17/09/21

Critical Infrastructure Daily Brief

Statewide Terrorism & Intelligence Center

Critical Infrastructure Daily Brief

September 16, 2021

 

**UNCLASSIFIED **

(U) STIC is providing this information to our partner agencies for situational awareness. This document contains information obtained from open source information. While STIC has gone to great lengths to verify the information found in open source documents on the internet, this information may not be accurate.

 

Situational Awareness

The largest aviation maintenance training program in the country will call Illinois home. The Aviation Institute of Maintenance has opened a massive 137,000 square foot facility in Chicago, the largest in the country. They converted an old warehouse with a large hangar, 17 classrooms, a lab and offices to support students. “AIM is thrilled to bring our proven industry training programs to Illinois as we work to prepare the next generation for exciting roles in the aviation industry,” said AIM executive vice president Joel English. AIM received an Illinois Economic Development for a Growing Economy, or “EDGE” tax credit based on its plans to deliver a $10 million capitol investment in the McKinley park community and 75 jobs by the end of 2022. “Our aviation training facility in McKinley Park, our district and the entirety of Illinois are reaffirming our global reputation as a proven leader in transportation investment, innovation and opportunity,” said Congresswoman Marie Newman. Training programs will prepare students with certifications needed to work with major airlines or any number of aviation industry partners based in Illinois. An initial 40 students will be enrolled in 2021 and there are plans to serve 200 students next year. Following approval by the Illinois Board of Higher Education, AIM has partnered with Southern Illinois University’s School of Aviation to allow AIM students to receive a bachelor’s degree post-graduation and will look to arrange agreements with additional Illinois colleges and universities.

 

The U.S. Department of Labor estimates 8,009 new unemployment claims were filed during the week of September 6 in Illinois, according to the DOL’s weekly claims report released Thursday. While this number is based on advanced estimates, the Illinois Department of Employment Security (IDES) will be releasing a final number later Thursday. If the final numbers from IDES are remotely close to the Department of Labor estimates, it would not only be a significant decrease from the previous week – when 15,570 new unemployment claims were filed in Illinois the week of August 30 – but would be lower than at any point during the pandemic. Illinois’ estimated claims are among 332,000 total claims filed across the country last week.

 

Federal authorities are now assisting Pittsburgh Police after threats were called in to two different churches over the weekend. About 30 worshippers were escorted out of St. John’s Catholic Church on Saline Street in Greenfield in small groups with heavily armed police at their side Sunday morning after a man threatened to harm himself and others there. According to police, a man called 911 threatening harm just after 11:15 a.m. He told 911 he had multiple firearms. Police also responded to a church on the North Side where congregants called 911 after observing a parishioner wearing a gun during the service. Police responded and the man provided a valid conceal carry permit and was allowed to leave. In response to these threats and perceived danger, Pittsburgh Police is working directly with the FBI to investigate the source and determine any connection between the two incidents. “Pittsburgh Public Safety takes all threats of violence or terrorism extremely seriously. Pittsburgh Police Intelligence Unit detectives are working closely with our federal partners within FBI Pittsburgh, sharing information and intelligence to determine the origin of the threats,” said Public Safety Director Wendell Hissrich. “In the meantime, we are reassured that in one instance, citizens called police when they observed suspicious behavior. We encourage everyone to adhere to the tenet, ‘if you see something, say something.’ It is only by working together that we can keep our communities safe.” Police have added extra patrols and are taking additional precautions to safeguard these churches and all houses of worship within the city. The bureau does not discuss specific operational details.

 

President Joe Biden announced the formation of a new security partnership between the United States, Australia and the United Kingdom that seeks to strengthen stability in the Indo-Pacific region as China expands its military might and influence. Prime Ministers Scott Morrison of Australia and Boris Johnson of the United Kingdom joined Biden virtually for the announcement of the partnership. “Today we’re taking another historic step to deepen and formalize cooperation among all three of our nations because we all recognize the imperative of ensuring peace and stability in the Indo-Pacific over the long term,” Biden said from the East Room of the White House. “This is about investing in our greatest source of strength, our alliances,” Biden said. “This initiative is about making sure that each of us has the most modern capabilities we need to maneuver and defend against rapidly evolving threats,” the president said. The formation of the trio comes as the U.S. and U.K. end their 20-year military involvement in Afghanistan, a decision Biden has said will allow the U.S. to focus on emerging threats from Russia and China. The U.S. and U.K. will also assist Canberra in acquiring nuclear-powered submarines, which will allow Australia’s navy to help counter Chinese nuclear-powered vessels in the region. “This will give Australia the capability for their submarines to basically deploy for longer periods, they’re quieter, they’re much more capable, they will allow us to sustain and to improve deterrence across the Indo-Pacific,” a senior administration official, who spoke on the condition of anonymity, said ahead of the president’s remarks. “What we’re seeing in the Indo-Pacific region is a set of circumstances where capabilities are more advanced,” the official added. “This allows Australia to play at a much higher level, and to augment American capabilities.” The U.S., Australia and the U.K. also plan to deepen technology sharing across emerging security arenas like cyber, artificial intelligence and quantum technologies. The three countries alongside Canada and New Zealand already share extensive intelligence through the Five Eyes alliance.

 

Police averted a possible Islamist attack on a synagogue in western Germany and arrested four people including a 16-year-old Syrian youth in connection with the threat, the regional interior minister said on Thursday. Authorities had received a "a very serious and concrete tip" that an attack on the synagogue in the town of Hagen could take place during the Jewish festival of Yom Kippur, the minister, Herbert Reul, said. Officers tightened security around the building on Wednesday evening and searched it for bombs but found nothing dangerous, Reul, interior minister for the state of North Rhine-Westphalia, told a news conference. He said the synagogue had called off its celebration of Yom Kippur, when observant Jews hold overnight vigils. The tip-off had included details of the timing of an attack, he added. Earlier on Thursday, police in Hagen said they had arrested four people as a result of their investigation into the threat and had searched various buildings. Reul said one of those detained was a 16-year-old from Hagen with Syrian roots. Germany, still scarred by the Holocaust, has seen a rise in anti-Semitic violence in recent years, mostly carried out by the far-right.

 

Cybersecurity

The Grief ransomware gang is threatening to delete victim's decryption keys if they hire a negotiation firm, making it impossible to recover encrypted files. Last week, BleepingComputer first reported that the Ragnar Locker ransomware gang threatened to automatically publish a victim's stolen data if they contacted law enforcement or negotiation firms. Ransomware gangs do not like professional negotiators to be involved in attacks, as it can lead to lowered profits and the stalling of time while a victim performs an incident response. Ragnar Locker argues that ransomware negotiation firms are only there to make money and are not in the victim's best interest. "The recovery company will charge you, maybe even help you return the piece of data if our operation was not perfect, they will try to bring down the price, and as a result, the data of their clients will simply be in the public domain, because we will publish it," Ragnar Locker posted on their data leak site. Since they made this warning, Ragnar Locker has already claimed to publish a victim's entire stolen data after they hired a ransomware negotiator.

 

REvil victims, your prayers have been answered: There’s a universal decryptor key waiting to free you. Bitdefender is releasing a free, universal decryptor key to unlock data of victimized organizations that were encrypted by REvil/Sodinokibi ransomware attacks before the gang’s servers went belly-up on July 13. The firm announced that it’s giving away the universal key on Thursday morning, mere days after REvil reared its slimy head again (though the underground considers it to probably be some mediocre, lower-tier REvil lackeys milking the name so as to pull an exit scam). This is the real deal, Bitdefender said, not the letdown of last month, when REvil victim Kaseya got its hands on a master key. At that time, it was first thought that the key could unlock all of the REvil attacks that occurred at the same time as the Kaseya one. Unfortunately, it soon became clear to researchers that the decryptor was only for the files locked in the Kaseya attack. Bitdefender, a Romania-based cybersecurity firm, didn’t share details on how it developed the key, beyond saying that it was created “in collaboration with a trusted law enforcement partner” and that it will help those entities that were attacked before parts of REvil’s infrastructure blinked off on July 13. “Please note this is an ongoing investigation and we can’t comment on details related to this case until authorized by the lead investigating law enforcement partner,” Bitdefender said in a press release. “Both parties believe it is important to release the universal decryptor before the investigation is completed to help as many victims as possible.” When REvil shut down, it left infected victims high and dry, unable to continue with negotiations that were abruptly snipped and, hence, unable to get a decryptor key. The decryption tool that Bitdefender is offering should help those victims to take back control of their data and assets.

 

Microsoft has addressed four critical vulnerabilities collectively known as OMIGOD, found in the Open Management Infrastructure (OMI) software agent silently installed on Azure Linux machines accounting for more than half of Azure instances. OMI is a software service for IT management with support for most UNIX systems and modern Linux platforms, used by multiple Azure services, including Open Management Suite (OMS), Azure Insights, Azure Automation. These vulnerabilities were found by cloud security firm Wiz researchers Nir Ohfeld and Shir Tamari, who dubbed them OMIGOD. "Problematically, this 'secret' agent is both widely used (because it is open source) and completely invisible to customers as its usage within Azure is completely undocumented," Ohfeld said.

 

The justice ministry of the South African government is working on restoring its operations after a recent ransomware attack encrypted all its systems, making all electronic services unavailable both internally and to the public. As a consequence of the attack, the Department of Justice and Constitutional Development said that child maintenance payments are now on hold until systems are back online.

 

Energy

Gov. J.B. Pritzker signed wide-ranging legislation overhauling Illinois’ energy sector on Wednesday, calling the bill a “giant leap forward” for the state as it works to address the effects of climate change and establish “aggressive” clean energy standards. “We can’t outrun or hide from climate change — not to the north where the boundary waters burn, not to the south where Ida swallows lives and livelihoods in the blink of an eye. ... We’ve seen the effects of climate change right here in Illinois repeatedly in the last two and a half years alone: a polar vortex, devastating floods, microbursts that destroy buildings,” Pritzker said. “There is no time to lose but what we can do, what we must do — and thanks to the Climate and Equitable Jobs Act — Illinois is doing, is to fight to stop, and even reverse, the damage that’s been done to our climate. As of today, Illinois is a force for good, for an environmental future we can be proud of.” The governor was joined by the Democratic leaders of the Illinois House and Senate as well as legislators from both parties who served on the negotiating teams of those chambers at the Shedd Aquarium for the bill signing.

Related Links


Back to index