Due to ongoing civil unrest, hacktivist groups are actively threatening and endorsing cyber attacks against law enforcement and state government networks, FBI warns in a notification released this morning, June 2.
"The FBI is providing this Private Industry Notification to law enforcement partners to increase cyber vigilance and recommend mitigation to protect computer networks, outward facing webpages, and social media accounts against a cyber attack," the security notification states. Threat Hacktivist groups have historically conducted and advocated for cyber attacks following high-profile and controversial political or socioeconomic events. Groups such as “Anonymous” are actively leveraging societal and political unrest to encourage global cyber action against law enforcement and government computer networks, outward facing web pages, and social media accounts. The FBI has identified active target lists published by individuals affiliating themselves with hacktivist groups, to include police departments and local and state government computer networks.
Historically, hacktivists have provided tools and guidance on cyber attack methodology and techniques to anyone willing to conduct an attack on behalf of their cause. Distributed denial of service attacks along with web page and social media profile defacement are a preferred tactic for hacktivist operations, but attackers have also conducted data exfiltration of emails and sensitive files for public release. Following the shooting of Michael Brown in 2014,
individuals claiming affiliation with Anonymous attacked Ferguson City Hall’s website and released personally identifiable information (PII) and personal family information for the St. Louis County police chief. Criminals used the PII to open fraudulent credit card accounts in the chief’s name.
Hacktivist operations are conducted by sophisticated and non-sophisticated cyber actors globally, with followers receiving targets from individuals conducting extensive reconnaissance. Reconnaissance can include the use of web scanning tools to identify open network ports or unpatched vulnerabilities. This phase of activity can also target social media accounts of officers, government officials, and employees to create targeted phishing emails aimed at infecting networks through malicious attachments and links, creating an initial intrusion vector for follow-on cyber operations.
Recommended Mitigations General Cyber Recommendations
Update and patch all systems, to include operating systems, software, and any third-party code running as part of your website.
Keep anti-virus and anti-malware up to date and firewalls properly configured.
Create a disaster recovery plan to ensure successful and efficient communication, mitigation, and recovery in the event of an attack.
Implement a password policy that requires passwords to be at least 14 characters or longer preferably using a passphrase to increase complexity while assisting user recall.
Email Phishing Recommendations
Be wary of unsolicited attachments, even from people you know. Cyber actors can "spoof" the return address, making it look like the message came from a trusted associate.
Keep software up to date. Install software patches so that attackers can't take advantage of known problems or vulnerabilities.
If an email or email attachment seems suspicious, don't open it, even if your antivirus software indicates that the message is clean. Attackers are constantly releasing new viruses, and the antivirus software might not have the signature.
Save and scan any attachments before opening them.
Turn off the option to automatically download attachments. To simplify the process of reading email, many email programs offer the feature to automatically download attachments. Check your settings to see if your software offers the option, and disable it.
Distributed Denial of Service Identification and Recommendations
Unusually slow network performance (opening files or accessing websites) o Unavailability of a particular website or the inability to access any website.
Enroll in a Denial of Service protection service that detects abnormal traffic flows and redirects traffic away from your network.
Create a partnership with your local internet service provider (ISP) prior to an event and work with your ISP to control network traffic attacking your network during an event.
Reporting Notice The FBI encourages recipients of this document to report information concerning suspicious or criminal activity to their local FBI field office or the FBI’s 24/7 Cyber Watch (CyWatch). Field office contacts can be identified at www.fbi.gov/contact-us/field. CyWatch can be contacted by phone at (855) 292-3937 or by email at CyWatch@fbi.gov. When available, each report submitted should include the date, time, location, type of activity, number of people, and type of equipment used for the activity, the name of the submitting company or organization, and a designated point of contact. Press inquiries should be directed to the FBI’s National Press Office at firstname.lastname@example.org or (202) 324-3691.