For CIRMA Liability-Auto-Property pool members:
All Cyber Liability incidents should be reported immediately to Cynthia Mancini, Liability-Auto-Property Claims Manager at:
Business: 203-498-3019 Cell: 203-804-5917 (For After-Hours Emergencies) Email: cmancini@ccm-ct.org- Additional contact is Sherri Adams, Liability-Auto-Property Claims Manager, at 203-946-3752.
CIRMA places a comprehensive Cyber Insurance program through an A.M. Best A rated carrier for our Liability-Auto-Property (LAP) Pool Members to help protect them in the event of a cyber event. CIRMA LAP Pool Members have access to liability coverage, forensics investigation and breach management services from best-in-class breach responders with experience in computer forensics, data breach notification, credit and ID monitoring, and legal counsel. View the flyer
CIRMA has also developed a number of risk management resources, including regional training programs and E-Learning Center training, Cybersecurity whitepaper, and Cyber Security Resources Best Practices Guide to help our members manage this risk. CIRMA's Cyber News & Alerts service provides IT departments and municipal and school leaders current cyber alerts from MS-ISAC, the Multi State Information Sharing and Analysis Center and U.S. Homeland Security. > Click here to SUBSCRIBE to CIRMA's Cyber News and Alerts Today!
The Cyber Disruption Response Plan will be incorporated as an annex to the State Response Framework, and is a roadmap for state, local, and private sector entities on how and when to report a cyber incident, as well as an outline of emergency response actions to be taken depending on the severity of the disruption and its potential impact on the state and its communities. The CDRP is a companion document to the Cyber Incident Response Plan, which outlines specific technical response actions. The Quick Reference Guide consists of two charts found in the CDRP, and is intended to provide readily available guidance in a fast moving incident. The Communications Flow Matrix outlines the flow of information in situations that are likely to affect public health, safety, or confidence. It is recommended that you add contact information for the key partners to whom you would report a cyber incident, including the CT Intelligence Center, which can be reached at CTIC@ct.gov. The Cyber Security Threat Level Matrix is a summary of the five distinct cyber threat levels, and provides general guidance regarding the communication and anticipated response activities for each of the levels. The CDRP provides more detailed response actions for each threat level. Cyber Security Response PlanCyber Response Quick Response Quick Reference
New Election Security Resources
The Center for Internet Security released A Handbook for Elections Infrastructure Security aimed at providing a tool for both election officials and their technical staff. The handbook is broken into three parts that address the risks to elections infrastructure, the architecture of elections systems, and security best practices and controls. The best practices and controls take into account associated implementation costs and are tiered according to asset class (Device, Process, Software, User), priority (high and medium), and the applicable CIS Control(s). The handbook also provides security best practice examples from state and local organizations, as well as procurement guidance and links to additional security resources. For assistance implementing these recommendations and best practices, CIS provides an Excel worksheet to guide technical staff through the process.
CYBER SECURITY WEBINARS
CIRMA Cyber Webinar Series: PHISHING> Click here to view the WEBINAR According to experts, local public entities are often specifically targeted for cyber-attacks due to the vulnerable and open nature of their operations. Cyber-attacks, data theft, ransomware, spoofing, and phishing incidents are escalating in type, number, and creativity -- with cyber criminals exploiting human nature as much as the technical vulnerabilities of hardware and software systems. The CIRMA Cyber Webinar Series will address each of the most common forms of cyber-attacks affecting Connecticut municipalities, beginning with phishing attacks.
CIRMA Cyber Webinar Series: SOCIAL ENGINEERING> click here to view the WEBINAR Social Engineering is quickly becoming one of the leading forms of manipulation by cyber criminals. Through social engineering cyber criminals take advantage of human interaction to use personal information to gain your trust. With the vulnerability of local public entities due to the open nature of their operations, it is ever so important to be educated on the type of information you put on the web that could end in you being a target for a cyber-attack. This final segment of the CIRMA Cyber Webinar Series will help you to tighten up your personal accounts and bring tips on how to recognizing false communication to help to avoid your networks being compromised.
CYBERSECURITY RESOURCES & BULLETINS
Federal Bureau of Investigation - Public Service Announcement12-15-20 - Transition to Distance Learning Creates Opportunities for Cyber Actors to Disrupt Instruction and Steal Data
U.S. Department of Homeland Security - CISA Cyber + Infrastructure
New Jersey Cybersecurity & Communications Integration Cell (NJCCIC):
Multi-State Information Sharing and Analysis Center (MS-ISAC):
Cybersecurity and Infrastructure Security Agency (CISA):
01-21-22 - A Backdoor in WordPress AccessPress Plugins and Themes Could Allow an Attacker Access to a Targeted Website
01-19-22 - CISA Urges Organizations to Implement Immediate Cybersecurity Measures to Protect Against Potential Threats
01-11-22 - Critical Patches Issued for Microsoft Products, January 11, 2022 - PATCH NOW
12-22-21 - CISA Current Activity: Mitigating Log4Shell and Other Log4j-Related Vulnerabilities
12-20-21 - A Vulnerability in Apache Log4j Could Allow for Arbitrary Code Execution - PATCH: NOW - UPDATED December 20, 2021
12-14-21 - Critical Patches Issued for Microsoft Products, December 14, 2021 - PATCH: NOW
12-14-21 - CISA Creates Webpage for Apache Log4j Vulnerability CVE-2021-44228
12-10-21 - Current Activity: A Vulnerability in Apache Log4j Could Allow for Arbitrary Code Execution, PATCH NOW
12-02-21 - APT Actors Exploiting CVE-2021-44077 in Zoho ManageEngine ServiceDesk Plus (AA21-336A)
11-23-21 - Reminder for Critical Infrastructure to Stay Vigilant Against Threats During Holidays and Weekends
11-17-21 - Iranian Government-Sponsored APT Cyber Actors Exploiting Microsoft Exchange and Fortinet Vulnerabilities
11-12-21 - A Vulnerability in Palo Alto PAN-OS Could Allow for Arbitrary Code Execution
11-09-21 - Critical Patches Issued for Microsoft Products, November 9, 2021 - PATCH NOW
10-29-21 - A Vulnerability in Cisco Adaptive Security Appliance and Firepower Threat Defense Could Allow for Security Bypass, October 29, 2021 - PATCH NOW
10-12-21 - Critical Patches Issued for Microsoft Products, October 12, 2021 - PATCH NOW
09-14-21 - Critical Patches Issued for Microsoft Products, September 14, 2021 - PATCH NOW
09-14-21 - Multiple Vulnerabilities in Apple Products Could Allow for Remote Code Execution, PATCH NOW
08-23-21 - Critical Patches Issued for Microsoft Products, May 11, 2021 - PATCH NOW - UPDATED 08/23/21
08-10-21 - Critical Patches Issued for Microsoft Products, August 10, 2021 - PATCH NOW
07-21-21 - Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution
07-19-21 - U.S. Government Releases Indictment and Several Advisories Detailing Chinese Cyber Threat Activity
07-14-21 - Critical Patches Issued for Microsoft Products, July 13, 2021 - PATCH NOW
07-07-21 - CISA Current Activity: Microsoft Releases Out-of-Band Security Updates for PrintNightmare
07-02-21 - CISA Current Activity: NSA-CISA-NCSC-FBI Joint Cybersecurity Advisory on Russian GRU Brute Force Campaign
07-02-21 - Critical Patches Issued for Microsoft Products, June 8, 2021 - UPDATED June 30, 2021
To receive the Green Alerts listed below, please email Jacqueline Smith, Marketing & Creative Design Associate, at jsmith@ccm-ct.org
01-18-22- Malware IPs and Domains Observed by MS-ISAC
01-10-22- Malware IPs and Domains Observed by MS-ISAC
12-06-21 - Malware IPs and Domains Observed by MS-ISAC
11-22-21 - Malware IPs and Domains Observed by MS-ISAC
11-15-21 - Malware IPs and Domains Observed by MS-ISAC
11-08-21 - Malware IPs and Domains Observed by MS-ISAC
11-02-21 - Malware IPs and Domains Observed by MS-ISAC
10-25-21 - Malware IPs and Domains Observed by MS-ISAC
10-18-21 - Malware IPs and Domains Observed by MS-ISAC
10-12-21 - Malware IPs and Domains Observed by MS-ISAC
10-07-21 - MS-ISAC Short Form Analytic Report (SFAR): Ransomware Group “54bb47h Team” Infecting K-12 Schools
10-03-21 - Malware IPs and Domains Observed by MS-ISAC
09-27-21 - Malware IPs and Domains Observed by MS-ISAC
09-20-21 - Malware IPs and Domains Observed by MS-ISAC
09-13-21 - Malware IPs and Domains Observed by MS-ISAC
09-07-21 - Malware IPs and Domains Observed by MS-ISAC
08-30-21 - Malware IPs and Domains Observed by MS-ISAC
08-16-21 - Malware IPs and Domains Observed by MS-ISAC
08-09-21 - Malware IPs and Domains Observed by MS-ISAC
08-03-21 - Malware IPs and Domains Observed by MS-ISAC
07-26-21 - Malware IPs and Domains Observed by MS-ISAC
07-19-21 - Malware IPs and Domains Observed by MS-ISAC
07-12-21 - Malware IPs and Domains Observed by MS-ISAC
07-06-21 - Malware IPs and Domains Observed by MS-ISAC
CIRMA Cyber Security Whitepaper
Cyber Security - PDF
CIRMA's E-Learning Center Program
How to get started
Visit the CIRMA E-Learning Center to log in and take the courses. CIRMA offers online training courses on a wide variety of topics. If you are not currently registered, please email your contact information to Martin Connelly at mconnelly@ccm-ct.org or call 203-946-3743.
Download The Many Faces of Cybercrimes (pdf)