If You Are Currently Experiencing a Cyberattack
- Contact your local authorities
- Contact your vendors (phone company, CAD, Records, etc.)
- Implement your cyber response plan (If you don’t have one, you should – read on)
- Contact the Department of Homeland Security National Coordinating Center – National Cybersecurity and Communications Integration Center (DHS NCCIC) at 703-235-5080 or [email protected]
- File a complaint with the FBI Internet Crime and Complaint Center (IC3) at ic3.gov. Include keywords “PSAP, Public Safety” in the description of the incident
- Contact APCO at [email protected] (Note: this e-mail address is not monitored 24/7)
CISA Creates Webpage for Apache Log4j Vulnerability
The Department of Homeland Security Cybersecurity and Infrastructure Security Agency (DHS CISA) recently created a website to track and respond to the active, widespread exploitation of a critical remote code execution vulnerability (CVE-2021-44228) affecting Apache Log4j software library versions 2.0-beta9 to 2.14.1.
Log4j is broadly used in a variety of consumer and enterprise services, websites and applications to log security and performance information. An unauthenticated, remote actor could exploit this vulnerability to take control of an affected system. This website aims to provide information such as indicators of compromise (IOC), mitigation procedures and current tactics, techniques and procedures.
CISA urges organizations to review its Apache Log4j Vulnerability Guidance webpage and upgrade to Log4j version 2.15.0, or apply the appropriate vendor recommended mitigations immediately. CISA will continue to update the webpage as additional information becomes available. APCO encourages you to forward this information to your IT professionals and product vendors to ensure this vulnerability is mitigated within your systems and networks.
Global Increase in Malicious Cyber Activity Related to COVID-19
Reports indicate that there has been a global increase in malicious cyber activity related to COVID-19. Bad actors are preying on fear and attempting to profit from it. Among these attacks were targeted email phishing attempts against US-based medical providers. These attempts leveraged email subject lines and content related to COVID-19 to distribute malicious attachments, which exploited Microsoft Word Document files, 7-zip compressed files, Microsoft Visual Basic Script, Java, and Microsoft Executables.
The FBI is providing indicators of compromise related to these phishing attempts to assist network defenders in protecting their environments. Additionally, the FBI is providing the attached list of hashes related to additional COVID-19 phishing. APCO is passing this information along to ensure that our members have the latest tools available to defend against this threat. Please share this information with your IT departments, vendors, and service providers as you see fit.
Latest Cybersecurity News
The threats we face — digital and physical, man-made, technological, and natural — are more complex, and the threat actors more diverse, than at any point in our history. The US-CERT feed summarizes the most frequent, high-impact types of security incidents currently being reported to the US-CERT.