most often associated and expected with financially motivated cybercrime attacks. However, advanced persistent threat (APT) groups motivated by espionage also leverage phishing, as highlighted by recently observed activity targeting entities – including religious organizations – associated with diplomatic relations. This recent report by Proofpoint describes activity targeting entities involved in diplomatic relations between The Vatican and the Chinese Communist Party.
    • On-going ransomware attacks with subsequent leaked data. Ransomware continues impacting organizations of all types and sizes, including a recently reported attack against televangelist Kenneth Copeland. Members are encouraged to review ransomware and data breach playbooks, policies, and procedures with staff and MSPs and discuss necessary actions should ransomware impact your organization or third party partners. For more on ransomware preparedness and response, see the Ransomware Guide from CISA and the MS-ISAC.
    • Continued “Zoombombing.” Faith-based organizations continue to experience disturbing and heart-wrenching “Zoombombing” incidents. Many Zoombombing incidents occur due to public posting of meeting links and often deficient procedures when hosting such videoconferencing events. Members are encouraged to review the security settings on their video-conferencing platforms and apply best practices and procedures to reduce the risk from this prevalent disturbance. Most teleconference platform vendors have published tips for maintaining secure meetings and FB-ISAO has previously shared tips for securing online events. Please contact our team with questions.
    • Mis/disinformation is still a concern. Mis/disinformation continues to spread regarding coronavirus related and other highly charged matters, including post-election activity. It is imperative to think critically and continue verifying everything. Visit CISA’s #Protect2020 resources, including the Disinformation Stops With You infographic to better understand the continued threats to the election process.
    • #BlueLeaks. While there is nothing significant to report, we continue to stress the need to exercise vigilance when receiving communications purporting to come from any impacted organization, including FB-ISAO, fusion centers, and law enforcement entities.
    • Continue enabling/encouraging remote staff to work securely. As organizations continue prolonged or permanent work from home models, it is important to promote a secure remote work environment. To enable safe telecommuting, review CISA’s Telework Guidance and Resources page and StaySafeOnline’s COVID-19 Security Resource Library.
    • Continue providing threat awareness training to staff. There are many open source examples of emails, lures, images, and indicators of compromise being shared daily in the FB-ISAO Daily Journal. Consider appropriate ways to use that information to educate and better prepare staff. FB-ISAO is happy to help develop education and cybersecurity awareness materials for dissemination.

    Please contact our team with any questions, needs for information, assistance or any other concerns.

    • We encourage members to review the FB-ISAO Daily Journal for general threat awareness, updates and ideas on what other organizations are doing.
    • Join the #covid-19, #protest_awareness, #cybersecurity, #terrorism_us and other topical channels in FB-ISAO Slack to see more updates, reports, and conversation on threats, and to share your questions, ideas, and actions for others.

    This assessment has been developed by FB-ISAO and is our general, nationwide, cyber threat assessment for the U.S. community of faith. As always, for local threat information, members are encouraged to work closely with neighborhood partners, local law enforcement, state and local fusion centers, local FBI field offices, DHS Protective Security Advisors (PSAs), Cybersecurity Advisors (CSAs), and other local experts and responders.

  • FB-ISAO Physical & Cyber Threat Level Updates

    FB-ISAO Physical & Cyber Threat Level Updates

    The COVID-19 global pandemic is a complex and blended threat impacting members and the broader faith-based and charity community in numerous ways. FB-ISAO’s Threat and Incident Response Group (TIG) continues to assess the ongoing threats and risks to our community and has made the following updates to our Threat Level Assessments:

    The TIG has determined to maintain the Physical Threat Level at “CRITICAL,” – our highest level of threat – as it has been since 31 March 2020. The TIG will continue to assess the Physical Threat Level and provide updates accordingly. This determination is valid through sunset on 14 May 2020, and will be periodically re-evaluated, especially with respect to ongoing threats and developing federal, state, local, tribal, and territorial (FSLTT / SLTT) guidance and directives.

    The TIG has determined to maintain the Cyber Threat Level at “ELEVATED,” as it has been since 20 March 2020. The TIG will continue to assess the Cyber Threat Level and provide updates accordingly. This determination is valid through sunset on 14 May 2020, and will be periodically re-evaluated, especially with respect to ongoing cyber threats.

    FB-ISAO continues to strongly encourage members “hold the line.” By hold the line, we mean continue to follow FSLTT guidance and directives and reopen, reenter and resume operations in accordance with, and not ahead of, such guidance and directives.

    Regarding the Cyber Threat Level, we do not assess a significant change from the 21 Mar assessment. However, we do consider a sustained higher level of cyber risk as threat actors pivot attack campaigns to leverage themes associated with “Opening Up America Again.” As organizations begin transitioning from strictly online activities back to gathering in person, cyber attackers will closely follow the messaging tone and cadence throughout each gating phase and adjust their lures accordingly.

    • The ploys are the same, but the deluge is unprecedented – Cyber tactics leveraging coronavirus themes will continue at a significant volume for the foreseeable future. Cyber attacks such as phishing, smishing (SMS phishing), disinformation/misinformation, and counterfeit websites purporting to have important or urgent updates will continue to dominate the threat landscape.
    • Think critically – Cyber attackers will continue their attacks to seek financial gain or sow seeds of rumors and disinformation to create chaos and confusion for their amusement.
    • Trust but verify – FB-ISAO members are encouraged to treat every coronavirus-themed, including “Opening Up America Again” communication or situational report with suspicion.

    Regarding the Physical Threat Level, as SLTT governments begin to “reopen” their communities, coronavirus remains a serious threat in the United States; beyond the immediate challenges, there is a very real possibility of second and third waves until a vaccine is developed and applied nationwide. Further, many countries around the world – including nations in the Western Hemisphere – are on an upward trajectory and it is expected that the number of cases in many countries will increase in the coming weeks. Based on the health threat alone, we continue to strongly urge members to follow FSLTT guidance and direction and, as directed, to limit the size of gatherings or to forgo physical assemblies, in accordance with that guidance. FB-ISAO strongly discourages defying state and local guidance and directives and encourages members to reopen, reenter and resume operations in accordance with government guidance and directives.

    Beyond the pandemic threat:

    • Ramadan continues and, since the first night of the annual Muslim holiday, there have been threats and incidents aimed at mosques and Muslim people (to include in the U.S. and Canada), as captured in recent FB-ISAO reports.
    • 27 April marked the one-year anniversary of the Poway synagogue attack. Such occasions can motivate and inspire like attacks.
    • Continued extremist interest in conducting various attacks and hostile actions against people and places of faith (to include specific anti-Semitic rhetoric relating to exploiting COVID-19 and other extremist discussion and interest in places of worship and people of faith [see previous FB-ISAO and government partner reporting]);
    • May Day / International Workers’ Day (01 May 2020). FB-ISAO is not aware of any credible threat or large scale, worldwide demonstrations during May Day, however, personnel with physical security interests should maintain awareness of locally planned events and take appropriate preparedness actions.

    As with April, we assess the month of May to continue to be a CRITICAL threat period.

    Recent and upcoming reports and public posts speak to ideas elaborating on these various threats and on mitigation, including the public posts listed above, and recent weekly reports on maintaining preparedness for non-health threats during this pandemic and on upcoming threats. Please contact our team with any questions, needs for information, assistance or any other concerns.

    • We encourage members to review the FB-ISAO Daily Journal for general threat awareness, updates and ideas on what other organizations are doing.
    • Join the #covid-19 channel in FB-ISAO Slack to see more updates, details and conversation on this threat, and share your questions, ideas and actions for others.

    As we periodically update these assessments, FB-ISAO’s Preparedness Group (PG) has launched a Pandemic Recovery Group with FB-ISAO staff, PG members, and other government and industry partners, and is also liaising with the venue community in collaboration with the International Association of Venue Managers. This group is developing information which may help inform FBO’s reopening and reentry operations. Interested in helping; contact our team to find out how!

    This assessment has been developed by FB-ISAO and is our general, nationwide, cyber threat assessment for the U.S. community of faith. As always, for local threat information, members are encouraged to work closely with neighborhood partners, local law enforcement, state and local fusion centers, local FBI field offices, DHS Protective Security Advisors (PSAs), Cybersecurity Advisors (CSAs), and other local experts and responders.

  • A Message to the Community of Faith, from the DHS Assistant Director of Infrastructure Security

    A Message to the Community of Faith, from the DHS Assistant Director of Infrastructure Security

    On These Trying Times for the Nation

    “The ongoing coronavirus (COVID-19) pandemic has temporarily altered our daily activities. People are rightly practicing social distancing to limit community spread, in line with the President’s Coronavirus Guidelines for America. Many houses of worship have also suspended or significantly reduced services to avoid mass gatherings. Although many people undoubtedly continue to practice their faith, including through remote services and prayer, most are inevitably eager to return to normalcy and join their fellow congregants in practicing their faiths. The American people are resilient, and we will achieve this goal soon.”

    The above is an excerpt from a letter written by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) Assistant Director of Infrastructure Security, Mr. Brian Harrell.

    In addition to the letter, CISA wanted to make sure FB-ISAO members are familiar with a valuable resource page, CISA’s Hometown Security can be found here: https://www.cisa.gov/hometown-security. From the webpage “These tools and resources are offered free to communities because the Department recognizes that communities are the first line of defense in keeping the public safe and secure.” Brian Harrell continues with “As I mentioned in my February 2019 letter to the Faith-Based Community, the Cybersecurity and Infrastructure Security Agency (CISA) within the U.S. Department of Homeland Security (DHS) is committed to supporting your efforts to maintain safe and secure houses of worship and related facilities while sustaining an open and welcoming environment. In partnership with entities such as the DHS Center for Faith and Opportunity Initiatives and the Faith-Based Information Sharing and Analysis Organization, we provide resources that assist in securing physical and cyber infrastructure.”

    Assistant Director Brian Harrell

    “In partnership with entities such as the DHS Center for Faith and Opportunity Initiatives and the Faith-Based Information Sharing and Analysis Organization, we provide resources that assist in securing physical and cyber infrastructure.”

    “Thank you again for everything you do to champion the American people’s Constitutional First Amendment rights, as well as your leadership in keeping our houses of worship safe and secure. You have a committed partner in DHS who is steadfast in ensuring you have the resources to enhance your security programs.”  – Assistant Director Harrell

    Through relationships with leaders and organizations, such as Assistant Director Harrell and CISA, with the Federal Bureau of Investigation, state and local fusion centers, and other public sector partners, we will continue to grow our private-public collaboration, and the continued awareness, preparedness, security, and resilience of the American community of faith. Please read the entirety of Assistant Director Harrell’s letter, above, and thank you for your commitment to building a stronger, more prepared nation.

  • FB-ISAO Raises Physical Threat Level to “CRITICAL,” Maintains Cyber Threat Level at “ELEVATED”

    FB-ISAO Raises Physical Threat Level to “CRITICAL,” Maintains Cyber Threat Level at “ELEVATED”

    The COVID-19 global pandemic is a complex and blended threat impacting members and the broader faith-based and charity community in numerous ways. FB-ISAO’s Threat and Incident Response Group (TIG) has continued to assess the ongoing threats and risks to our community and has made the following updates:

    The TIG has determined to increase the Physical Threat Level from “SEVERE,” to “CRITICAL,” – our highest level of threat – as of 31 March 2020. The TIG will continue to assess the Physical Threat Level and provide updates accordingly. At present, this increase is valid through sunset on 30 April 2020, but that will be periodically re-evaluated.

    The TIG has determined to maintain the Cyber Threat Level at “ELEVATED,” as it has been since 20 March 2020. The TIG will continue to assess the Cyber Threat Level and provide updates accordingly. At present, this increase is valid through sunset on 30 April 2020, but that will be periodically re-evaluated.

    Regarding the cyber threat level, we do not assess a significant change from the 21 Mar assessment. We do consider a higher level of risk as organizations move to online processes – from routine assemblies to special events, and for online giving.

    • The ploys are the same, but the deluge is unprecedented – With work, learning, and worship from home being status-quo for awhile, tactics leveraging coronavirus themes will likely continue to increase at an exponential rate before they plateau, as individuals who are not used to near-exclusive level of online interactions are bombarded with cyber attacks such as phishing, smishing (SMS phishing), disinformation, and counterfeit websites.
    • Think critically – Cyber attackers will continue their attacks to seek financial gain or sow seeds of rumors and disinformation to create chaos and confusion for their amusement.
    • Trust but verify – FB-ISAO members are encouraged to treat every coronavirus-themed communication or situational report with suspicion.

    Regarding the physical threat level, the escalating threat of coronavirus in the United States and many countries around the world is on an upward trajectory and it is expected that the number of cases will increase in the coming weeks. Based on the health threat alone, we urge members to follow national guidance and state and local direction and, as directed, to limit the size of gatherings or to forgo physical assemblies, in accordance with that guidance. FB-ISAO strongly discourages defying state and local guidance and directives.

    Beyond the pandemic threat on its own:

    • With the upcoming major holidays of Passover and Easter;
    • Continued extremist interest in conducting various attacks and hostile actions against people and places of faith (to include specific anti-Semitic rhetoric relating to exploiting COVID-19; see previous FB-ISAO reporting);
    • As well as the anniversary of complex coordinated terrorist attacks in Sri Lanka last Easter, and other incidents that may serve to inspire extremists;

    We assess the month of April to be a CRITICAL threat period.

    Recent and upcoming reports and public posts speak to ideas elaborating on these various threats and on mitigation, including the public posts listed above, and recent weekly reports on maintaining preparedness for non-health threats during this pandemic and on upcoming threats. Please contact our team with any questions, needs for information, assistance or any other concerns.

    • We encourage members to review the FB-ISAO Daily Journal for general threat awareness, updates and ideas on what other organizations are doing.
    • Join the #covid-19 channel in FB-ISAO Slack to see more updates, details and conversation on this threat, and share your questions, ideas and actions for others.

    This assessment has been developed by FB-ISAO and is our general, nationwide, cyber threat assessment for the U.S. community of faith. As always, for local threat information, members are encouraged to work closely with neighborhood partners, local law enforcement, state and local fusion centers, local FBI field offices, DHS Protective Security Advisors (PSAs), Cybersecurity Advisors (CSAs), and other local experts and responders.

  • FB-ISAO Raises Cyber Threat Level to “ELEVATED”

    FB-ISAO Raises Cyber Threat Level to “ELEVATED”

    FB-ISAO‘s Cyber Threat Intelligence Group (CTIG) is closely monitoring COVID-19 and accompanying coronavirus-themed cyber threats and scams. Based on the current situation, the CTIG has decided to increase the Cyber Threat Level from “GUARDED,” to “ELEVATED,” as of 20 March 2020. The CTIG will continue to assess the Cyber Threat Level and provide updates accordingly. At present, this increase is valid through sunset on 31 March 2020, but will be re-evaluated periodically. Please refer to this post for an explainer on the FB-ISAO Threat Levels.

    ELEVATED

    Cyber Threat Level. It is out of an abundance of caution that FB-ISAO has assessed the general Cyber Threat Level for U.S. Faith-Based Organizations as “ELEVATED.” As per FB-ISAO’s definitions of the Threat Levels, “ELEVATED” means FB-ISAO is not aware of any specific or targeted cyber threats, but there is a concern that the general risk of cyber threat activity is higher than normal.

    We are all targets of opportunity, and malicious cyber actors are expectedly using this opportunity to prey on our curiosity, concern, anxiety, and fear during this tumultuous time. The increase of threats from coronavirus-based cyber attacks and scams were expected and are akin to spikes in seasonal scams, such as those waged during holiday and tax filing seasons, etc. But seasonal scams have a predictable and somewhat finite (albeit annually repeated) lifecycle. With many organizations, employees, and citizens in a state of flux and uncertainty, cyber threat actors have significantly stepped up their campaigns in hopes to capitalize on the numerous distractions and our eagerness for greater situational awareness during this time. With nearly everyone working and learning from home for the foreseeable future, cyber attackers are leveraging theses added distractions in their social engineering tactics. In other words, while the physical responses and manifestations are of the utmost importance during this pandemic, we live in a digital world, and that is how most people seek and obtain their information. Malicious cyber actors are no respecters of crisis’ and do not hesitate to use whatever means necessary to attack us; they follow the online news cycle and understand the online messaging organizations are disseminating. They continue to use likenesses we trust with subjects we expect to entice us to open their phishing emails, click on their fake websites, or spread their disinformation campaigns – all pretending to be trusted and authoritative sources.

    Under normal circumstances, the use of coronavirus-themed cyber attack campaigns are actually more aligned with our lowest level of threat, which is “GUARDED.” GUARDED means FB-ISAO is unaware of any specific or targeted cyber attacks, but a general risk of cyber attacks exist. However, while this is the case, given the ongoing pandemic, widespread teleworking, abundance of news and updates from endless sources, and commensurate abounding distractions in businesses and homes across the United States, we assess that “ELEVATED” is a reasonable level at this time.

    “What does this mean to me?” Given the very diverse nature of the populations at faith-based organizations – from places of worship to charities, schools, and others, we are encouraging FBOs to assess the evolving cyber threats to their places and people and consider appropriate actions to mitigate risk. Among those considerations and possible actions:

    • Constantly assess the threat, operations, and mitigation activities.
      • We encourage members to review the FB-ISAO Daily Journal for general and cyber threat awareness, updates and ideas on what other organizations are doing.
      • Join the #covid-19 channel and #cybersecurity channel in FB-ISAO Slack to see more updates, details and conversation on this threat, and share your questions, ideas, and actions for others.
      • As employees are telecommuting (hopefully from home), enable them to do so securely. StaySafeOnline has a COVID-19 Security Resource Library with a compilation of numerous trusted and verified resources to enable safe telecommuting.
      • Provide threat awareness training to staff. There are many open source examples of emails, lures, images, and indicators of compromise being shared daily in the FB-ISAO Daily Journal. Consider finding appropriate ways to use that information to educate and better prepare staff. FB-ISAO is happy to help members develop education and cybersecurity awareness materials to disseminate to staff.

     

    • Stop the spread (of malware).
      • Implement enhanced cyber hygiene procedures and increase cybersecurity awareness.
      • While it is understandable that we are all watching the physical trends and doing our part to stop the spread of the virus, it is important to remind staff they also play a vital role in stopping the spread of the coronavirus-themed malware that may evade your organization’s blocking technologies.
      • With countless organizations providing daily COVID-19 status updates and situational reports, it is crucial that we trust but verify before opening any emails or visiting websites that appear to be from legitimate or authoritative sources.
      • Rule of thumb: If you did not subscribe to it, delete it. Authoritative sources such as WHO and CDC will NEVER randomly send emails to anyone who did not actively subscribe to receive their updates.

     

    This assessment has been developed by FB-ISAO and is our general, nationwide, cyber threat assessment for the U.S. community of faith. As always, for local threat information, members are encouraged to work closely with neighborhood partners, local law enforcement, state and local fusion centers, local FBI field offices, DHS Protective Security Advisors (PSAs), Cybersecurity Advisors (CSAs), and other local experts and responders.

     

Show Buttons
Hide Buttons