If You Are Currently Experiencing a Cyberattack
- Contact your local authorities
- Contact your vendors (phone company, CAD, Records, etc.)
- Implement your cyber response plan (If you don’t have one, you should – read on)
- Contact the Department of Homeland Security National Coordinating Center – National Cybersecurity and Communications Integration Center (DHS NCCIC) at 703-235-5080 or [email protected]
- File a complaint with the FBI Internet Crime and Complaint Center (IC3) at ic3.gov. Include keywords “PSAP, Public Safety” in the description of the incident
- Contact APCO at [email protected] (Note: this e-mail address is not monitored 24/7)
Now Available: Cybersecurity Training Two-Part Series: Fundamentals and Intermediate Level In-Person Training in Daytona Beach
The APCO Institute now offers a comprehensive training experience for the unique cybersecurity challenges associated with emergency communications centers. A specialized three-day, two-course training series is coming up this fall in Daytona Beach, Florida, at APCO headquarters. The first course, Cybersecurity Fundamentals for the ECC is on October 24 and is worth 8 CDEs. APCO’s newest course, Intermediate Cybersecurity Principles for the ECC, will be on October 25-26, and is worth 16 CDEs.
NOTE: To attend the Intermediate Cybersecurity course, students must successfully complete the Cybersecurity Fundamentals course.
CISA Publishes "Hunting Russian Intelligence 'Snake' Malware" Alert
The Cybersecurity and Infrastructure Security Agency (CISA) published a Joint Cybersecurity Alert this week that provides background information, detailed technical descriptions, and recommendations for mitigation strategies (https://www.cisa.gov/sites/default/files/2023-05/aa23-129a_snake_malware_1.pdf). This malware originated from Russia and is considered one of the most sophisticated cyber espionage tools designed by Russia’s Federal Security Service (FSB) for long-term intelligence collection.
The Snake malware is designed to avoid large-scale detection. This Joint Cybersecurity Alert details mitigation strategies and each strategy’s advantages and disadvantages. The mitigation strategies for the Snake malware are:
- Network-Based Detection
- Host-Based Detection
- Memory Analysis
This Joint Cybersecurity Alert is also available on cisa.gov.
CISA Creates Webpage for Apache Log4j Vulnerability
The Department of Homeland Security Cybersecurity and Infrastructure Security Agency (DHS CISA) recently created a website to track and respond to the active, widespread exploitation of a critical remote code execution vulnerability (CVE-2021-44228) affecting Apache Log4j software library versions 2.0-beta9 to 2.14.1.
Log4j is broadly used in a variety of consumer and enterprise services, websites and applications to log security and performance information. An unauthenticated, remote actor could exploit this vulnerability to take control of an affected system. This website aims to provide information such as indicators of compromise (IOC), mitigation procedures and current tactics, techniques and procedures.
CISA urges organizations to review its Apache Log4j Vulnerability Guidance webpage and upgrade to Log4j version 2.15.0, or apply the appropriate vendor recommended mitigations immediately. CISA will continue to update the webpage as additional information becomes available. APCO encourages you to forward this information to your IT professionals and product vendors to ensure this vulnerability is mitigated within your systems and networks.
Latest Cybersecurity News
The threats we face — digital and physical, man-made, technological, and natural — are more complex, and the threat actors more diverse, than at any point in our history. The CISA news feed summarizes the latest news, multimedia, and other important communications from CISA.