|
Volume 21 — Issue 12 | March 25, 2021 |
|
|
In its role as the nation’s risk advisor, the Cybersecurity and Infrastructure Security Agency (CISA) has released a CISA Insight on COVID-19 Vaccination Hesitancy within the Critical Infrastructure Workforce. The World Health Organization defines vaccine hesitancy as a “delay in acceptance or refusal of vaccines despite availability of vaccination services.”
CISA recognizes vaccine hesitancy as a risk to our National Critical Functions and critical infrastructure companies and operations. COVID-19 outbreaks among critical infrastructure workforces can cause serious disruptions to the daily functions of these industry sectors. Essential workers within phase 1a and 1b populations are especially important since they are public facing and support the functionality of the critical infrastructure.
CISA stresses the role of clear, accurate, reliable and timely information in reducing vaccine hesitancy and the associated risks of low vaccination rates among the critical infrastructure workforce. CISA encourages critical infrastructure owners and operators to become messengers of clear and reliable information about the COVID-19 vaccination program within their workplaces.
This CISA Insight provides guidance that critical infrastructure owners and operators can take to reduce the risk and encourage vaccine acceptance. Suggested actions include having workplace leadership take the COVID-19 vaccine and ensuring accommodations for workers’ who need time off to get the vaccine, with additional time off for anyone who has significant reactions to the vaccine.
CISA also encourages critical infrastructure owners and operators to utilize the Centers for Disease Control and Prevention’s (CDC) Essential Workers COVID-19 Vaccine Toolkit, for additional tools to support on communicating effectively about the COVID-19 vaccine to essential workers. Additional guidance provided by the CDC includes coordinating with your local health department to provide accurate information about the benefits, safety, side effects and effectiveness of vaccines; and having open discussions with your workforce to disseminate factual information and provide opportunities to voice questions and concerns.
For more information or to seek additional help, please visit the CISA COVID-19 Resource Page or email Central@CISA.DHS.GOV.
(Source: CISA)
Earlier this month, the Food and Drug Administration (FDA) issued a consumer update in response to multiple reports of patients who have required medical support and been hospitalized after self-medicating with Ivermectin, an antiparasitic drug, to treat themselves for COVID-19. The FDA warns the public that Ivermectin has not been approved to treat COVID-19 and should not be used for this purpose.
Emergency medical services, public health officials and those responsible for prevention and safety education in their organizations should be armed with the facts and aware of the circumstances that may have contributed to these poisoning incidents. Ongoing clear and careful safety messaging about Ivermectin will be critical to preventing future incidents of poisoning by self-medicating with Ivermectin as an attempt to treat COVID-19.
Interest in Ivermectin to treat COVID-19 in humans increased last year due to the publicized results of a laboratory study showing that Ivermectin was effective at inhibiting the replication of SARS-CoV-2, the virus that causes COVID-19 in vitro – meaning, it was effective only in a culture in a lab setting. The study did not test for its safety or effectiveness inside the human body (in vivo).
The FDA released a letter to stakeholders in the public health community last year, warning that the increased public interest in the study could lead to the spread of misinformation, fraudulent “cures” and misuse of the drug.
Ivermectin is often used in the United States to treat or prevent parasites in animals. It is therefore relatively easy to obtain in formulations intended for animals through a veterinary prescription. Additionally, Ivermectin tablets are approved for use in humans, but only for certain conditions caused by some intestinal parasites and as a topical application for treatment of head lice. When Ivermectin is prescribed in humans for these conditions, the doses are very specific and much smaller than those used to treat parasitic infections in animals. The FDA provides answers to frequently asked questions on the intended uses of Ivermectin.
The National Institutes of Health issued a statement last month, refusing to support the use of Ivermectin to treat COVID-19 until clinical trials in humans find it to be safe and effective.
In addition to promoting public awareness of the dangers of misuse of Ivermectin, you can also help to protect public health by alerting the FDA of anyone claiming to have a product to prevent or cure COVID-19 and by reporting any of these products to FDA-COVID-19-Fraudulent-Products@fda.hhs.gov or 1-888-InfoFDA (1-888-463-6332).
(Source: FDA)
|
|
|
FEMA's National Integration Center (NIC) is publishing final updates to 18 public works resource typing positions and teams. The updates will facilitate sharing of these positions at all jurisdictional levels and will support the augmentation of the FEMA workforce during disaster operations.
The NIC release includes a variety of positions and teams for debris and damage assessment specialists, public works, engineers, mechanics and equipment operators. These teams and positions will ensure proper classification of deployable public works positions and teams at all jurisdictional levels. Using consistent resource management concepts such as typing, inventorying, organizing and tracking will facilitate the dispatch, deployment and recovery of resources before, during, and after an incident.
The updated positions are available in FEMA’s Resource Typing Library Tool (RTLT), an online catalogue of National Incident Management System (NIMS) resource typing definitions, job titles/position qualifications and Position Task Books (PTBs).
For more information on Resource Management, visit FEMA’s NIMS Guidance and Tools page. An Independent Study course on Resource Management is also available through FEMA’s Emergency Management Institute.
(Source: FEMA)
The Rural Domestic Preparedness Consortium (RDPC) will be facilitating a two-day training course titled Mass Fatalities Planning and Response (AWR-232).
Responding to a mass fatality incident, which includes the recovery, identification, and reunification of the deceased, is one of the most difficult aspects of a disaster response.
This eight-hour class is delivered in two four-hour Zoom sessions, over two consecutive days. The instructor-led awareness level course is designed to prepare rural first responders and officials with the basic knowledge, skills and abilities to manage a mass fatality incident impacting their jurisdiction. Issues addressed include establishing roles and responsibilities, assets management, remains processing and identification, diversity issues and development of a mass fatality plan.
The course is designed for emergency management, emergency medical services, fire service, governmental administrative, law enforcement, healthcare, public health, public safety communications, community volunteer, security and safety personnel.
The course will be held on Wednesday, April 7 and Thursday, April 8, 2021 from 8:30 a.m. to 12:30 p.m. each day. There is no cost to attend this training but seating is limited, so you must preregister. A FEMA student ID is required for registration. The deadline to register is April 4, 2021 at 5:00 p.m. EST.
(Source: RDPC)
|
|
FBI releases the Internet Crime Complaint Center 2020 Internet Crime Report, including COVID-19 scam statistics
The FBI’s Internet Crime Complaint Center (IC3) has released its annual report. The 2020 Internet Crime Report includes information from 791,790 complaints of suspected internet crime—an increase of more than 300,000 complaints from 2019—and reported losses exceeding $4.2 billion. State-specific statistics have also been released and can be found within the 2020 Internet Crime Report and in the accompanying 2020 State Reports.
The top three crimes reported by victims in 2020 were phishing scams, non-payment/non-delivery scams, and extortion. Victims lost the most money to business email compromise scams, romance and confidence schemes, and investment fraud. Notably, 2020 saw the emergence of scams exploiting the COVID-19 pandemic. The IC3 received over 28,500 complaints related to COVID-19, with fraudsters targeting both businesses and individuals.
(Source: FBI)
Five months after takedown attempt, CISA and FBI warn of ongoing TrickBot attacks
CISA and the FBI have warned of an uptick in attacks deploying the TrickBot malware, largely utilizing phishing campaigns as the initial infection vector. The two entities released a joint advisory to the public on Wednesday, March 17, alerting individuals of the sophisticated attacks. According to the announcement, a group of cybercriminals are leveraging a traffic infringement phishing scheme that lures victims into downloading the malware.
TrickBot was originally observed in 2016 and has since become one of the most prevalent malware families. In October 2020, Microsoft announced that it had disrupted the infrastructure behind TrickBot, taking most of it down. However, the malware survived the takedown attempt and came back stronger, with several new updates that protected against similar attempts. The recent attacks confirm that TrickBot’s operators were able to restore their malicious operations.
(Source: OODA Loop)
Distributed Denial of Service (DDoS) Attacks
As information systems become more sophisticated, so do the methods used by the attackers. Criminal and nation state actors have long recognized the value of denial-of-service attacks which can cause serious business interruptions for any organization connected to the internet. Denial-of-Service attacks have increased in magnitude as more devices come online and organizations increase remote access for their staff.
The Health ISAC has released a paper that covers the motivations behind DDoS attacks, provides several historical examples and details several strategic and tactical recommendations IT and information security professionals can implement in their organizations to limit impacts from these disruptive attacks.
Read the full report from the Health ISAC.
(Source: Health ISAC)
How one company was hit by ransomware, but refused to pay up
It started out as a normal Thursday for a data storage company based in Boulder, Colorado. And then the ransomware attack began. The company’s IT director realized that the company was under attack – and that its files were being encrypted.
In total, three-quarters of the production environment was compromised with ransomware. The hackers left a ransom note demanding a payment of $3.6 million in bitcoin in exchange for the decryption key.
Another problem: the attack came in May 2020, when many employees had just started to work remotely because of the COVID-19 outbreak, so there was no way of easily communicating what was going on outside the building. But, instead of communicating with the cyber criminals at all, the IT director contacted the FBI.
Read the full story.
(Source: ZDNet)
|
|
The InfoGram is distributed weekly to provide members of the Emergency Services Sector with information concerning the protection of their critical infrastructures. |
|
|
Fair Use Notice:
This InfoGram may contain copyrighted material that was not specifically authorized by the copyright owner. The EMR-ISAC believes this constitutes “fair use” of copyrighted material as provided for in section 107 of the U.S. Copyright Law. If you wish to use copyrighted material contained within this document for your own purposes that go beyond “fair use,” you must obtain permission from the copyright owner.
Disclaimer of Endorsement:
The appearance of external hyperlinks does not constitute endorsement of the linked websites or the information, products or services contained therein. Reference to any specific commercial products, process or service by trade name, trademark, manufacturer or otherwise, does not necessarily constitute or imply its endorsement, recommendation or favoring by the EMR-ISAC or the U.S. government.
Section 504 Notice:
Section 504 of the Rehabilitation Act requires that FEMA grantees provide access to information for people with disabilities. If you need assistance accessing information or have any concerns about access, please contact FEMAWebTeam@fema.dhs.gov.
|
|
|
|
|
