DEPARTMENT OF FINANCIAL INSTITUTIONS

Cybersecurity Resources

The resources below relate to recent cybersecurity attacks and related issues. The Department of Financial Institutions urges all regulated entities and individuals to stay abreast of developments related to these attacks and any implications they may have for your business. DFI will update this page as new resources become available.

Last Updated Nov. 24, 2021

Financial Crimes Enforcement Network (FinCEN)

Nov. 8, 2021 – FinCen Advisory FIN-2021-A004, Advisory or Ransomware and the Use of the Financial System to Facilitate Ransom Payments
Oct. 15, 2021 – FinCen Issues Report on Ransomware Trends in Bank Secrecy ACT Data

Join Cybersecurity Advisories (Various Agencies)

Oct. 18, 2021 – Join Advisory: BlackMatter Ransomware
Sept. 22, 2021 – (Alert AA21-265A) Joint Advisory: Conti Ransomware
May 7, 2021 – Joint Advisory: Further TTPs Associated with SVR Cyber Actors

U.S. Department of Homeland Security

July 21, 2021 – 2021 Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Weaknesses

Onapsis</strong>

April 6, 2021 - Active Cyberattacks on Mission-Critical SAP Applications

FBI

Nov. 16, 2021 – An APT Group Exploiting a 0-day in Fat Pipe WARP, MPVPN, and IPVPN Software
Nov. 1, 2021 – Ransomware Actors Use Significant Financial Events and Stock Valuation to Facilitate Targeting and Extortion of Victims
Oct. 25, 2021 – CU-0013-MW Indicators of Compromise Associated with Ranzy Locker Ransomware
Aug. 25, 2021 – MC-000-150-MW Indicators of Compromise Associated with Hive Ransomware
Aug. 23, 2021 – CU-000149-MW Indicators of Compromise Associated with OnePercent Ransomware
July 28, 2021 – AA21-209A Top Routinely Expolited Vulnerabilities
March 23, 2021 – CU-000143-MW Mamba Ransomware Weaponizing DiskCryptor
March 17, 2021 – 20210307-001 Business Email Compromise Actors Targeting State, Local, Tribal, and Territorial Governments, Straining Resources
March 10, 2021 – AA21-069A Joint Cybersecurity Advisory: Compromise of Microsoft Exchange Server
March 10, 2021 – 210310-001 Malicious Actors Almost Certainly Will Leverage Synthetic Content for Cyber and Foreign Influence Operations

Kentucky Department of Financial Institutions
Jan. 13, 2021 – DFI Reminds Firms to Contact Regulators with Issues Related to SolarWinds Breach
Cyber Unified Coordination Group
Jan. 5, 2021 – Joint Statement by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Office of the Director of National Intelligence (ODNI)
Dec. 16, 2020 – Joint Statement by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Office of the Director of National Intelligence (ODNI)
U.S. Cybersecurity & Infrastructure Security Agency (CISA)
StopRansomware.gov
Ransomware Guidance and Resources
Nov. 17, 2021 – Iranian Government Sponsored APT Cyber Actors Exploiting Microsoft Exchange and Fortinet Vulnerabilities in Furtherance of Malicious Activities
Nov. 16, 2021 – Google Releases Security Update for Chrome
Nov. 12, 2021 – CISA Releases Advisory on Vulnerabilities in Multiple Data Distribution Service Implementations
Nov. 8, 2021 – Apple Releases Security Update for iCloud on Windows 13
Nov. 3, 2021 – FBI Releases PIN on Attacks Using Significant Financial Events for Extortion
Nov. 3, 2021 – Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird
Oct. 29, 2021 – Google Releases Security Updates for Chrome
Oct. 29, 2021 – GoCD Authentication Vulnerability
Oct. 27, 2021 – Adobe releases security updates for multiple products
Oct. 27, 2021 – FBI Releases Indicators of Compromise Associated with Ranzy Locker Ransomware
Oct. 27, 2021 – Apple Releases Security Updates for Multiple Products
Oct. 25, 2021 – NOBELLIUM Attacks Cloud Services and Other Technologies
Oct. 20, 2021 – Google Releases Security Updates for Chrome
Oct. 19, 2021 – Oracle Releases October 2021 Critical Patch Update
Oct. 12, 2021 – Apple Releases Security Update to Address CVE-2021-30883
Oct. 12, 2021 – Adobe Releases Security Updates for Multiple Products
Oct. 12, 2021 – Microsoft Releases October 2021 Security Updates
Sept. 23, 2021 – Apple Releases Security Updates
Sept. 22, 2021 – (Alert AA21-265A) Joint Advisory: Conti Ransomware
Sept. 22, 2021 – Google Releases Security Updates for Chrome
Sept. 21, 2021 – Apple Releases Security Updates for Multiple Products
Sept. 21, 2021 – NETGEAR Releases Security Updats for RCE Vulnerability
Sept. 15, 2021 – Zoho Releases Security Update for ADSelfService Plus
Sept. 14, 2021 – Microsoft Releases September 2021 Security Updates
Sept. 14, 2021 – SAP Releases September 2021 Security Updates
Sept. 14, 2021 – Adobe Releases Security Updates for Multiple Products
Sept. 7, 2021 – Microsoft Releases Mitigations and Workarounds for CVE-2021-40444
Aug. 27, 2021 – Microsoft Azure Cosmos DB Guidance
Aug. 21, 2021 – Urgent: Protect Against Active Exploitation of ProxyShell Vulnerabilities
Revised Aug. 4, 2021 | Original July 28, 2021 – Alert (AA21-209A) Top Routinely Exploited Vulnerabilities
July 27, 2021 – Microsoft Releases Guidance for Mitigating PetitPotam NTLM Relay Attacks
July 21, 2021 –
July 6, 2021 – CISA-FBI Guidance for MSPs and their Customers Affected by the Kaseya VSA Supply-Chain Ransomware Attack
May 14, 2021 – Emergency Directive (ED) 21-01 Supplemental Direction Version 4: Mitigate SolarWinds Orion Code Compromise
May 14, 2021 – Analysis Report (AR21-134AA) Eviction Guidance for Networks Affected by the SolarWinds and Active Directory/M365 Compromise
Revised May 14, 2021 | Original March 9, 2021 – Remediating Networks Affected by the SolarWinds and Active Directory/M365 Compromise
May 7 2021 – Fact Sheet: Russian SVR Activities Related to SolarWinds Compromise
May 11, 2021 – Alert (AA21-131A) Darkside Ransomware: Best Practices for Preventing Business Disruption from Ransomware Attacks
Revised April 21, 2021 | Original April 20, 2021 – Alert (AA21-110A) Exploitation of Pulse Connect Secure Vulnerabilities
April 15, 2021 | Malware Analysis Report (AR21-105A) MAR-10327841-1.v1 - SUNSHUTTLE
Revised April 15, 2021 | Original Jan. 8, 2021 – Alert (AA21-008A) Detecting Post-Compromise Threat Activity in Microsoft Cloud Environments
Revised April 14, 2021 | Original March 3, 3031 –Alert (AA21-062A) Mitigate Microsoft Exchange Server Vulnerabilities
April 13, 2021 – 21-02 Mitigate Microsoft Exchange Server Vulnerabilities: Supplement Direction Version 2
March 31, 2021 – 21-02 Mitigate Microsoft Exchange Server Vulnerabilities: Supplemental Direction
Revised March 31, 2021 Original March 2, 2021- AA21-062A - Mitigate Microsoft Exchange Server Vulnerabilities
March 10, 2021 – AA21-069A Joint Cybersecurity Advisory: Compromise of Microsoft Exchange Server
March 9, 2021 CISA Insights: Remediating Networks Affected by the SolarWinds and Active Directory/M365 Compromise: Risk Decisions for Leaders
March 8, 2021 – Remediating Microsoft Exchange Vulnerabilities
March 5, 2021 – Microsoft Releases Alternative Mitigations for Exchange Server Vulnerabilities
March 2021 – Mitigate Microsoft Exchange On-Premises Product Vulnerabilities
Supply Chain Compromise
Feb. 8, 2021 – Malware Analysis Report (AR21-039B) – MAR-103201115-1.v1 - TEARDROP
Feb. 8, 2021 – Malware Analysis Report (AR21-039A) – MAR-10318845-1.v1 - SUNBURST
Jan. 27, 2021 – Malware Analysis Report (AR21-021-027A) – MAR-10319053-1.v1 - Supernova
Revised Jan. 7, 2021 | Original Dec. 17, 2021 – Alert (AA20-352A) Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations
Revised Jan. 6, 2021 | Original Dec. 13, 2020 – CISA Issues Emergency Directive to Mitigate the Compromise of Solarwinds Orion Network Management Products
Dec. 2020 What Every Leader Needs to Know about the Ongoing APT Cyber Activity
National Security Agency (NSA)
Dec. 17, 2020 – NSA Cybersecurity Advisory: Malicious Actors Abuse Authentication Mechanisms to Access Cloud Resources
Infographic
Abridged Version
Full Advisory
SolarWinds
July 10, 2021 – Serv-U Remote Memory Escape Vulnerability
SolarWinds Security Advisory
Microsoft Blog
Oct. 25, 2021– NOBELLIUM Targeting Delegated Administrative Priviliges to Facilitate Broader Attacks
March 15, 2021 – One-Click Microsoft Exchange On-Premises Mitigation Tool – March 2021
March 2, 2021 – New Nation-State Cyberattacks
Microsoft Security Response Center
July 27, 2021 – KB5005413: Mitigating NTLM Relay Attacks on Active Directory Certificate Services
March 5, 2021 – Multiple Security Updates Released for Exchange Server
March 2, 2021 – HAFNIUM Targeting Exchange Servers with 0-day Exploits
Updated Feb. 5, 2021 – Solorigate Resource Center
Revised Dec. 21, 2020 | Original Dec. 13, 2020 – Customer Guidance on Recent Nation-State Cyber Attacks
Dec. 13, 2020 – Important Steps for Customers to Protect Themselves from Recent Nation-State Cyberattacks
FireEye
UNC2452 and Sunburst Resource Center
Dec. 13, 2020 – Threat Research: Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor

QUICK LINKS