DEPARTMENT OF FINANCIAL INSTITUTIONS

COVID-19 Alert - For the latest information on the novel coronavirus in Kentucky, please visit kycovid19.ky.gov

DEPARTMENT OF FINANCIAL INSTITUTIONS

Cybersecurity Resources

The resources below relate to recent cybersecurity attacks and related issues. The Department of Financial Institutions urges all regulated entities and individuals to stay abreast of developments related to these attacks and any implications they may have for your business. DFI will update this page as new resources become available.

Last Updated Sept. 15, 2021

NSCS, CISA, FBI and NSA

May 7, 2021 – Joint Advisory: Further TTPs Associated with SVR Cyber Actors

U.S. Department of Homeland Security

July 21, 2021 – 2021 Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Weaknesses

April 6, 2021 - Active Cyberattacks on Mission-Critical SAP Applications

FBI

Aug. 25, 2021 – MC-000-150-MW Indicators of Compromise Associated with Hive Ransomware
Aug. 23, 2021 – CU-000149-MW Indicators of Compromise Associated with OnePercent Ransomware
July 28, 2021 – AA21-209A Top Routinely Expolited Vulnerabilities
March 23, 2021 – CU-000143-MW Mamba Ransomware Weaponizing DiskCryptor
March 17, 2021 – 20210307-001 Business Email Compromise Actors Targeting State, Local, Tribal, and Territorial Governments, Straining Resources
March 10, 2021 – AA21-069A Joint Cybersecurity Advisory: Compromise of Microsoft Exchange Server
March 10, 2021 – 210310-001 Malicious Actors Almost Certainly Will Leverage Synthetic Content for Cyber and Foreign Influence Operations

Kentucky Department of Financial Institutions

Jan. 13, 2021 – DFI Reminds Firms to Contact Regulators with Issues Related to SolarWinds Breach

Cyber Unified Coordination Group

U.S. Cybersecurity & Infrastructure Security Agency (CISA)

StopRansomware.gov
Ransomware Guidance and Resources
Sept. 15, 2021 – Zoho Releases Security Update for ADSelfService Plus
Sept. 7, 2021 – Microsoft Releases Mitigations and Workarounds for CVE-2021-40444
Aug. 27, 2021 – Microsoft Azure Cosmos DB Guidance
Aug. 21, 2021 – Urgent: Protect Against Active Exploitation of ProxyShell Vulnerabilities
Revised Aug. 4, 2021 | Original July 28, 2021 – Alert (AA21-209A) Top Routinely Exploited Vulnerabilities
July 27, 2021 – Microsoft Releases Guidance for Mitigating PetitPotam NTLM Relay Attacks
July 21, 2021 –
July 6, 2021 – CISA-FBI Guidance for MSPs and their Customers Affected by the Kaseya VSA Supply-Chain Ransomware Attack
May 14, 2021 – Emergency Directive (ED) 21-01 Supplemental Direction Version 4: Mitigate SolarWinds Orion Code Compromise
May 14, 2021 – Analysis Report (AR21-134AA) Eviction Guidance for Networks Affected by the SolarWinds and Active Directory/M365 Compromise
Revised May 14, 2021 | Original March 9, 2021 – Remediating Networks Affected by the SolarWinds and Active Directory/M365 Compromise
May 7 2021 – Fact Sheet: Russian SVR Activities Related to SolarWinds Compromise
May 11, 2021 – Alert (AA21-131A) Darkside Ransomware: Best Practices for Preventing Business Disruption from Ransomware Attacks
Revised April 21, 2021 | Original April 20, 2021 – Alert (AA21-110A) Exploitation of Pulse Connect Secure Vulnerabilitie
April 15, 2021 | Malware Analysis Report (AR21-105A) MAR-10327841-1.v1 - SUNSHUTTLE
Revised April 15, 2021 | Original Jan. 8, 2021 – Alert (AA21-008A) Detecting Post-Compromise Threat Activity in Microsoft Cloud Environments
Revised April 14, 2021 | Original March 3, 3031 –Alert (AA21-062A) Mitigate Microsoft Exchange Server Vulnerabilities
April 13, 2021 – 21-02 Mitigate Microsoft Exchange Server Vulnerabilities: Supplement Direction Version 2
March 31, 2021 – 21-02 Mitigate Microsoft Exchange Server Vulnerabilities: Supplemental Direction
Revised March 31, 2021 Original March 2, 2021- AA21-062A - Mitigate Microsoft Exchange Server Vulnerabilities
March 10, 2021 – AA21-069A Joint Cybersecurity Advisory: Compromise of Microsoft Exchange Server
March 9, 2021 CISA Insights: Remediating Networks Affected by the SolarWinds and Active Directory/M365 Compromise: Risk Decisions for Leaders
March 8, 2021 – Remediating Microsoft Exchange Vulnerabilities
March 5, 2021 – Microsoft Releases Alternative Mitigations for Exchange Server Vulnerabilities
March 2021 – Mitigate Microsoft Exchange On-Premises Product Vulnerabilities
Supply Chain Compromise
Feb. 8, 2021 – Malware Analysis Report (AR21-039B) – MAR-103201115-1.v1 - TEARDROP
Feb. 8, 2021 – Malware Analysis Report (AR21-039A) – MAR-10318845-1.v1 - SUNBURST
Jan. 27, 2021 – Malware Analysis Report (AR21-021-027A) – MAR-10319053-1.v1 - Supernova
Revised Jan. 7, 2021 | Original Dec. 17, 2021 – Alert (AA20-352A) Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations
Revised Jan. 6, 2021 | Original Dec. 13, 2020 – CISA Issues Emergency Directive to Mitigate the Compromise of Solarwinds Orion Network Management Products</a>
Dec. 2020 What Every Leader Needs to Know about the Ongoing APT Cyber Activity

National Security Agency (NSA)

Dec. 17, 2020 – NSA Cybersecurity Advisory: Malicious Actors Abuse Authentication Mechanisms to Access Cloud Resources
Infographic
Abridged Version
Full Advisory

July 10, 2021 – Serv-U Remote Memory Escape Vulnerability
SolarWinds Security Advisory

Microsoft Blog

March 15, 2021 – One-Click Microsoft Exchange On-Premises Mitigation Tool – March 2021
March 2, 2021 – New Nation-State Cyberattacks

Microsoft Security Response Center

July 27, 2021 – KB5005413: Mitigating NTLM Relay Attacks on Active Directory Certificate Services
March 5, 2021 – Multiple Security Updates Released for Exchange Server
March 2, 2021 – HAFNIUM Targeting Exchange Servers with 0-day Exploits
Updated Feb. 5, 2021 – Solorigate Resource Center
Revised Dec. 21, 2020 | Original Dec. 13, 2020 – Customer Guidance on Recent Nation-State Cyber Attacks
Dec. 13, 2020 – Important Steps for Customers to Protect Themselves from Recent Nation-State Cyberattacks

QUICK LINKS

VISIT OTHER PPC AGENCIES