DEPARTMENT OF FINANCIAL INSTITUTIONS

COVID-19 Alert - For the latest information on the novel coronavirus in Kentucky, please visit kycovid19.ky.gov

DEPARTMENT OF FINANCIAL INSTITUTIONS

Cybersecurity Resources

The resources below relate to recent cybersecurity attacks and related issues. The Department of Financial Institutions urges all regulated entities and individuals to stay abreast of developments related to these attacks and any implications they may have for your business. DFI will update this page as new resources become available.

Last Updated April 15, 2021

April 6, 2021 - Active Cyberattacks on Mission-Critical SAP Applications

FBI

March 23, 2021 – CU-000143-MW Mamba Ransomware Weaponizing DiskCryptor
March 17, 2021 – 20210307-001 Business Email Compromise Actors Targeting State, Local, Tribal, and Territorial Governments, Straining Resources
March 10, 2021 – AA21-069A Joint Cybersecurity Advisory: Compromise of Microsoft Exchange Server
March 10, 2021 – 210310-001 Malicious Actors Almost Certainly Will Leverage Synthetic Content for Cyber and Foreign Influence Operations

Kentucky Department of Financial Institutions

Jan. 13, 2021 – DFI Reminds Firms to Contact Regulators with Issues Related to SolarWinds Breach

Cyber Unified Coordination Group

U.S. Cybersecurity & Infrastructure Security Agency (CISA)

Ransomware Guidance and Resources
Revised April 15, 2021 | Original Jan. 8, 2021 – Alert (AA21-008A) Detecting Post-Compromise Threat Activity in Microsoft Cloud Environments
Revised April 14, 2021 | Original March 3, 3031 –Alert (AA21-062A) Mitigate Microsoft Exchange Server Vulnerabilities
April 13, 2021 – 21-02 Mitigate Microsoft Exchange Server Vulnerabilities: Supplement Direction Version 2
March 31, 2021 – 21-02 Mitigate Microsoft Exchange Server Vulnerabilities: Supplemental Direction
Revised March 31, 2021 Original March 2, 2021- AA21-062A - Mitigate Microsoft Exchange Server Vulnerabilities
March 10, 2021 – AA21-069A Joint Cybersecurity Advisory: Compromise of Microsoft Exchange Server
March 9, 2021 – Remediating Networks Affected by the SolarWinds and Active Directory/M365 Compromise
March 9, 2021 – CISA Insights: Remediating Networks Affected by the SolarWinds and Active Directory/M365 Compromise: Risk Decisions for Leaders
March 8, 2021 – Remediating Microsoft Exchange Vulnerabilities
March 5, 2021 – Microsoft Releases Alternative Mitigations for Exchange Server Vulnerabilities
March 2021 – Mitigate Microsoft Exchange On-Premises Product Vulnerabilities
Supply Chain Compromise
Feb. 8, 2021 – Malware Analysis Report (AR21-039B) – MAR-103201115-1.v1 - TEARDROP
Feb. 8, 2021 – Malware Analysis Report (AR21-039A) – MAR-10318845-1.v1 - SUNBURST
Jan. 27, 2021 – Malware Analysis Report (AR21-021-027A) – MAR-10319053-1.v1 - Supernova
Revised Jan. 7, 2021 | Original Dec. 17, 2021 – Alert (AA20-352A) Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations
Revised Jan. 6, 2021 | Original Dec. 13, 2020 – CISA Issues Emergency Directive to Mitigate the Compromise of Solarwinds Orion Network Management Products</a>
Dec. 2020 What Every Leader Needs to Know about the Ongoing APT Cyber Activity

National Security Agency (NSA)

Dec. 17, 2020 – NSA Cybersecurity Advisory: Malicious Actors Abuse Authentication Mechanisms to Access Cloud Resources

SolarWinds Security Advisory

Microsoft Blog

March 15, 2021 – One-Click Microsoft Exchange On-Premises Mitigation Tool – March 2021
March 2, 2021 – New Nation-State Cyberattacks

Microsoft Security Response Center

March 5, 2021 – Multiple Security Updates Released for Exchange Server
March 2, 2021 – HAFNIUM Targeting Exchange Servers with 0-day Exploits
Updated Feb. 5, 2021 – Solorigate Resource Center
Revised Dec. 21, 2020 | Original Dec. 13, 2020 – Customer Guidance on Recent Nation-State Cyber Attacks
Dec. 13, 2020 – Important Steps for Customers to Protect Themselves from Recent Nation-State Cyberattacks

QUICK LINKS

VISIT OTHER PPC AGENCIES