|
Volume 22 — Issue 43 | October 27, 2022 |
|
|
Law enforcement officers across the country often face complex and dangerous policing environments. According to the Federal Bureau of Investigation’s (FBI’s) latest statistics on law enforcement officer deaths in 2022, the leading circumstances surrounding officers who were feloniously killed included activities related to ambushes on officers, investigative or enforcement activity, unprovoked attacks on officers, and response to disorderly/disturbance calls. Notably, the ten ambush attacks in 2022 resulting in fatalities are a 100% increase compared to the five ambush attacks in the same time period in 2021.
Here are three short learning opportunities providing awareness of issues related to tactical and emergency medical responses to violent incidents.
(1) COPS Office Podcast: Community Policing and Tactical Proficiency Are Not Mutually Exclusive. A core component of community policing is identifying individuals and situations that pose threats to a community. Apprehending violent criminals is an unavoidable part of that process. A recent episode of The Beat, the podcast of the Department of Justice’s Office of Community Oriented Policing Services (COPS Office), interviews the Executive Director of the National Tactical Officers Association (NTOA). The discussion covers the kinds of tactics needed when apprehending violent subjects, how these tactics are a vital part of ensuring officer safety and public safety, and the training that NTOA provides to increase tactical proficiency when responding to active threats. NTOA serves law enforcement as well other first responders, including the fire service and emergency medical services. Listen to the podcast or read the transcript on the COPS Office’s website.
(2) VALOR Officer Safety and Wellness Program: Casualty Care Virtual Training. The VALOR Program is offering a free 1.5-hour virtual training session on Casualty Care. The training is designed to better prepare law enforcement personnel to deal with casualties during and after a critical incident. It will address the need to eliminate the threat before administering aid, the dangers posed by preventable bleed-out, the importance and use of tourniquets, and how to manage airway and/or breathing issues associated with trauma. This training is targeted to all state, local, tribal and federal law enforcement officers. It will take place Nov. 10 from 10-11:30 a.m. EST. Learn more and register on the VALOR Program’s website.
(3) American College of Medical Toxicology: Chemical and Traumatic Crowd Control Injuries. In recent years, use of crowd control agents and strategies in response to protest events has drawn significant attention in the media. The American College of Medical Toxicology (ACMT) is offering a low-cost, 4-hour virtual training for emergency medical services, law enforcement, fire personnel, healthcare providers, first responders/receivers, emergency department physicians and nurses, and public health practitioners. The training aims to build awareness of commonly used protest-related control agents and strategies. It will describe the appropriate medical (pre-hospital and emergency department) management of chemical and traumatic crowd control injuries. This training is scheduled for Dec. 1, from 1-5:00 p.m. EST. Learn more and register on ACMT’s website.
(Sources: FBI, COPS Office, VALOR Program, ACMT)
|
|
|
The National Fire Protection Association (NFPA) released its annual U.S. Fire Department Profile report last month. The report provides an overview of local and municipal fire departments in the United States using data gathered from the NFPA’s most recent Survey of Fire Departments for U.S. Fire Experience During 2020 and the NFPA fire service survey from 2018–2020.
The report’s key findings show that in 2020, the nation’s fire service was comprised of:
- 29,452 fire departments. Of these, 18% were all career or mostly career departments and protected 70% of the US population.
- An estimated 1,041,200 career and volunteer firefighters. Of these, 364,300 (35%) were career firefighters and 676,900 (65%) were volunteer firefighters.
- Nationwide, 37% of fire departments provided no emergency medical services, 46% provided basic life support (BLS), and 17% provided advanced life support (ALS).
- 89,600 firefighters were female (9%). Of the career firefighters, 17,200 were female. There were 72,400 volunteer firefighters who were female.
- 50% of firefighters are between 30 and 49 years old.
Read the full report along with supporting data tables and related reports on the NFPA’s website.
(Source: NFPA)
The nation’s most direct route to emergency assistance, the 911 system, requires stable, safe, and resilient communications. Cyber vulnerabilities within the 911 system can be exploited by criminal or nation-state threat actors. The integration of new technology into a 911 system only expands the possible threat vectors and attack surfaces of the system.
The Cybersecurity and Infrastructure Security Agency (CISA) recently published a one-page reference aid for emergency communications centers (ECCs) / public safety answering points (PSAPs), highlighting actionable steps they can take to enhance their cybersecurity posture. This document was developed by CISA’s SAFECOM and the National Council of Statewide Interoperability Coordinators (NCSWIC).
The document, Two Things Every 911 Center Should Do to Improve Cybersecurity, urges all ECCs/PSAPs to:
- Conduct a cyber risk assessment.
- Based on the findings of the cyber risk assessment, develop plans for cyber incident response and vulnerability response.
The document breaks down the components of 911 systems to illustrate the possible attack surfaces with an easy-to-understand infographic. It provides definitions of a cyber risk assessment, cyber incident response plan and cyber vulnerability response plan, and provides links to additional guidance for how to complete each.
The guidance includes actionable steps ECCs/PSAPs can take to bolster their planning efforts, such as exercising plans; maintaining coordination with stakeholders such as their Statewide Interoperability Coordinator (SWIC); and considering implementation of cyber threat detection and mitigation as well as NG911 for enhanced security capabilities.
For questions about the document, please contact ng911wg@cisa.dhs.gov or visit cisa.gov/safecom/next-generation-911 for additional SAFECOM and NCSWIC NG911 resources.
(Source: CISA)
The National Institute of Standards and Technology’s (NIST’s) Public Safety Communications Research Division (PSCR) has been conducting annual competitions since 2018 to facilitate innovations in drone technology that will benefit first responders. The solutions produced by these challenges have led to advancements in affordable and feature-rich drone technology tailored to first responders’ needs.
NIST is currently running its fourth unmanned (or uncrewed) aircraft system (UAS) prize challenge, the 2022 First Responder UAS Indoor Challenge, and future challenges are in development.
PSCR will be hosting a webinar, The History & Future of the PSCR Drone Program, on Thursday, Nov. 17, from 11:00 a.m. to 12:00 p.m. MST. Representatives of PSCR will discuss the history and impacts of the drone program to date, updates on the current UAS Indoor Challenge and the future of the PSCR drone program.
The Drone Program is part of PSCR’s Open Innovation program, which focuses on advancing public safety communications by leveraging the creativity, expertise, and innovative solutions from a diverse array of contributors and collaborators across the globe through financial awards and incentive-based activities.
Learn more and register for the webinar on NIST’s website.
(Source: NIST)
|
|
#StopRansomware: Daixin Team
CISA, the FBI and the Department of Health and Human Services (HHS) have released a joint Cybersecurity Advisory (CSA), #StopRansomware: Daixin Team to provide information on the “Daixin Team,” a cybercrime group actively targeting U.S. businesses, predominantly in the Healthcare and Public Health (HPH) Sector, with ransomware and data extortion operations. This joint CSA provides Daixin actors’ tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) obtained from FBI threat response activities and third-party reporting.
CISA encourages HPH Sector organizations to review #StopRansomware: Daixin Team and to apply the recommended Mitigations. See StopRansomware.gov for additional guidance on ransomware protection, detection, and response.
(Source: CISA)
Iranian Cyber group Emennet Pasargad conducting hack-and-leak operations using false-flag personas
The FBI is providing information concerning ongoing hack-and-leak cyber operations conducted by Iranian cyber group Emennet Pasargad. According to FBI information, since at least 2020, Emennet targeted entities primarily in Israel with cyber-enabled information operations that included an initial intrusion, theft and subsequent leak of data, followed by amplification through social media and online forums, and in some cases the deployment of destructive encryption malware.
To avoid attribution, Emennet executed false-flag campaigns under the guise of multiple personas like hacktivist or cyber-criminal groups. Although Emennet’s latest attacks have primarily targeted Israel, the FBI judges these techniques may be used to target US entities as seen during Emennet’s cyber-enabled information operation that targeted the 2020 US Presidential election. Within the past year, the FBI has identified a destructive cyber attack against a US organization – indicating the group remains a cyber threat to the United States.
Read the full Private Industry Notification on the FBI’s Internet Crime Complaint Center (IC3) website.
(Source: FBI)
|
|
Cyber threat actors evading Mark of the Web (MOTW) for malware delivery
The Cyber Threat Intelligence (CTI) team at the Multi-State Information Sharing and Analysis Center (MS-ISAC) has observed an increase in cyber threat actors (CTAs) evading Mark of the Web (MOTW) in their malware delivery campaigns.
In July, Microsoft started blocking macros in Office application documents that come from the internet. Microsoft implemented this change because CTAs were abusing macros to gain initial access and deploy malware to their targets. This implementation designates Office documents originating from an email attachment or from the internet with a Mark of the Web (MOTW). The MOTW identifies that the document is from the internet (i.e., an untrusted location) and indicates this to the Office application opening the file, thus enabling it to block the macros.
In response to Microsoft's move, some CTAs have changed their methods for gaining initial access and are favoring container files to circumvent Microsoft’s move. At this point, this shift in technique appears limited to a small set of CTAs, but the wider CTA ecosystem will likely adopt it in time.
(Source: Center for Internet Security)
Dutch police trick DeadBolt hackers into giving away 150 decryption keys
A security expert whose company helped with the operation tells BleepingComputer that the police made ransom payments with a low fee at a time when the Bitcoin blockchain was heavily congested. DeadBolt operators sent the keys immediately without waiting for confirmation that the transactions went down. The congestion, combined with a low payment, caused the blockchain to take much longer to confirm a transactions. This enabled the police to receive the key and immediately cancel the transactions. Thanks to the tip, the Dutch police succeeded to obtaining almost 90% of the keys of victims that filed a complaint in one of the thirteen countries that shared information prior to the action.
(Source: Bitdefender)
Health system data breach due to Meta Pixel hits 3 million patients
Advocate Aurora Health (AAH), a 26-hospital healthcare system in Wisconsin and Illinois, is notifying its patients of a data breach that exposed the personal data of 3,000,000 patients. The incident was caused by the improper use of Meta Pixel on AAH's websites, where patients log in and enter sensitive personal and medical information.
Meta Pixel is a JavaScript tracker that helps website operators understand how visitors interact with the site, helping them make targeted improvements. However, the tracker also sends sensitive data to Meta (Facebook) and is then shared with a massive network of marketers who target patients with advertisements that match their conditions.
In August 2022, U.S. healthcare provider Novant Health disclosed its improper use of Meta Pixel in its implementation of the 'MyChart' portal, exposing 1.3 million patients.
(Source: Bleeping Computer)
Top 10 Malware September 2022
In September 2022, the Top 10 Malware line-up stayed relatively consistent compared to the previous month. Most malware changed their rankings in the list, and new malware took the last three spots. This month, Arechclient2, RedLine, and Ursnif returned to the Top 10 malware. The Top 10 Malware variants comprise 71% of the total malware activity in September 2022, increasing 24% from August 2022.
(Source: Center for Internet Security)
|
|
The InfoGram is distributed weekly to provide members of the Emergency Services Sector with information concerning the protection of their critical infrastructures. |
|
|
Fair Use Notice:
This InfoGram may contain copyrighted material that was not specifically authorized by the copyright owner. The EMR-ISAC believes this constitutes “fair use” of copyrighted material as provided for in section 107 of the U.S. Copyright Law. If you wish to use copyrighted material contained within this document for your own purposes that go beyond “fair use,” you must obtain permission from the copyright owner.
Linking Policy and Disclaimer of Endorsement:
The appearance of external hyperlinks does not constitute endorsement of the linked websites, or the information, products or services contained therein. We provide these links and pointers solely for your information and convenience. When you select a link to an outside website, remember that you are subject to the privacy and security policies of the owners/sponsors of the outside website. To view information and resources on the policies that govern FEMA web content visit FEMA Website Information.
Section 504 Notice:
Section 504 of the Rehabilitation Act requires that FEMA grantees provide access to information for people with disabilities. If you need assistance accessing information or have any concerns about access, please contact FEMAWebTeam@fema.dhs.gov.
|
|
|
|
|
