Security & Privacy Advisories

From GCTC Action Cluster Catalog
Jump to: navigation, search
Cybersecurity & Privacy Advisories
GCTC logo 344x80.png
Advisories.jpg
Team Members Cybersecurity and Privacy Advisory Committee (CPAC)
Point of Contact Pamela Gupta, Area Leader - Pamela Gupta
Participating Municipalities
Contributors Wiki Editor - Anna Lainfiesta
Website
Download

Description

FBI is cautioning against the ‘Other’ Coronavirus Crisis, Cybersecurity & Privacy risks and scams. There is a lot of currents and anticipated criminal activities at an unprecedented scale as criminals devise means to prey upon the public’s fears.

According to the FBI “The speed at which criminals are devising and executing their schemes is truly breathtaking. The sheer variety of frauds already uncovered is shocking. Law enforcement has already learned of offers of sham treatments and vaccines, bogus investment opportunities in non-existent medical companies, and calls from crooks impersonating doctors demanding payment for treatments. Scammers are targeting websites and mobile apps designed to track the spread of COVID-19 and using them to implant malware to steal financial and personal data. Thieves are even posing as national and global health authorities, including the U.S. Centers for Disease Control and Prevention and the World Health Organization, to conduct phishing campaigns. They send e-mails designed to trick recipients eager for reliable health information into downloading malicious code.

Perhaps most outrageously—and dangerously—criminals are using COVID-19 as a lure to deploy ransomware, a malicious software designed to lock a computer system until a ransom is paid. Ransomware has substantially disrupted hospital and local government operations in recent years. It is a heinous crime to take down the computer network of a hospital or a public health department during normal times; it is homicidal in the midst of a global pandemic.”

Audience: Guidelines from advisories including but not limited to LEAs, US-Cert, DHS, CISA, NSA, FBI, SANS etc. for general public, students, municipalities, healthcare and businesses.

Identify

Advisories aim to identify the sources of potential cyberattacks. It may include attacks on personal laptops, smartphones, tablets, printers, scanners, and point-of-sale devices. During the pandemic, there's specific attention given to video calling software (such as Zoom, Microsoft Teams, Skype, Cisco WebEx etc.). A subtle surge of robocalls are also observed.

Protect

Advisories reach out to us on formal policies and securing our digital devices; network; personal accounts, banking accounts, business accounts. Organizations including Google, Cisco, Microsoft, Apple etc. release the latest and urgent patches.

Detect

Advisories help us in providing guidelines for detecting potential cyberattacks on digital devices.

Respond

Advisories including LEAs designed responding procedures such as investigation, reporting, updating policies, keep the business up and running.

1) Because organizations spend unbelievable sums of money on new defensive technologies, but often leave the side door open. The most sophisticated actors won't deploy their most trusted tools when they can identify rudimentary weaknesses in your infrastructure. 2) We do incident response 365 days a year, and when we see these vulnerabilities exploited, it's incumbent upon us to let you know. These CVEs go back to 2017, meaning we must do a better job at automating our patching validation and deployment process.”

  • Telework Guidance and Resources: CISA has launched a product line to provide best practices and resources for telework. This includes cybersecurity recommendations for using video teleconference tools and services

Recover

Repairing and restoring procedures fall under this category. Advisories give us formal procedures to combat the aftermath of cyberattacks.