[Tech-l] FW: Tech Message: Buckeye Shield News

Thor Sage sage at mveca.org
Mon Mar 7 08:42:22 EST 2022 

Good morning,
You should be receiving the below information directly from ODE, but it is not clear if they are using the new state technology coordinators Open Space to send this information, or if they will use another contact method.  If you haven't registered for the new Technology Coordinators resource (that will be replacing the technology coordinators' listserv), you can do that here: https://openspace.infohio.org/groups/ohio-technology-coordinator-group/135/
Below is some current cyber security information and warnings from CISA.
Thanks,
Thor


Thor Sage
Executive Director
Miami Valley Educational Computer Association
937-767-1468  x3101
[http://www.mveca.org/images/logo.gif]<http://www.mveca.org/>       [i] <https://www.linkedin.com/company/mveca/> [t] <https://twitter.com/mvecarcog>
Not-for-profit Technology Services for Education and Local Governments





*         DO NOT download anything down from Github or anywhere else on Conti or Conti leaks...there is a STEALTH BACKDOOR(Backdoor.WebShell/ASP!1.D3D8 (CLASSIC)  attached to some of it!



While there are no current specific credible threats to the U.S. homeland, current geopolitical activities have highlighted the importance of staying vigilant and taking appropriate steps to reduce vulnerabilities whenever possible.  With that said, below are some resources CISA would like to highlight.



CISA Shields Up Website



Shields Up | CISA https://www.cisa.gov/shields-up



This page consolidates CISA's published resources on cyber threats related to the current geopolitical tensions. It is designed to help critical infrastructure owners and operators mitigate possible cyber threats and strengthen their cybersecurity posture.



Alert (AA22-057): Destructive Malware Targeting Organizations in Ukraine



Destructive Malware Targeting Organizations in Ukraine | CISA https://www.cisa.gov/uscert/ncas/alerts/aa22-057a



A joint advisory with CISA and the FBI which provides information on WhisperGate and HermeticWiper malware.  Open-source indicators of compromise (IOCs) for organizations to detect and prevent the malware. Additionally, this joint CSA provides recommended guidance and considerations for organizations to address as part of network architecture, security baseline, continuous monitoring, and incident response practices.



Alert (AA22-054A): New Sandworm Malware Cyclops Blink replaces VPNFilter.



New Sandworm Malware Cyclops Blink Replaces VPNFilter | CISA https://www.cisa.gov/uscert/ncas/alerts/aa22-054a



A joint cybersecurity advisory with the U.K. National Cyber Security Centre (NCSC), FBI, and NSA about the Cyclops Blink malware used by the threat actor known as Sandworm or Voodoo Bear.  Sandworm has been previously attributed to Russian actors.  Cyclops Blink appears to be a replacement framework for the VPNFilter malware exposed in 2018, which exploited network devices, primarily small office/home routers and network attached storage devices.



MIS, DIS, MALINFORMATION



Preparing for and Mitigating Foreign Influence Operations Targeting Critical Infrastructure https://www.cisa.gov/sites/default/files/publications/cisa_insight_mitigating_foreign_influence_508.pdf



Malicious actors use influence operations, including tactics like misinformation, disinformation, and malinformation (MDM), to shape public opinion, undermine trust, amplify division, and sow discord.



This CISA Insights product is intended to ensure that critical infrastructure owners and operators are aware of the risks of influence operations leveraging social media and online platforms.



Alert (AA22-047A): Russian State-Sponsored Cyber Actors Target Cleared Defense Contractor Networks to Obtain Sensitive U.S. Defense Information and Technology



Russian State-Sponsored Cyber Actors Target Cleared Defense Contractor Networks to Obtain Sensitive U.S. Defense Information and Technology | CISA https://www.cisa.gov/uscert/ncas/alerts/aa22-047a



A joint cybersecurity advisory with the FBI and the NSA about Russian state-sponsored cyber actors targeting cleared defense contractors in the United States; includes detection and mitigation recommendations to reduce the risk of data exfiltration.



CISA Insights (2022)



CISA Insights | CISA https://www.cisa.gov/insights



Implement Cybersecurity Measures Now to Protect Against Potential Critical Threats - An executive-level product that recommends urgent, near-term steps to reduce the likelihood and impact of a potentially damaging compromise.  Additional CISA Insights which have been published are also available on this page.



 Alert (AA22-011A): Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure



Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure | CISA https://www.cisa.gov/uscert/ncas/alerts/aa22-011a



A joint cybersecurity advisory with the FBI and NSA about the Russian threat to critical infrastructure, including specific tactics, techniques, and procedures associated with Russian actors.



Known Exploited Vulnerabilities Catalog



Known Exploited Vulnerabilities Catalog | CISA https://www.cisa.gov/known-exploited-vulnerabilities-catalog



A living list of vulnerabilities which have been known to be exploited.  It was recently updated to include CVE-2022-23131 Zabbix Frontend Authentication Bypass Vulnerability and CVE-2022-23134 Zabbix Frontend Improper Access Control Vulnerability.



CISA Catalog of Free Cybersecurity Services and Tools



Free Cybersecurity Services and Tools | CISA https://www.cisa.gov/free-cybersecurity-services-and-tools



A list of CISA services, non-proprietary software tools available online, and free services offered by trusted private sector partners.



CISA Cyber Resource Hub



Cyber Resource Hub | CISA https://www.cisa.gov/cyber-resource-hub



A comprehensive list of the no-cost cybersecurity assessments CISA offers upon request to help organizations evaluate operational resilience, cybersecurity practices, organizational management of external dependencies, and other key elements of a robust and resilient cyber framework.



Multi-State Information Sharing and Analysis Center (MS-ISAC) and the Election Infrastructure Information Sharing and Analysis Center (EI-ISAC)



MS-ISAC (cisecurity.org) https://www.cisecurity.org/ms-isac



Funded by CISA, the MS-ISAC and EI-ISAC serve as no-cost resources for situational awareness, best practices, information sharing, and incident response for SLTT government entities. Register now for the MS-ISAC (https://learn.cisecurity.org/ms-isac-registration https://learn.cisecurity.org/ms-isac-registration ) and the EI-ISAC (https://learn.cisecurity.org/ei-isac-registration https://learn.cisecurity.org/ei-isac-registration ).



 Malicious Domain Blocking and Reporting



Malicious Domain Blocking and Reporting (MDBR) (cisecurity.org) https://www.cisecurity.org/ms-isac/services/mdbr



A no-cost protective Domain Name System (DNS) resolver service provided by the MS-ISAC and funded by CISA; blocks malicious DNS requests while keeping state and local partners informed through regular reports.



Endpoint Detection and Response



Election Security Spotlight - Endpoint Detection and Response (EDR) (cisecurity.org) https://www.cisecurity.org/insights/spotlight/cybersecurity-spotlight-endpoint-detection-and-response-edr



A service provided by the MS-ISAC and funded by CISA to help SLTT entities involved in managing elections maintain awareness of and isolate malicious activity that may be impacting workstations, servers, and other network endpoints, including malware and ransomware. This program is currently only available to SLTT election organizations.



Real-Time Indicator Feeds



Real-Time Indicator Feeds (cisecurity.org) https://www.cisecurity.org/ms-isac/services/real-time-indicator-feeds



A service provided by the MS-ISAC and funded by CISA that provides real-time cyber threat intelligence indicator feeds that are easy to implement and available for free to SLTT entities.



In the event of a cyber incident, CISA may be able to offer assistance to victim organizations and use information from incident reports to protect other possible victims.  CISA urges stakeholders to lower their thresholds for reporting potential incidents and anomalous activity.



All organizations should report incidents and anomalous activity to CISA via 24/7 CISA Central central at cisa.dhs.gov<mailto:central at cisa.dhs.gov> mailto:central at cisa.dhs.gov ; (888) 282-0870) or your local field personnel (Cybersecurity Advisors, Protective Security Advisors, Emergency Communications Coordinator, etc.).  You can also reports incidents and anomalies to our partners at the FBI via your local FBI field office or the FBI's 24/7 CyWatch at (855) 292-3937 and CyWatch at fbi.gov<mailto:CyWatch at fbi.gov> mailto:CyWatch at fbi.gov .



The current geopolitical activities are fluid and subject to change.  We will continue to provide information as it becomes available.



________________________________________

Very respectfully,

Terin D. Williams

Cybersecurity Advisor, Region 5 (OH)

Cybersecurity and Infrastructure Security Agency

614.314.7793 | terin.williams at cisa.dhs.gov<mailto:terin.williams at cisa.dhs.gov>

[cid:image001.png at 01D831F8.AAADFFD0]<https://www.cisa.gov/>


Missy

Melissa Balbaugh
Director of Customer Service & Support
The Management Council

- Connect with Me -
m: 419.204.6430 | o: 614.840.9810
melissa.balbaugh at managementcouncil.org<mailto:melissa.balbaugh at managementcouncil.org> | mcoecn.org<http://www.mcoecn.org/>

 [cid:image002.png at 01D831F8.AAADFFD0]

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listserv.mveca.org/pipermail/tech-l/attachments/20220307/32838b2a/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 12501 bytes
Desc: image001.png
URL: <http://listserv.mveca.org/pipermail/tech-l/attachments/20220307/32838b2a/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 26578 bytes
Desc: image002.png
URL: <http://listserv.mveca.org/pipermail/tech-l/attachments/20220307/32838b2a/attachment-0003.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.jpg
Type: image/jpeg
Size: 3184 bytes
Desc: image003.jpg
URL: <http://listserv.mveca.org/pipermail/tech-l/attachments/20220307/32838b2a/attachment-0003.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image004.jpg
Type: image/jpeg
Size: 1229 bytes
Desc: image004.jpg
URL: <http://listserv.mveca.org/pipermail/tech-l/attachments/20220307/32838b2a/attachment-0004.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image005.jpg
Type: image/jpeg
Size: 1197 bytes
Desc: image005.jpg
URL: <http://listserv.mveca.org/pipermail/tech-l/attachments/20220307/32838b2a/attachment-0005.jpg>

More information about the Tech-l mailing list