|
Volume 23 — Issue 37 | September 14, 2023 |
|
Microtargeting is the practice of collecting and analyzing personal data to create highly specific messaging for advertising, marketing, and influence campaigns. The advent of social media added a new dimension to the practice, as billions of people were enticed to voluntarily provide deeply personal information to virtual platforms.
Microtargeting has now emerged as a tactic for information warfare, amid vast changes in technology and political turmoil. In the coming decade, bad actors will likely use microtargeting techniques to threaten the missions of federal law enforcement, the military, civilian leadership, as well as social and financial structures.
A new report, Microtargeting Unmasked: Safeguarding Law Enforcement, the Military, and the Nation in the Era of Personalized Threats, explores how microtargeting tactics could be used to attack high-value individuals (HVIs), or those close to them, in the U.S. military, law enforcement, other government agencies, and the public – to achieve a strategic end. The report was authored by Arizona State University’s (ASU’s) Threatcasting Lab and jointly sponsored by the U.S. Secret Service (USSS) and the U.S. Army Cyber Institute at West Point.
During a November 2022 Threatcasting workshop, a cross-functional group of practitioners explored fictional scenarios to examine how threats might evolve in an increasingly interconnected “information age” environment, and this report is based on their findings. The expanding digital footprint of every individual, amplified through artificial intelligence and machine learning, makes us all increasingly vulnerable to microtargeting. The report explores novel technologies such as generative AI “deepfakes,” virtualized spaces, and neurostimulation as emerging areas of vulnerability. The report examines how bad actors could leverage technology, ubiquitous personal data, and compromised cybersecurity to stigmatize, extort, and even assassinate figures crucial to the security and stability of the United States.
After forecasting what plausible future threats might look like, the report outlines a series of “flags” worthy of looking out for. These flags serve as early warnings and clear signals that a specific threat is about to occur. Flags fall into four categories: technological progression, next generation security, degrading economic and social conditions that lead to vulnerabilities, and the expansion of new influencer types.
The report then identifies “gates” which can serve as early actions that can be taken to disrupt the threat before it occurs. Actions are listed under three categories: developing an advanced digital defense posture, using human rights as a security measure, and expanding education.
Access the report on the Secret Service’s website.
(Sources: USSS, U.S. Army Cyber Institute, ASU)
|
|
Children have unique physiological responses to illness and injury that differ from those of adults. However, approximately 80% of prehospital agencies see fewer than 8 pediatric patients per month, which makes it challenging for emergency medical services (EMS) providers to develop and maintain pediatric care competencies, according to national data collected through the Health Resources and Services Administration’s (HRSA’s) Emergency Medical Services for Children (EMSC) Program.
Through its State Partnership Program, the EMSC Program makes grant funds available to states, territories, and accredited school of medicine to support projects for the expansion and improvement of emergency medical services for children who need treatment for trauma or critical care.
The EMSC Program has announced the release of its Performance Measures 2023 Implementation Manual for State Partnership Grantees. The new manual outlines nine new performance measures and two program evaluative measures for 2023-2027, addressing both hospital emergency department and prehospital pediatric readiness.
The prehospital-based performance measures focus on:
- Improving pediatric readiness in prehospital systems by establishing a standardized pediatric readiness recognition program for prehospital agencies.
- Increasing the number of prehospital agencies with a pediatric emergency care coordinator (PECC).
- Increasing the number of prehospital agencies that have a process for pediatric skills-checking on the use of pediatric equipment.
- Increasing pediatric disaster readiness in prehospital agencies by ensuring that disaster plans address the needs of children.
For more information on these updated performance and evaluative measures for pediatric readiness, see the EMSC Innovation and Improvement Center’s (EIIC’s) news release and Performance Measures.
In addition to the State Partnership Program, EMS providers may want to explore other programs at the EIIC supporting prehospital systems such as the National Prehospital Pediatric Readiness Project (PPRP). The PPRP is focused only on prehospital systems – including fire departments that respond to medical 911 calls. The PPRP aims to equip EMS systems to be prepared to provide high-quality care for children in accordance with national recommendations, also known as being “pediatric ready.” The EMSC Program has launched a dedicated website, emspedsready.org, which provides additional EMS resources and information on the upcoming National Prehospital Pediatric Readiness Project Assessment, anticipated to launch in May 2024.
(Source: EIIC)
Each September, the Federal Emergency Management Agency’s (FEMA’s) Ready Campaign sponsors National Preparedness Month to encourage everyone in America to prepare for disasters and emergencies that could happen anywhere and at any time. The focus this year is on preparing older adults and their caregivers ahead of disasters like hurricanes, wildfires, and floods.
The U.S. Census Bureau projects that by 2035 there will be more Americans over the age of 65 than under the age of 18. Older adults are pillars in our communities and have contributed so much to this great nation.
But older adults can face greater risks when it comes to extreme weather events and emergencies, especially if they are living alone, are low-income, have a disability, or live in rural areas. It is important that older adults and those who care for them have the proper tools and resources to be prepared for disasters and emergencies.
This year’s theme “Take Control in 1, 2, 3,” encourages everyone, especially older adults and their caregivers, to become more prepared with three simple steps:
- Assess your needs.
- Make a plan.
- Engage your support network.
FEMA is encouraging its partners, emergency managers and all those who work with and support older adult communities to access the new Ready.gov campaign webpage available in English and Spanish languages at Ready.gov/older-adults and Ready.gov/es/adultos-mayores for preparedness messaging, graphics and resources. FEMA created a toolkit with key messaging, graphics and talking points to help partners uplift and amplify this year’s National Preparedness Month theme.
Additionally, in observance of National Preparedness Month, the Centers for Disease Control and Prevention (CDC) has launched a series of discussion-based activities to help public health departments develop “whole community” plans that consider the impacts of social determinants of health on personal health preparedness and response.
Wildfires, floods, extreme heat, and other disasters can significantly impact indoor air quality. The Environmental Protection Agency (EPA) provides tips and many educational resources on how to maintain indoor air quality during emergencies.
During all of hurricane season, the Consumer Product Safety Commission (CPSC) reminds everyone about the life safety hazards associated with a variety of consumer products that are commonly used post-storm, such as portable generators, charcoal, candles, and small electrical appliances.
(Sources: FEMA, CDC, EPA, CPSC)
In June of 2023, the Homeland Defense & Security Information Analysis Center (HDIAC) convened a Tabletop Exercise (TTX) in Oak Ridge, Tennessee, which posited a mixed-hazardous waste “dirty bomb” blanketing a nearby federal reservation and its research facilities in a harmful chemical plume. With more than 50 participants in attendance representing 20+ city, state, federal, civilian, and military organizations, the TTX grappled with critical questions of emergency response planning, cross-jurisdiction mutual aid, how best to detect and report on hazards, and triaged personal protective equipment use.
This webinar will discuss the motivation behind the chosen scenario and lessons learned from the exercise.
Visit HDIAC’s website to register for this webinar. The webinar is open to all, but a free HDIAC account is required to register.
(Source: HDIAC)
|
|
NSA, FBI, and CISA release cybersecurity information sheet on deepfake threats
On Sept. 12, the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and the Cybersecurity and Infrastructure Security Agency (CISA) released a Cybersecurity Information Sheet (CSI), Contextualizing Deepfake Threats to Organizations, which provides an overview of synthetic media threats, techniques, and trends.
Threats from synthetic media, such as deepfakes, have exponentially increased—presenting a growing challenge for users of modern technology and communications, including the National Security Systems (NSS), the Department of Defense (DoD), the Defense Industrial Base (DIB), and national critical infrastructure owners and operators.
Between 2021 and 2022, U.S. Government agencies collaborated to establish a set of employable best practices to take in preparation and response to the growing threat. Public concern around synthetic media includes disinformation operations, designed to influence the public and spread false information about political, social, military, or economic issues to cause confusion, unrest, and uncertainty.
(Source: CISA)
CISA releases its Open Source Software Security Roadmap
On Sept. 12, CISA released an Open Source Software Security Roadmap to lay out—in alignment with the National Cybersecurity Strategy and the CISA Cybersecurity Strategic Plan—how CISA will partner with federal agencies, open source software (OSS) consumers, and the OSS community, to secure OSS infrastructure. To that end, the roadmap details four key goals:
- Establish CISA’s role in supporting the security of OSS,
- Understand the prevalence of key open source dependencies,
- Reduce risks to the federal government, and
- Harden the broader OSS ecosystem.
(Source: CISA)
|
|
CISA, FBI, and CNMF release advisory on Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475
On Sept. 7, CISA, the FBI, and U.S. Cyber Command’s Cyber National Mission Force (CNMF) published a joint Cybersecurity Advisory (CSA), Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475. This CSA provides information on an incident at an Aeronautical Sector organization, with malicious activity occurring as early as January 2023.
CISA, FBI, and CNMF confirmed that nation-state advanced persistent threat (APT) actors exploited CVE-2022-47966 to gain unauthorized access to a public-facing application (Zoho ManageEngine ServiceDesk Plus), establish persistence, and move laterally through the network. This vulnerability allows for remote code execution on the ManageEngine application. Additional APT actors were also observed exploiting CVE-2022-42475 to establish presence on the organization’s firewall device.
(Source: CISA)
HC3 Sector Alert: Akira Ransomware
Akira is a Ransomware-as-a-Service (RaaS) group that started operations in March 2023. Since its discovery, the group has claimed over 60 victims, which have typically ranged in the small- to medium-size business scale. Akira has garnered attention for a couple of reasons, such as their retro 1980s-themed website (see figure below) and the considerable demands for ransom payments ranging from $200,000 to $4 million. Akira has been observed obtaining initial malware delivery through several methods, such as leveraging compromised credentials and exploiting weaknesses in virtual private networks (VPN), typically where multi-factor authentication (MFA) is not being used. Like many ransomware groups, they employed the double-extortion technique against their victims by exfiltrating data prior to encryption. It is also believed that the group may contain some affiliation with Conti due to observed overlap in their code and cryptocurrency wallets. The group has targeted multiple sectors, including finance, real estate, manufacturing, and healthcare.
Read the full Sector Alert from the Department of Health and Human Services’ (HHS’) Health Sector Cybersecurity Coordination Center (HC3).
(Source: HHS HC3)
Multiple foreign nationals charged in connection with Trickbot malware and Conti ransomware conspiracies
On Sept. 7, the Department of Justice (DOJ) announced three indictments in three different federal jurisdictions have been unsealed charging multiple Russian cybercrime actors involved in the Trickbot malware and Conti ransomware schemes.
According to court documents and public reporting, Trickbot, which was taken down in 2022, was a suite of malware tools designed to steal money and facilitate the installation of ransomware. Hospitals, schools, and businesses were among the millions of Trickbot victims who suffered tens of millions of dollars in losses. While active, Trickbot malware, which acted as an initial intrusion vector into victim computer systems, was used to support various ransomware variants, including Conti. Conti was a ransomware variant used to attack more than 900 victims worldwide, including victims in approximately 47 states, the District of Columbia, Puerto Rico, and approximately 31 foreign countries. According to the FBI, in 2021, Conti ransomware was used to attack more critical infrastructure victims than any other ransomware variant.
(Source: DOJ)
CISA warns govt agencies to secure iPhones against spyware attacks
On Sept. 11, CISA ordered federal agencies to patch security vulnerabilities abused as part of a zero-click iMessage exploit chain to infect iPhones with NSO Group's Pegasus spyware.
This warning comes after Citizen Lab disclosed that the two flaws were used to compromise fully-patched iPhones belonging to a Washington DC-based civil society organization using an exploit chain named BLASTPASS that worked via PassKit attachments containing malicious images.
Citizen Lab also warned Apple customers to apply emergency updates issued on Thursday immediately and urged individuals susceptible to targeted attacks due to their identity or occupation to enable Lockdown Mode.
(Source: Bleeping Computer)
|
|
The InfoGram is distributed weekly to provide members of the Emergency Services Sector with information concerning the protection of their critical infrastructures. |
|
Fair Use Notice: This InfoGram may contain copyrighted material that was not specifically authorized by the copyright owner. The EMR-ISAC believes this constitutes “fair use” of copyrighted material as provided for in section 107 of the U.S. Copyright Law. If you wish to use copyrighted material contained within this document for your own purposes that go beyond “fair use,” you must obtain permission from the copyright owner.
Linking Policy and Disclaimer of Endorsement: The appearance of external hyperlinks does not constitute endorsement of the linked websites, or the information, products or services contained therein. We provide these links and pointers solely for your information and convenience. When you select a link to an outside website, remember that you are subject to the privacy and security policies of the owners/sponsors of the outside website. To view information and resources on the policies that govern FEMA web content visit FEMA Website Information.
Section 504 Notice: Section 504 of the Rehabilitation Act requires that FEMA grantees provide access to information for people with disabilities. If you need assistance accessing information or have any concerns about access, please contact FEMAWebTeam@fema.dhs.gov.
|
|
|
|
|