The FBI’s Washington Field Office has launched a cybersecurity awareness campaign to warn government and private sector organizations in the National Capital Region about increased cyber threats. As the seat of the U.S. government and the home of many businesses, nonprofits, and think tanks, the Washington metropolitan area is a target-rich environment for cyber attacks. The FBI encourages organizations of all sizes to partner with their local FBI office before a cyber incident occurs. The campaign will run from June through September 2022 and will include media engagements, a social media campaign, and presentations to local industry groups.
“When organizations in the National Capital Region partner with the FBI’s Washington Field Office, we can share intelligence, threat trends, and actionable guidance to strengthen their defenses against cybersecurity attacks,” said Wayne A. Jacobs, special agent in charge of the FBI Washington Field Office’s Criminal and Cyber Division. “When a cybersecurity incident does occur, we can respond quickly and effectively to investigate the attack, identify the criminal actors, and help mitigate the damage of the intrusion. Cyber risk is business risk, and cyber security is national security. We all need to work together to strengthen our country’s cyber defenses.”
Current Cyber Threats
- Critical Infrastructure Attacks: The private sector controls most of the country’s critical infrastructure, intellectual property, and personal data, making large businesses and small corporations targets of cyber attacks. In 2021, America’s critical infrastructure experienced an unprecedented increase in cyber attacks. While nation-state threats remain the most significant threat to critical infrastructure because of their persistence, sophistication, and potential for destructive intent, ransomware attacks by cyber criminals have already targeted U.S. critical infrastructure, including emergency services, hospitals, and the energy sector.
- Ransomware: Ransomware is a type of malicious software that cyber criminals and nation-state actors often deploy after they have hacked into a victim’s computer to encrypt their data. These bad actors then demand payment of a ransom to unlock the encrypted data. The FBI has observed ransomware attacks become more targeted and has seen the ransoms increase significantly in recent years. While the perpetrators of these attacks would typically demand a few hundred dollars in the mid-2000s, some—including those behind the REvil ransomware variant—now use a sliding scale based on the annual revenue of the victim organizations. When a ransomware incident occurs, swift communication with the FBI could positively impact data recovery efforts. Through victim engagements, the FBI develops a greater understanding of the different variants and ransomware groups to the benefit of future victims.
- Supply Chain Attacks: A business’ cybersecurity is only as strong as that of its trusted vendors. The FBI warns companies that supply chains are increasingly a point of vulnerability for computer intrusions.
Partnering with the FBI Washington Field Office
The most vital step a company or organization can take to protect itself is to implement good cyber-hygiene practices. As a company or entity strengthens its cybersecurity, the FBI highly recommends engaging with the local FBI field office. Meeting with the FBI before a compromise helps companies understand the potential threats specific to that company. It also provides an understanding of how the FBI protects the confidentiality of victims as we partner with them to determine the severity of a compromise, provide information to help prevent re-infection, and to identify hackers. As the only U.S. government agency with both law enforcement and intelligence capabilities, the FBI is an indispensable partner that provides around-the-clock support to victims. Partnering with the FBI connects businesses with our network of domestic and foreign counterparts and private sector partners.
FBI cyber experts not only help respond to cyber attacks but can also try to help prevent them. They can share information with companies about current cyber threats, network vulnerabilities, and recommended mitigations, and discuss crucial elements of an effective incident response plan.
When a victim reports a compromise, FBI agents help the organization’s network defenders pinpoint malicious cyber activity, share intelligence to help leaders make decisions during a crisis, and help prevent more damage. Our experts work with victims to arrest and prosecute cyber criminals as well as target the infrastructure the criminals used to conduct their attacks to prevent them from continuing to inflict damage. The FBI also has specialty teams whose aim is to freeze and seize the money cybercriminals steal from their victims.
Organizations in Washington, D.C., and Northern Virginia can call 202-278-2000 to connect with FBI WFO cyber squads or to report compromises. Those located outside of the Washington metropolitan area can visit https://www.fbi.gov/contact-us/field-offices to find the FBI office closest to them.
In addition to partnering with your local FBI office, companies should also take the following preventive steps:
- Update and patch operating systems and software.
- Implement robust access controls, especially for privileged users.
- Monitor security logs.
- Audit trusted third parties or others with access to systems and sensitive data.
- Require personnel to choose a strong, unique password for each account and use multifactor authentication for as many services as possible. Passwords should be changed regularly.
- Educate personnel about phishing schemes to highlight the risks of clicking on suspicious links, opening suspicious attachments, and visiting suspicious websites.
- Keep offline backups of data, and regularly test backup and restoration capabilities. Ensure all backup data is encrypted and immutable.
- Develop a cybersecurity incident response plan that includes the FBI. If compromised, contact the FBI immediately.
- If you believe someone has compromised your systems, beware of signs of compromises such as broken passwords, myriad pop-ups, slow-running devices, altered system settings, or unexplained online activity.