2016 MS-ISAC Mid-Year Review

By: Ben Spear, Senior Cyber Intelligence Analyst

In order to provide greater insight into the state, local, tribal, and territorial (SLTT) cybersecurity landscape we’re sharing some of the insights MS-ISAC gained from the first six months of 2016.

Monitoring Analysis

In the first six months of 2016, MS-ISAC monitored devices generated in excess of 2.76 trillion records for analysis, which resulted in over 20,000 actionable alerts to members. A large portion of these alerts were related to malware infections, with the top culprits being ransomware and click fraud malware associated with the Angler Exploit Kit (EK). As depicted in the chart below, June’s average weekly number of notifications fell to nearly half the activity observed at the start of the year and one-third of the peak activity observed in late March. The blue dashed line shows the overall downward trend in actionable malicious activity.

This entry was posted in MS-ISAC on August 22, 2016 by Kimberly K

CIS Security Benchmarks Community Newsletter - August 2016

CIS Docker 1.12.0 Benchmark Released

The benchmark provides prescriptive guidance for establishing a secure configuration posture for Docker container version 1.12.0. The guide was tested against Docker 1.12.0 on RHEL 7 and Debian 8. Special Thanks to Pravin Goyal, Thomas Sjögren, Rory McCune, Manideep Konakandla and Jesse Hertz.

This entry was posted in Benchmarks Community Updates, benchmarks on August 18, 2016 by Kimberly K

Ransomware: Facts, Threats, and Countermeasures

By: Stacey Wright (Intel Program Manager) & Ben Spear (Senior Cyber Intelligence Analyst)


Ransomware is a type of malware that has become a significant threat to U.S. businesses and individuals during the past year. General ransomware incidents surged in 2016 and continue to infect victims with overwhelming success. Most of the current ransomware variants encrypt files on the infected system/network (crypto ransomware), although a few variants are known to erase files or block access to the system using other methods (locker ransomware). Once access to the system is blocked, the ransomware demands a ransom in order to unlock the files, frequently $200 - $1000 in bitcoins, though other currencies, gift cards, and ransoms of several thousand dollars are occasionally reported. Ransomware variants almost always opportunistically target business and home users, infecting an array of devices from computers to smartphones.

Victims are at risk of losing their files, but may also experience financial loss due to paying the ransom, lost productivity, IT costs, legal fees, network modifications, and/or the purchase of credit monitoring services for employees/customers.

This entry was posted in ransomware, MS-ISAC on August 17, 2016 by Kimberly K

Get to Know the CIS Critical Security Controls

The CIS Critical Security Controls have come a long way since 2008. Check out this infographic below to learn more about the Controls and how you can start using them to improve your cybersecurity posture today.

This entry was posted in Critical Security Controls, CIS Controls, CIS Critical Security Controls on August 15, 2016 by Kimberly K

MS-ISAC Members: The Most Valuable MS-ISAC Resource

By: Jill Fraser, Intelligence & Analysis Working Group Member

In becoming an MS-ISAC member, the most valuable resource we receive is access to other MS-ISAC members. While there is unarguably a tremendous value in the cyber intelligence and analytics that the MS-ISAC provides, we are obtaining as much value from the intelligence, experience, and relationships the MS-ISAC enables us to build with other members.

This entry was posted in MS-ISAC on August 10, 2016 by Kimberly K

2016 Summer Olympics: 3 Ways to Stay Safe Online

Over 70 malicious websites were created during the 2012 Olympics to lure people into buying fake tickets.1 With the 2016 Summer Olympics taking off this week, look out for spam, fake websites, and suspicious social media posts. Cyber criminals use these tactics to steal users’ login credentials, money, or other personal information.

This entry was posted in cybersecuirty, safety tip, Safety Tips on August 08, 2016 by Kimberly K

Cybersecurity Training In Wyoming

A member of the CIS team will be in Wyoming August 10-12 conducting cybersecurity training for State Agencies, Local Government, Educational Institutions, General Public, Industry, & Private Businesses.

This entry was posted in Critical Security Controls, cybersecurity on August 05, 2016 by Kimberly K