Security/Emergency Information

Microsoft Customer Guidance for WannaCrypt attacks

Posted on May 15, 2017


Microsoft solution available to protect additional products

Today many of our customers around the world and the critical systems they depend on were victims of malicious “WannaCrypt” software. Seeing businesses and individuals affected by cyberattacks, such as the ones reported today, was painful. Microsoft worked throughout the day to ensure we understood the attack and were taking all possible actions to protect our customers. This blog spells out the steps every individual and business should take to stay protected. Additionally, we are taking the highly unusual step of providing a security update for all customers to protect Windows platforms that are in custom support only, including Windows XP, Windows 8, and Windows Server 2003. Customers running Windows 10 were not targeted by the attack today.

Details are below.

  • In March, we released a security update which addresses the vulnerability that these attacks are exploiting. Those who have Windows Update enabled are protected against attacks on this vulnerability. For those organizations who have not yet applied the security update, we suggest you immediately deploy Microsoft Security Bulletin MS17-010.
  • For customers using Windows Defender, we released an update earlier today which detects this threat as Ransom:Win32/WannaCrypt. As an additional “defense-in-depth” measure, keep up-to-date anti-malware software installed on your machines. Customers running anti-malware software from any number of security companies can confirm with their provider, that they are protected.
  • This attack type may evolve over time, so any additional defense-in-depth strategies will provide additional protections. (For example, to further protect against SMBv1 attacks, customers should consider blocking legacy protocols on their networks).

We also know that some of our customers are running versions of Windows that no longer receive mainstream support. That means those customers will not have received the above mentioned Security Update released in March. Given the potential impact to customers and their businesses, we made the decision to make the Security Update for platforms in custom support only, Windows XP, Windows 8, and Windows Server 2003, broadly available for download (see links below).

Customers who are running supported versions of the operating system (Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8.1, Windows Server 2012, Windows 10, Windows Server 2012 R2, Windows Server 2016) will have received the security update MS17-010 in March. If customers have automatic updates enabled or have installed the update, they are protected. For other customers, we encourage them to install the update as soon as possible.

This decision was made based on an assessment of this situation, with the principle of protecting our customer ecosystem overall, firmly in mind.

Some of the observed attacks use common phishing tactics including malicious attachments. Customers should use vigilance when opening documents from untrusted or unknown sources. For Office 365 customers we are continually monitoring and updating to protect against these kinds of threats including Ransom:Win32/WannaCrypt. More information on the malware itself is available from the Microsoft Malware Protection Center on the Windows Security blog. For those new to the Microsoft Malware Protection Center, this is a technical discussion focused on providing the IT Security Professional with information to help further protect systems.

We are working with customers to provide additional assistance as this situation evolves, and will update this blog with details as appropriate.

Phillip Misner, Principal Security Group Manager  Microsoft Security Response Center

Further resources:

Download English language security updates: Windows Server 2003 SP2 x64, Windows Server 2003 SP2 x86, Windows XP SP2 x64, Windows XP SP3 x86, Windows XP Embedded SP3 x86, Windows 8 x86, Windows 8 x64

Download localized language security updates: Windows Server 2003 SP2 x64, Windows Server 2003 SP2 x86, Windows XP SP2 x64, Windows XP SP3 x86, Windows XP Embedded SP3 x86, Windows 8 x86, Windows 8 x64

General information on ransomware: https://www.microsoft.com/en-us/security/portal/mmpc/shared/ransomware.aspx

MS17-010 Security Update: https://technet.microsoft.com/en-us/library/security/ms17-010.aspx

Still no budget, but get started

Posted on April 28, 2017

April 28, 2017 | The timing of the 2017 applications is still up in the air. The House voted 382 to 30 and the Senate unanimously approved a bill to keep the government open until May 5th. This will give the negotiators time to finalize a longer-term deal that would fund the government through the end of the fiscal year in September. There can be no grant programs without a budget.

Once the budget bill is signed by the President, the US Department of Homeland should post its its guidance within a week or two and the NY Division of Homeland Security and Emergency Services releasing its Request for Applications soon thereafter. Assuming that the budget passes next week, don’t be surprised if the application package is due at the end of May or the beginning of June.

So the turnaround may be very quick. We don’t anticipate any significant changes in the application process and most of the requirements of the application process can be met before the deadline. Our advice is to get started now! Here’s what you can do.

Powerpoint presentation/video Download a PDF from our 2017 webinar here and view the recording: Part 1, Part 2
Prequalification NY nonprofits should register at https://grantsgateway.ny.gov/ &
complete their Document Vault . See JCRC-NY’s additional information at: http://www.jcrcny.org/document-vault-faqs/ .If your nonprofit was previously prequalified, you will still have to update certain documents or your document vault is expired. Check our your document vault for more information.
NY nonprofit grants webpage If you’ve never applied before, click here for New York’s nonprofit webpage, with the E-grant application. If you have an existing account (and remember the
username/password), you’re fine.
Risk assessment You can do conduct a self-assessment, have your local police do a crime prevention survey or get an independent professional. Find guidance and contacts
here and JCRC-NY’s guide to security consultants here. There are some good self-assessment tools available. Check out:

Investment Justification Download the 2016 Investment Justification here to see what the application looks like. Make sure to submit your information on the 2017 forms are released.
Threat scan Stymied by the “Risk” section of the Investment Justification? Download our Selective Threat Scan for documentation and help with the “Threat” and “Consequences” questions. You will need an assessment to identify your vulnerabilities.
For the most up-to-date info http://www.jcrcny.org/securitygrants

During Pesach, heightened vigilance is required

Posted on April 10, 2017

EVENT ASSESSMENT

While there are no reports indicating a specific threat to New York City or Jewish institutions during the Passover holiday, religious institutions and religious figures remain attractive targets for multiple terrorist groups—to include al-Qa’ida and the Islamic State of Iraq and ash Sham(ISIS)—and their adherents. Al-Qa’ida and ISIS have consistently called for attacks against Israel and Jewish interests and recent propaganda from both groups have urged sympathizers to carry out attacks using a range of tactics, including vehicle ramming, edged weapons, improvised explosive devices, and Molotov cocktails.

Terrorist groups and their sympathizers have targeted synagogues and other Jewish locations in the past, both abroad and here in the United States. In December 2016, Austrian authorities disrupted an alleged plot to target a synagogue on the first night of Hanukkah. Two individuals, one of whom was known to authorities, were questioned by police and found to be carrying knives intended for use against the rabbi and his congregants. In May of 2014, ISIL-linked French operative Mehdi Nemmouche opened fire with an assault rifle on a Jewish museum in Brussels, Belgium, resulting in the deaths of four people. In 2016, there were several foiled attack attempts at Jewish institutions in the United States. On April 29, James Gonzalo Medina, a convert to Islam, was arrested by the FBI for attempting to bomb the Aventura Turnberry Jewish Center in Florida during services on the seventh day of Passover. The FBI also foiled the plot of Mahin Khan, a self-described “American jihadist,” after he sought to build pipe and pressure cooker bombs.

Khan considered several targets, including the JCC in Tucson, Arizona. He was arrested in July 2016 after he contacted an individual he believed to be an ISIS fighter.

In addition to the threat from foreign terrorist organizations, domestic terrorism increasingly threatens minority groups and institutions in the United States. In February 2017, a South Carolina white supremacist was arrested after an undercover investigation indicated that he was planning to attack minorities in the local area, and had by that point purchased a weapon to do so. The suspect, Benjamin McDowell, allegedly wanted to replicate Dylann Roof’s mass casualty attack and made a number of online threats against a local synagogue. He further made public statements in support of violent white supremacist ideology, according to press reports.

Hate crimes continue to rise around the United States, a number of which have been anti-Semitic in nature. In addition to the desecration of grave sites at cemeteries in Philadelphia and St. Louis, the Anti-Defamation League stated that there have been at least 166 bomb threats made to Jewish institutions across 38 states in the U.S. and three Canadian provinces since January 2017, none of which resulted in the discovery of explosives. On March 23, 2017, 18-year-old Michael Ron David Kadar, a dual US-Israeli citizens, was arrested by Israel on suspicion of making more than 100 bomb threats against JCCs in the United States, Canada, Australia and New Zealand over the past six months. Kadar’s motive remains unknown. In St. Louis, Juan Thompson was arrested for making at least eight threats to Jewish institutions around the country, including the Jewish History Museum in Manhattan, and Jewish schools and a local JCC.

Despite the arrests of two individuals associated with the multiple, unfounded bomb threats, it is probable that other like-minded individuals may seek to carry out similar threats against Jewish locations given the extensive high-profile media coverage these threats received.

The series of anonymous, unfounded bomb threats against multiple targets was likely intended to spread fear, create considerable disruptions to business and people’s lives, and generate financial costs. Bomb threats can also create soft targets; evacuations of large groups of people into the open offer possible attackers a large, predictable target in a desired location vulnerable to a variety of attacks, to include active shooters, improved explosive devices, edged weapons, and vehicle-ramming assaults.

If You See Something, Say Something – 1-888-NYC-SAFE (1-888-692-7233)

New York State Security Funding

Posted on April 10, 2017

This year’s New York State budget includes the following allocation. Obviously, the details are still pending.

“Capital Projects Funds – Other Capital Project Fund Program Improvement/Change Purpose For competitive grants to provide safety and security projects at nonpublic schools, community centers and day care facilities at risk of hate crimes or attacks because of their ideology, beliefs or mission.

Provided that an assessment of facilities at risk may include, but not be limited to, considerations of the vulnerabilities of the organization based on its location and membership, and the potential consequences of a hate crime or attack at the facility. The amount appropriated herein may be transferred or suballocated to the division of homeland security and emergency services to accomplish the intent of this appropriation.”

Note: the language “considerations of the vulnerabilities of the organization based on its location and membership” differs from the classic definition of vulnerability,”any weakness that can be exploited by an aggressor, or in a non-terrorist environment, make an asset susceptible to hazard damage. (FEMA, Building Design for Homeland Security)”, i.e., gaps in physical security. Location and membership are usually considered in a threat analysis in the classic security equation: risk=threat + vulnerability + consequences.

The language gives DHSES responsibility for the grants. Stay tuned for more information.

Israeli-American Teen Arrested for Bomb Threats

Posted on March 23, 2017

See the links below for information about today’s arrest of a suspect believed to be responsible for the majority of the bomb threats over the past months. Remember, another individual was already arrested and law enforcement authorities believe that there are other copycats.

It is important that we stay vigilant and continue to hone our response plans. We greatly appreciate the work of the FBI, NYPD and the Israeli National Police for their work.

 

 

Posted in Bomb, Hate Crime