[HFDlist] Fwd: MCP has received an increase in reports of password spraying attacks targeting public-facing municipal networks

Russ Hall rhall at holdenma.gov
Tue Mar 12 18:13:37 UTC 2024 

FYI from the Massachusetts Cybersecurity Program.  Make sure that your 
passwords are strong and up to date.


Thanks:


Chief Hall



-------- Forwarded Message --------
Subject: 	MCP has received an increase in reports of password spraying 
attacks targeting public-facing municipal networks
Date: 	Tue, 12 Mar 2024 18:07:43 +0000
From: 	Davine, Jon (DFS) <Jon.Davine at mass.gov>
To: 	Davine, Jon (DFS) <Jon.Davine at mass.gov>



Chiefs -

Forwarding the following from the Fusion Center

Thank you,


Logo Description automatically generated

	

*/Jon M. Davine/*

State Fire Marshal

Department of Fire Services

1 State Rd., Stow, MA 01775

*Office:* 978-567-3111

*Mobile*: 781-400-9074





*Bulletin Type:* Cyber

*Status: * Closed

*Narrative:*

The Massachusetts Cybersecurity Program has received an increase in 
reports of password spraying attacks targeting public-facing municipal 
network accounts, including VPNs, often originating from foreign IP 
addresses. The Commonwealth Fusion Center is providing this information 
for situational awareness purposes.

TLP:GREEN

A *password spraying attack* is a type of brute force attack where an 
attacker tries a small number of commonly used passwords against a large 
number of user accounts. The goal is to find accounts with weak 
passwords and gain unauthorized access.

*/To mitigate password spraying attacks, organizations can implement the 
following measures:/*

1. Enforce strong password policies: Encourage users to choose complex 
and unique passwords that are difficult to guess.

2. By implementing MFA, organizations can significantly reduce the risk 
of unauthorized access. If a threat actor successfully gains 
unauthorized access to a user's credentials, such as through 
password-spraying or brute force attacks, MFA provides an additional 
layer of protection to prevent the threat actors from gaining access to 
the account.

3. Monitor login attempts: Keep track of repeated failed login attempts 
and suspicious activity to identify and block potential password 
spraying attacks.

4. Implement geo-blocking of foreign IP addresses.

5. Use account lockouts: Implement mechanisms that lock user accounts 
after a certain number of failed login attempts to prevent further 
password spraying attempts.

6. Educate users: Train users on the importance of creating strong 
passwords and being vigilant about their online security

IOCs - IPs:

79[.]111[.]210[.]102

91[.]202[.]233[.]3

141[.]98[.]81[.]187

141[.]105[.]130[.]132

185[.]73[.]124[.]229

188[.]170[.]196[.]227

Recipients are encouraged to share this awareness bulletin with other 
municipal and public safety network IT administrators.

TLP:GREEN - Recipients may share TLP:GREEN information with peers and 
partner organizations within their community, but not via publicly 
accessible channels. Unless otherwise specified, TLP:GREEN information 
may not be shared outside of the cybersecurity or cyber defense community.

Please feel free to contact the MCP if you have any questions at 
mcppol at pol.state.ma.us.

To report a cyber incident to law enforcement, please contact your local 
law enforcement agency of jurisdiction and request that they notify the 
Commonwealth Fusion Center. To report a cyber incident directly to the 
Massachusetts State Police, please contact the Commonwealth Watch Center 
at any time via telephone at 508-820-2233.

Recipients should adhere to the originating agency's handling protocols.

Please report any suspicious activity to your police department of 
jurisdiction and the Commonwealth Fusion Center at 508-820-2233.

Confidentiality Notice: This product is intended for federal, state, and 
local government agencies and authorities, private sector Cybersecurity 
stakeholders, and other entities.  It is provided to increase awareness 
of ongoing trends and current open source information relating to 
Cybersecurity.  If you are not the intended recipient or if you have 
received this email in error, please call 508-820-2233 immediately.  
Thank you.

Massachusetts State Police
Commonwealth Fusion Center
fusion at state.ma.us <mailto:fusion at state.ma.us>
508-820-2233 (phone)
508-988-7121 (fax)


CONFIDENTIALITY NOTICE: /The information contained in this email and any 
attachment is privileged and confidential law enforcement 
information. It may be distributed to state, tribal, or local government 
law enforcement officials with a need-to-know. Further distribution 
without CFC authorization is prohibited. Precautions should be taken to 
ensure this information is stored and/or destroyed in a manner that 
precludes unauthorized access.  If you are not the intended recipient, 
you are hereby notified that any disclosure, dissemination, or copying 
of this communication is strictly prohibited.  If you have received this 
email in error, please call 508-820-2233 immediately.  Thank you./


-- 
Russ Hall
Fire Chief/EMD
Holden Fire Dept.
1370 Main Street
Holden, MA 01520
508-210-5650
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.holdenma.gov/pipermail/firedept/attachments/20240312/5f63fd57/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Outlook-LogoDesc.png
Type: image/png
Size: 92343 bytes
Desc: not available
URL: <http://lists.holdenma.gov/pipermail/firedept/attachments/20240312/5f63fd57/attachment-0001.png>

More information about the Firedept mailing list