Security & Privacy Advisories: Difference between revisions

From OpenCommons
Jump to navigation Jump to search
m (1 revision imported)
No edit summary
 
(5 intermediate revisions by the same user not shown)
Line 1: Line 1:
{{COVID-19
{{COVID-19
 
| title            = Cybersecurity & Privacy
| title            = Cybersecurity & Privacy Advisories
| team              = Cybersecurity and Privacy
| team              = Cybersecurity and Privacy Advisory Committee (CPAC)
| leader            = Pamela Gupta
 
| leader            = [mailto:pamela.gupta@outsecure.com Pamela Gupta], Area Leader - [https://www.linkedin.com/in/pamelagupta/ Pamela Gupta]
| image            = advisories.jpg
| image            = advisories.jpg
| chapter          = Business Continuity
| imagecaption      =  
| imagecaption      =  
| municipalities    =  
| municipalities    =  
 
| contributors            = Anna Lainfiesta
| contributors            = Wiki Editor - [https://www.linkedin.com/in/alainfiesta/ Anna Lainfiesta]
| website          =  
| website          =  
| download          =  
| download          =  
| description      =  
| description      =  
FBI is cautioning against the '''‘Other’ Coronavirus Crisis, Cybersecurity & Privacy risks and scams'''.
FBI is cautioning against the '''‘Other’ Coronavirus Crisis, Cybersecurity & Privacy risks and scams'''.
There is a lot of currents and anticipated criminal activities at an unprecedented scale as criminals devise means to prey upon the public’s fears.
There is a lot of currents and anticipated criminal activities at an unprecedented scale as criminals devise means to prey upon the public’s fears.
 
}}
According to the FBI “The speed at which criminals are devising and executing their schemes is truly breathtaking.
According to the FBI “The speed at which criminals are devising and executing their schemes is truly breathtaking.
The sheer variety of frauds already uncovered is shocking. Law enforcement has already learned of offers of sham treatments and vaccines, bogus investment opportunities in non-existent medical companies, and calls from crooks impersonating doctors demanding payment for treatments.
The sheer variety of frauds already uncovered is shocking. Law enforcement has already learned of offers of sham treatments and vaccines, bogus investment opportunities in non-existent medical companies, and calls from crooks impersonating doctors demanding payment for treatments.
Line 49: Line 46:
* [https://www.consumer.ftc.gov/blog/2020/04/ftc-keeps-attacking-robocalls Federal Trade Commission's increased measures against Robocalls]
* [https://www.consumer.ftc.gov/blog/2020/04/ftc-keeps-attacking-robocalls Federal Trade Commission's increased measures against Robocalls]
* [https://www.ama-assn.org/system/files/2020-03/coronavirus-map-alert.pdf Fake Coronavirus Interactive Map Alert]: Health Sector Cybersecurity Coordination Center (HC3) releases "Fake Online Coronavirus Map Delivers Well-known Malware"
* [https://www.ama-assn.org/system/files/2020-03/coronavirus-map-alert.pdf Fake Coronavirus Interactive Map Alert]: Health Sector Cybersecurity Coordination Center (HC3) releases "Fake Online Coronavirus Map Delivers Well-known Malware"
* [https://gctc.opencommons.org/images/5/50/CoCG_Covid19_CybersecurityCaseStudy_May2020.pdf Real World Case Study: Best practices for detecting and mitigating email-based phishing attacks.]
* [[File:CoCG_Covid19_CybersecurityCaseStudy_May2020.pdf|300px|Real World Case Study: Best practices for detecting and mitigating email-based phishing attacks.]]
* [https://enterprise.verizon.com/resources/reports/dbir/ 2020 Verizon Data Breach Investigations Report]  
* [https://enterprise.verizon.com/resources/reports/dbir/ 2020 Verizon Data Breach Investigations Report]  


Line 63: Line 60:
* [https://www.uschamber.com/co/start/strategy/small-business-coronavirus-reopening-guide?utm_source=marketo&utm_medium=newsletter&utm_campaign=MO_Newsletter&utm_content=2020_05_13&mkt_tok=eyJpIjoiWm1Nek16bGxOMkUxTnpJdyIsInQiOiJrV0RJTEdKa3Z2TGFGRkRWZVE0SVBpd1JaZVg0dHJWWG9cL2U3dStcLzFYS2ZGckNWZFpsYXJEdlA4d1ZYT3lyQlpGUGpnRk1kZ2NtTXB6SkFhS1wvbkZXWENnNUZIUEtpWDhtZnB1RDU0TnZDa3BDR252bzFneU5XMHllT28xbXVJNyJ9 A guide to helping businesses in the process of reopening]: Ready to Reopen: A Playbook for Your Small Business
* [https://www.uschamber.com/co/start/strategy/small-business-coronavirus-reopening-guide?utm_source=marketo&utm_medium=newsletter&utm_campaign=MO_Newsletter&utm_content=2020_05_13&mkt_tok=eyJpIjoiWm1Nek16bGxOMkUxTnpJdyIsInQiOiJrV0RJTEdKa3Z2TGFGRkRWZVE0SVBpd1JaZVg0dHJWWG9cL2U3dStcLzFYS2ZGckNWZFpsYXJEdlA4d1ZYT3lyQlpGUGpnRk1kZ2NtTXB6SkFhS1wvbkZXWENnNUZIUEtpWDhtZnB1RDU0TnZDa3BDR252bzFneU5XMHllT28xbXVJNyJ9 A guide to helping businesses in the process of reopening]: Ready to Reopen: A Playbook for Your Small Business
* [https://blog.checkpoint.com/2020/03/30/covid-19-impact-cyber-criminals-target-zoom-domains/ Check if zoom-us-zoom_##########.exe” is present on your system! ]
* [https://blog.checkpoint.com/2020/03/30/covid-19-impact-cyber-criminals-target-zoom-domains/ Check if zoom-us-zoom_##########.exe” is present on your system! ]
 
__NOTOC__
}}

Latest revision as of 05:24, January 25, 2023



Security & Privacy Advisories
GCTC logo 344x80.png
Advisories.jpg
Team Organizations Cybersecurity and Privacy
Team Leaders Pamela Gupta
City, State
Contributors Anna Lainfiesta
Website
Document

Description

FBI is cautioning against the ‘Other’ Coronavirus Crisis, Cybersecurity & Privacy risks and scams. There is a lot of currents and anticipated criminal activities at an unprecedented scale as criminals devise means to prey upon the public’s fears. According to the FBI “The speed at which criminals are devising and executing their schemes is truly breathtaking. The sheer variety of frauds already uncovered is shocking. Law enforcement has already learned of offers of sham treatments and vaccines, bogus investment opportunities in non-existent medical companies, and calls from crooks impersonating doctors demanding payment for treatments. Scammers are targeting websites and mobile apps designed to track the spread of COVID-19 and using them to implant malware to steal financial and personal data. Thieves are even posing as national and global health authorities, including the U.S. Centers for Disease Control and Prevention and the World Health Organization, to conduct phishing campaigns. They send e-mails designed to trick recipients eager for reliable health information into downloading malicious code.

Perhaps most outrageously—and dangerously—criminals are using COVID-19 as a lure to deploy ransomware, a malicious software designed to lock a computer system until a ransom is paid. Ransomware has substantially disrupted hospital and local government operations in recent years. It is a heinous crime to take down the computer network of a hospital or a public health department during normal times; it is homicidal in the midst of a global pandemic.”

Audience: Guidelines from advisories including but not limited to LEAs, US-Cert, DHS, CISA, NSA, FBI, SANS etc. for general public, students, municipalities, healthcare and businesses.

Identify

Advisories aim to identify the sources of potential cyberattacks. It may include attacks on personal laptops, smartphones, tablets, printers, scanners, and point-of-sale devices. During the pandemic, there's specific attention given to video calling software (such as Zoom, Microsoft Teams, Skype, Cisco WebEx etc.). A subtle surge of robocalls are also observed.

Protect

Advisories reach out to us on formal policies and securing our digital devices; network; personal accounts, banking accounts, business accounts. Organizations including Google, Cisco, Microsoft, Apple etc. release the latest and urgent patches.

Detect

Advisories help us in providing guidelines for detecting potential cyberattacks on digital devices.

Respond

Advisories including LEAs designed responding procedures such as investigation, reporting, updating policies, keep the business up and running.

1) Because organizations spend unbelievable sums of money on new defensive technologies, but often leave the side door open. The most sophisticated actors won't deploy their most trusted tools when they can identify rudimentary weaknesses in your infrastructure. 2) We do incident response 365 days a year, and when we see these vulnerabilities exploited, it's incumbent upon us to let you know. These CVEs go back to 2017, meaning we must do a better job at automating our patching validation and deployment process.”

  • Telework Guidance and Resources: CISA has launched a product line to provide best practices and resources for telework. This includes cybersecurity recommendations for using video teleconference tools and services

Recover

Repairing and restoring procedures fall under this category. Advisories give us formal procedures to combat the aftermath of cyberattacks.