March 19, 2021
We are sharing the attached Federal Bureau of Investigation (FBI) Private Industry Notification with you to raise awareness of the increases in business email compromise actors targeting state, local, tribal, and territorial (SLTT) government entities. Public safety organizations could be at risk as SLTT government administrative and IT systems are typically tightly coupled with public safety systems.
From 2018 through 2020, the FBI observed increases in business email compromise actors targeting SLTT government entities for financial gain due to vulnerability exploitation and transparency requirements. The COVID-19 pandemic exacerbated these challenges as SLTT governments transferred to remote or virtual operations. These cyber criminals often use open source information about SLTT government entities and readily obtainable malicious cyber tools to increase their capabilities masquerade as a trusted partner or vendor.
These actors are targeting SLTT entities with spoofed emails, phishing attacks, vendor email compromise, and credential harvesting techniques to manipulate payment or direct deposit information. Please review the attached PDF for recommended general mitigations (e.g., educate personnel, be wary of unsolicited requests to verify account information) and IT administrator actions (e.g., encourage skeptical cyber posture among personnel, enable alerts for suspicious activities).
