<!DOCTYPE html>
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body dir="ltr">
<p>FYI from the Massachusetts Cybersecurity Program. Make sure that
your passwords are strong and up to date.</p>
<p><br>
</p>
<p>Thanks:</p>
<p><br>
</p>
<p>Chief Hall<br>
</p>
<div class="moz-forward-container"><br>
<br>
-------- Forwarded Message --------
<table class="moz-email-headers-table" cellspacing="0"
cellpadding="0" border="0">
<tbody>
<tr>
<th valign="BASELINE" nowrap="nowrap" align="RIGHT">Subject:
</th>
<td>MCP has received an increase in reports of password
spraying attacks targeting public-facing municipal
networks</td>
</tr>
<tr>
<th valign="BASELINE" nowrap="nowrap" align="RIGHT">Date: </th>
<td>Tue, 12 Mar 2024 18:07:43 +0000</td>
</tr>
<tr>
<th valign="BASELINE" nowrap="nowrap" align="RIGHT">From: </th>
<td>Davine, Jon (DFS) <a class="moz-txt-link-rfc2396E" href="mailto:Jon.Davine@mass.gov"><Jon.Davine@mass.gov></a></td>
</tr>
<tr>
<th valign="BASELINE" nowrap="nowrap" align="RIGHT">To: </th>
<td>Davine, Jon (DFS) <a class="moz-txt-link-rfc2396E" href="mailto:Jon.Davine@mass.gov"><Jon.Davine@mass.gov></a></td>
</tr>
</tbody>
</table>
<br>
<br>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style type="text/css" style="display:none;">P {margin-top:0;margin-bottom:0;}</style>
<div class="elementToProof"
style="font-family: "Times New Roman", Times, serif; color: rgb(0, 0, 0);">
<span
style="font-family: "Segoe UI", "Segoe UI Web (West European)", "Helvetica Neue", sans-serif; font-size: 11pt;">Chiefs
-</span></div>
<div class="elementToProof"
style="font-family: "Times New Roman", Times, serif; color: rgb(0, 0, 0);">
<span
style="font-family: "Segoe UI", "Segoe UI Web (West European)", "Helvetica Neue", sans-serif; font-size: 11pt;"><br>
</span></div>
<div class="elementToProof"
style="font-family: "Times New Roman", Times, serif; color: rgb(0, 0, 0);">
<span
style="font-family: "Segoe UI", "Segoe UI Web (West European)", "Helvetica Neue", sans-serif; font-size: 11pt;">Forwarding
the following from the Fusion Center </span></div>
<div class="elementToProof"
style="font-family: "Times New Roman", Times, serif; color: rgb(0, 0, 0);">
<span
style="font-family: "Segoe UI", "Segoe UI Web (West European)", "Helvetica Neue", sans-serif; font-size: 11pt;"><br>
</span></div>
<div class="elementToProof"
style="font-family: "Times New Roman", Times, serif; color: rgb(0, 0, 0);">
<span
style="font-family: "Segoe UI", "Segoe UI Web (West European)", "Helvetica Neue", sans-serif; font-size: 11pt;">Thank
you,</span></div>
<div class="elementToProof"
style="font-family: "Times New Roman", Times, serif; color: rgb(0, 0, 0);">
<span
style="font-family: "Segoe UI", "Segoe UI Web (West European)", "Helvetica Neue", sans-serif; font-size: 11pt;"><br>
</span></div>
<div
style="font-family: "Times New Roman", Times, serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div id="Signature">
<div
style="font-family: Calibri, Helvetica, sans-serif; font-size: 11pt; color: rgb(0, 0, 0);">
</div>
<table id="tableSelected0"
style="background-color: rgb(255, 255, 255); width: 652.734px; height: 144px; color: rgb(36, 36, 36); box-sizing: border-box; border-collapse: collapse; border-spacing: 0px;">
<tbody>
<tr>
<td
style="padding: 0in 5.4pt; vertical-align: top; width: 120.766px; height: 144px; box-sizing: border-box;">
<p
style="margin: 0in; font-family: Calibri, sans-serif; font-size: 11pt;"><span
style="color: rgb(36, 36, 36);"><img
alt="Logo
Description automatically generated"
style="width: 0.9479in; height: 0.9479in; min-width: auto; min-height: auto; margin: 0px;"
data-outlook-trace="F:1|T:1"
src="cid:part1.ybw0XcKt.2jkbN0Y3@holdenma.gov"
class="" width="90" height="90"></span></p>
</td>
<td
style="padding: 0in 5.4pt; vertical-align: top; width: 531.969px; height: 144px; box-sizing: border-box;">
<p
style="margin: 0in; font-family: Calibri, sans-serif; font-size: 11pt;"><span
style="color: rgb(36, 36, 36);"><b><i>Jon M. Davine</i></b></span></p>
<p
style="margin: 0in; font-family: Calibri, sans-serif; font-size: 11pt;"><span
style="color: rgb(36, 36, 36);">State Fire Marshal</span></p>
<p
style="margin: 0in; font-family: Calibri, sans-serif; font-size: 11pt;"><span
style="color: rgb(36, 36, 36);">Department of Fire
Services</span></p>
<p
style="margin: 0in; font-family: Calibri, sans-serif; font-size: 11pt;"><span
style="color: rgb(36, 36, 36);">1 State Rd., Stow,
MA 01775</span></p>
<p
style="margin: 0in; font-family: Calibri, sans-serif; font-size: 11pt;"><span
style="color: rgb(36, 36, 36);"><b>Office:</b> 978-567-3111</span></p>
<p
style="margin: 0in; font-family: Calibri, sans-serif; font-size: 11pt;"><span
style="color: rgb(36, 36, 36);"><b>Mobile</b>:
781-400-9074</span></p>
<div
style="margin: 0px 0in; font-family: Calibri, sans-serif; font-size: 11pt;">
<span style="color: rgb(36, 36, 36);"><br>
</span></div>
</td>
</tr>
</tbody>
</table>
<span
style="font-family: Calibri, Helvetica, sans-serif; font-size: 11pt; color: rgb(0, 0, 0);"><br>
</span></div>
<div class="elementToProof"
style="font-family: "Times New Roman", Times, serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div class="elementToProof"
style="font-family: "Times New Roman", Times, serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div dir="ltr" id="divRplyFwdMsg">
<div> </div>
</div>
<p><b>Bulletin Type:</b> Cyber</p>
<p><b>Status: </b> Closed</p>
<p><b>Narrative:</b> </p>
<p>The Massachusetts Cybersecurity Program has received an
increase in reports of password spraying attacks targeting
public-facing municipal network accounts, including VPNs, often
originating from foreign IP addresses. The Commonwealth Fusion
Center is providing this information for situational awareness
purposes.</p>
<p> </p>
<p>TLP:GREEN</p>
<p> </p>
<p>A <b>password spraying attack</b> is a type of brute force
attack where an attacker tries a small number of commonly used
passwords against a large number of user accounts. The goal is
to find accounts with weak passwords and gain unauthorized
access.</p>
<p> </p>
<p><b><i>To mitigate password spraying attacks, organizations can
implement the following measures:</i></b></p>
<p>1. Enforce strong password policies: Encourage users to choose
complex and unique passwords that are difficult to guess.</p>
<p>2. By implementing MFA, organizations can significantly reduce
the risk of unauthorized access. If a threat actor successfully
gains unauthorized access to a user's credentials, such as
through password-spraying or brute force attacks, MFA provides
an additional layer of protection to prevent the threat actors
from gaining access to the account.</p>
<p>3. Monitor login attempts: Keep track of repeated failed login
attempts and suspicious activity to identify and block potential
password spraying attacks.</p>
<p>4. Implement geo-blocking of foreign IP addresses.</p>
<p>5. Use account lockouts: Implement mechanisms that lock user
accounts after a certain number of failed login attempts to
prevent further password spraying attempts.</p>
<p>6. Educate users: Train users on the importance of creating
strong passwords and being vigilant about their online security</p>
<p> </p>
<p>IOCs - IPs:</p>
<p>79[.]111[.]210[.]102</p>
<p>91[.]202[.]233[.]3</p>
<p>141[.]98[.]81[.]187</p>
<p>141[.]105[.]130[.]132</p>
<p>185[.]73[.]124[.]229</p>
<p>188[.]170[.]196[.]227</p>
<p> </p>
<p>Recipients are encouraged to share this awareness bulletin with
other municipal and public safety network IT administrators.</p>
<p> </p>
<p>TLP:GREEN - Recipients may share TLP:GREEN information with
peers and partner organizations within their community, but not
via publicly accessible channels. Unless otherwise specified,
TLP:GREEN information may not be shared outside of the
cybersecurity or cyber defense community.</p>
<p> </p>
<p>Please feel free to contact the MCP if you have any questions
at <a class="moz-txt-link-abbreviated" href="mailto:mcppol@pol.state.ma.us">mcppol@pol.state.ma.us</a>.</p>
<p>To report a cyber incident to law enforcement, please contact
your local law enforcement agency of jurisdiction and request
that they notify the Commonwealth Fusion Center. To report a
cyber incident directly to the Massachusetts State Police,
please contact the Commonwealth Watch Center at any time via
telephone at 508-820-2233.</p>
<p>Recipients should adhere to the originating agency's handling
protocols.</p>
<p>Please report any suspicious activity to your police department
of jurisdiction and the Commonwealth Fusion Center at
508-820-2233.</p>
<p> </p>
<p>Confidentiality Notice: This product is intended for federal,
state, and local government agencies and authorities, private
sector Cybersecurity stakeholders, and other entities. It is
provided to increase awareness of ongoing trends and current
open source information relating to Cybersecurity. If you are
not the intended recipient or if you have received this email in
error, please call 508-820-2233 immediately. Thank you.</p>
<p> </p>
<p>Massachusetts State Police<br>
Commonwealth Fusion Center<br>
<a href="mailto:fusion@state.ma.us"
id="OWAdb0bf44b-093d-fe8e-7a84-7158ac25fd25"
class="OWAAutoLink moz-txt-link-freetext"
style="margin-top: 0px; margin-bottom: 0px;"
moz-do-not-send="true">fusion@state.ma.us</a><br>
508-820-2233 (phone)<br>
508-988-7121 (fax)</p>
<p><br>
</p>
<p>CONFIDENTIALITY NOTICE: <i>The information contained in this
email and any attachment is privileged and confidential law
enforcement information. It may be distributed to state,
tribal, or local government law enforcement officials with a
need-to-know. Further distribution without CFC authorization
is prohibited. Precautions should be taken to ensure this
information is stored and/or destroyed in a manner that
precludes unauthorized access. If you are not the intended
recipient, you are hereby notified that any disclosure,
dissemination, or copying of this communication is strictly
prohibited. If you have received this email in error, please
call 508-820-2233 immediately. Thank you.</i></p>
<p><br>
</p>
</div>
<pre class="moz-signature" cols="72">--
Russ Hall
Fire Chief/EMD
Holden Fire Dept.
1370 Main Street
Holden, MA 01520
508-210-5650</pre>
</body>
</html>