May 5779 be a year of peace and security; what you can do to help

August 09, 2018

Rosh Chodesh Elul includes clarion calls indicating that the High Holidays are coming soon. So, now is a good time to check out a recent presentation on synagogue security or to take a deeper dive into the library of documents available on the JCRC-NY Security Resources pages. Here are some relevant selections:

High Holiday Security and Emergency Preparedness Planning Library

Topical guidance

Vulnerability, Risk and Safety Assessments and Planning

Cybersecurity: WordPress Vulnerabilities

April 01, 2015

FBI (April 7) ISIL Defacements Exploiting WordPress Vulnerabilities. Continuous Web site defacements are being perpetrated by individuals sympathetic to the Islamic State in the Levant (ISIL) a.k.a. Islamic State of Iraq and al-Shams (ISIS). The defacements have affected Web site operations and the communication platforms of news organizations, commercial entities, religious institutions, federal/state/local governments, foreign governments, and a variety of other domestic and international Web sites. Although the defacements demonstrate low-level hacking sophistication, they are disruptive and often costly in terms of lost business revenue and expenditures on technical services to repair infected computer systems. Click here for the full alert.

Best practice. The FBI recommends the following actions be taken:

  • Review and follow WordPress guidelines: http://codex.wordpress.org/Hardening_WordPress
  • Identify WordPress vulnerabilities using free available tools such as
    http://www.securityfocus.com/bid,
    http://cve.mitre.org/index.html,
    https://www.us-cert.gov/
  • Update WordPress by patching vulnerable plugins:
    https://wordpress.org/plugins/tags/patch
  • Run all software as a non-privileged user, without administrative privileges, to diminish the effects of a successful attack
  • Confirm that the operating system and all applications are running the most updated versions.

Hacktivist
Click on the graphic to open a PDF version of this notification.

The FBI is warning U.S. companies that cyber terrorists from the Middle East and North Africa are planning to conduct cyber-attacks against Israeli and Jewish interests next week.  The Bureau stated in a security notice to U.S. industry on Sunday that, as of early March, “several extremist hacking groups indicated they would participate in a forthcoming operation, #OpIsrael, which will target Israeli and Jewish Web sites.”

“Given the perceived connections between the government of Israel and Israeli financial institutions, and those of the United States, #OpIsrael participants may also shift their operations to target vulnerable U.S.-based financial targets or Jewish-oriented organizations within the United States,” the FBI warning said.

The FBI predicts that the threat to U.S.-based infrastructure from the coming cyber attack is low for well-maintained and updated networks. So, make sure that your techies and hosts maintain and update your systems.

The FBI said members of at least two extremist hacking groups it did not identify are currently working to recruit hackers for the attacks next week. The hacker group Anonymous this week also threatened an “electronic Holocaust” in a video statement.

The FBI estimated that the threat to U.S.-based infrastructure from the coming cyber attack is low for well-maintained and updated networks. However, as part of its program to notify private industry of major cyber threats, the FBI is notifying several possible targets.

 

Lots of phishing going on: Stop, think, click

February 18, 2014
How do you stop phishers? Look for these clues. Click to enlarge.
How do you stop phishers? Look for these clues. Click to enlarge.

OK, you’ve heard it over and over…don’t click on unknown links. Well, people, even smart people, don’t listen. You get an email from someone that you know, click on what is said to be a “secure” link and your adventure begins.

googledocs - Secure Login
Here’s the bait. It looks official. People click and type in their password, giving their email account and contacts to hackers.

Now the phisher has you lured in. You’re asked to sign in. A nasty bot takes control of your computer, steals your contact list and sends everyone on your list an invitation to become infected.

Recommendations:

    • Look at the illustration at the top of this email. Be aware.
    • Do not follow unsolicited web links in email messages or submit any email account or password information to unknown webpages in links.
    • Use caution when opening email attachments. Refer to Using Caution with Email Attachments for more information on safely handling email attachments.
    • Maintain up-to-date anti-virus software.
    • Perform regular backups of all systems to limit the impact of data and/or system loss.
    • Apply changes to your Intrusion Detection/Prevention Systems and Firewalls to detect any known malicious activity.
    • Secure open-share drives by only allowing connections from authorized users.
    • Keep your operating system and software up-to-date with the latest patches.
    • Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams.
    • Refer to the Security Tip Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.

US-CERT and DHS encourage users and administrators experiencing a ransomware infection NOT to respond to extortion attempts by attempting payment and instead to report the incident to the FBI at the Internet Crime Complaint Center (IC3).

Here are some free resources to see if your computer is infected (from STOP. THINK. CONNECT.™  the global cybersecurity awareness campaign to help all digital citizens stay safer and more secure online. – See more at: http://www.stopthinkconnect.org/)

For more tips about cybersecurity, check out the following non-technical publications:

Syria: potential repercussions

September 01, 2013

The escalating drumbeat for military action naturally leads to questions about possible terrorism here in New York. Note: as of today there are no specific, credible threats against New York or the Jewish community. Nevertheless, all Jewish organizations should review their security and emergency preparedness plans to ensure that they are up-to-date and that they can be readily implemented. Some specifics:

High Holidays

If you are an organizations hosting High Holiday services and/or programs you should:

  1. Notify your local police about all planned services and programs. Discuss the number of people expected at each service and ask them for any suggestions that could improve your security and emergency preparedness plans.
  2. Review your security and emergency preparedness measures, especially access control, evacuation and lockdowns. Meet with your staff and volunteers and make sure that everyone is on the same page and knows what to do. Check the “High Holidays” category for more suggestions..

Potential for Cyberattacks

Last week the Syrian Electronic Army compromised the New York Times website and others. Western financial institutions are also targetted by others. We all should review our own cybersecurity because, in the past, anti-Israel hackers have attacked Jewish-related sites. See JCRC’s Cybersecurity Resources.

This week the FBI distributed the following:

  • The Syrian Electronic Army (SEA), a pro-regime hacker group that emerged during Syrian antigovernment protests in 2011, has been compromising high-profile media outlets in an effort to spread proregime propaganda. The SEA’s primary capabilities include spearphishing, Web defacements, and hijacking social media accounts to spread propaganda. Over the past several months, the SEA has been highly effective in compromising multiple high-profile media outlets.
  • The SEA has recently compromised high profile media Web sites through a new tactic of hacking third party networks – including a Domain Name System (DNS) registrar and a content recommendation website.
  • In April 2013, the SEA compromised the Twitter feed of the Associated Press, posting a false story that President Obama was injured, causing in a brief drop in the stock market.
  • In addition to Syrian hackers, groups or individuals sympathetic to the SEA may also be observed participating in CNO efforts against US Web sites and networks.
  • Please maintain heightened awareness of your network traffic and take appropriate steps to maintain your network security. If you detect anomalous or malicious traffic or network behavior, please contact your local FBI Cyber Task Force or the FBI CyWatch (855) 292-3937 immediately.

Defending Against Hacktivism

In general, hacktivism cyber attacks may result in denial of service, Web site defacements, and the compromise of sensitive information which may lead to harassment and identify theft. Although the specific OpUSA claims referenced above speak specifically to DDoS attacks, precautionary measures to mitigate a range of potential hacktivism threats include:

  • Implement a data back-up and recovery plan to maintain copies of sensitive or proprietary data in a separate and secure location. Backup copies of sensitive data should not be readily accessible from local networks. 
  • Have a DDoS mitigation strategy ready ahead of time and keep logs of any potential attacks.
  • Scrutinize links contained in e-mail attachments.
  • Regularly mirror and maintain an image of critical system files.
  • Encrypt and secure sensitive information.
  • Use strong passwords, implement a schedule for changing passwords frequently and do not reuse passwords for multiple accounts.
  • Enable network monitoring and logging where feasible.
  • Be aware of social engineering tactics aimed at obtaining sensitive information.
  • Securely eliminate sensitive files and data from hard drives when no longer needed or required.
  • Establish a relationship with local law enforcement and participate in IT information sharing groups for early warnings of threats.

Sci-Tech Today | Pro-Palestinian Group Hacks Jewish Paper’s Site

January 19, 2010
Pro-Palestinian Group Hacks Jewish Paper’s Site
By Adam Dickter

January 18, 2010 2:51PM

var addthis_pub=”49fa12895e626c75″;

Pro-Palestinian hackers managed to deface the web site of The Jewish Chronicle in London, but didn’t make it into the newspaper’s file system. The cyberattack apparently protested Israel’s blockade of the Gaza Strip. The Chronicle said the attackers defaced a virtual file system that was cleared by rebooting. The attackers may be based in Turkey. more. . .