Greetings,

Recently, the FBI released its latest Private Industry Notification (PIN) describing how cyberattacks targeting network servers used by first responders could impact operational response and increase safety risks to personnel.  These attacks could disrupt access to critical data, increase call response times, and create cascading damage throughout the networks of state or local public safety agencies.  Such attacks have the potential to impact connectivity for office-based personnel and the safety of those in the field who rely on connected technologies for information.  The FBI’s recommended mitigations include:

Ensure software and operating systems are updated regularly

Patch operating systems, software, firmware, and endpoints as vulnerabilities are discovered

Maintain regular data back-ups that are separate from the network, and verify the integrity of the back-ups

Verify cybersecurity of devices before connecting them to the network or to vehicle area networks in the field

Please see the attached PDF for detailed threat overview and additional recommended mitigations.

In addition, we want to remind you that Microsoft recently released April 2021 security updates to mitigate significant vulnerabilities affecting on-premises Exchange Server 2013, 2016, and 2019.  CISA strongly urges organizations to apply Microsoft's April 2021 Security Update to mitigate against newly disclosed vulnerabilities as an attacker could gain access and maintain persistence on the target host.

For more directions on the updates, please visit the hyperlinks above.  We strongly encourage you to sign up for US-CERT alerts at us-cert.cisa.gov to receive timely, important updates.  Visit cisa.gov/publication/communications-resiliency for additional cyber and communications resiliency resources.