Critical Infrastructure Daily Brief

Statewide Terrorism & Intelligence Center

Critical Infrastructure Daily Brief

September 27, 2021



(U) STIC is providing this information to our partner agencies for situational awareness. This document contains information obtained from open source information. While STIC has gone to great lengths to verify the information found in open source documents on the internet, this information may not be accurate.


Situational Awareness

Former President Barack Obama’s presidential center will move another step closer to its brick-and-mortar future next week when ground is broken after years of reviews, other delays and continued local opposition. Obama and his wife, Michelle, will join Illinois Gov. J.B. Pritzker and Chicago Mayor Lori Lightfoot in Chicago on Tuesday for a groundbreaking ceremony for the Obama Presidential Center. “Michelle and I could not be more excited to break ground on the Obama Presidential Center in the community that we love,” the former president says, seated beside his wife, in a video announcement shared first with The Associated Press.


A mass shooting at a Tennessee Kroger this week sheds light on the issue of mass gun violence. Thursday’s shooting in Collierville injured fifteen people, but it’s far from the first mass shooting Tennessee has seen so far this year. The Gun Violence Archive defines a mass shooting as one where four or more people are shot. According to the database, Tennessee has seen 10 mass shootings so far in 2021, including 13 people killed and another 43 injured. Drill Sergeant Alverto Austin said Thursday’s shooting is just the latest example of why everyone needs to be prepared. “We just don’t know what’s going to happen, okay. And it’s sad that it has come to this but that’s the reality of it,” said Austin, who owns Be Sober Be Vigilant Protection Academy. Whether at the grocery store, at a restaurant, or a public event, Austin said active shooter training is something everyone should all consider.’  “Unfortunately a lot of us don’t get the adequate training for these type of situations and when they happen we have no clue on what to do,” Austin said. Austin said the first step is to come up with a quick exit strategy whenever you walk into a crowded place or event. “Come up with the what if’s, sit down with your team, with your family, with your organization and go over scenarios, what if scenarios,” Austin said. “Most people’s tendency, when they hear gunfire is to just break out and start running. But you need to have an assessment on where is the gunfire coming from.” At that point, Austin said it’s time to decide whether to run, hide, or fight. “Get out of that environment, get out of harms way, get out of the crossfire. But if the situation dictates that you cannot bring separation or evasion, then you definitely want to find a nice concealed location,” Austin said. Some employees and first responders in Thursday’s incident had been through active shooter training and employed tactics like these, including those who used the store’s freezers to hide. Austin believes tactics like these saved lives that day.



This week, threat actors hijacked Bitcoin.org, the authentic website of the Bitcoin project, and altered its parts to push a cryptocurrency giveaway scam that unfortunately some users fell for. Although the hack lasted for less than a day, hackers seem to have walked away with a little over $17,000.


On Sunday, video surveillance giant Hikvision posted a security advisory on its website warning customers of a cyber vulnerability that could impact millions of cameras and NVRs deployed globally.  The “command injection vulnerability” could allow threat actors to have complete control of compromised devices and was discovered by cybersecurity researcher Watchful IP in June and first reported on Monday by IPVM. According to the security advisory, the vulnerability received a base score of 9.8 out of 10 per the Common Vulnerability Scoring System (CVSS), which Watchful IP called “the highest level of critical vulnerability.” Although the video surveillance giant has not disclosed how many products are likely impacted, posting only product names and firmware versions, IPVM estimates that more than 100 million devices could be affected. In a letter to its partners, Hikvision informed integrators to download an updated version of firmware on its website to remediate the vulnerability. It also said: “We recognize that many of our partners may have installed Hikvision equipment that is affected by this vulnerability, and we strongly encourage  you to work with your customers to ensure proper cyber hygiene and install the updated firmware.” Hikvision also said that it worked with Watchful IP to patch the vulnerability. Additionally, the company has patched all vulnerabilities reported to the company in its latest firmware version.



If you become critically ill in a small or rural hospital in central Illinois, it's going to take you a lot longer than normal to transfer to a larger facility. ICU bed capacity is low across central and southern Illinois, which means small and rural hospitals are running out of space quick. But the large hospitals they usually transfer to have limited space as well, so now some small facilities are even looking out of state just to find medical care for their patients. “We have seen severe difficulty for probably about the last 4 weeks, with the last 2 being the most severe,” Jessica Barkley said. Barkley is Chief Nursing Officer at Carlinville Area Hospital. She explains that when a critically ill patient in Carlinville needs transferred to a larger hospital, they're usually sent to Springfield or St. Louis. But right now, even the city hospitals can't accept everyone from their surrounding communities, all thanks to bed shortages fueled by the pandemic. "It's very frustrating for our staff and the receiving hospital's staff because they want to help, but they're stretched thin, Barkley said. “And they don't have the beds either. It gets to a point where don't even have a waitlist anymore because the list is so long." Pana Community Hospital reports that sometimes it takes calls to over 30 hospitals before they can find an open bed. Even if the bed is found, hospital officials say there has to be enough ambulance staff on hand to drive the patient to the larger facility, which isn’t guaranteed. Sarah Bush Lincoln Medical Center in Mattoon says their doctors have also looked out of state just to find patient care. "Literally we were calling St. Louis, Indianapolis, Chicago to get patients transferred,” Dwight Pentzien said. Pentzien is Vice President of Medical Affairs at Sarah Bush. He says that their transfer problems peaked in severity a few weeks back, but they don’t believe they’re out of the woods just yet. For Barkley, she says some Carlinville patients have waited up to four days for an ICU bed. "The past two weeks have been really rough,” Barkley said. “We sure hope there's some change in the future, but right now, we're in the thick of it." All hospitals stressed the need for more COVID-19 vaccinations to decrease an individual’s risk of hospitalization. Lynne Barnes, President of Carle Foundation Hospital in Champaign said: “The region is continuing to see steady rates of hospitalizations and high levels of ICU need in the communities we serve. Like all health systems in the state, we are managing resources carefully and planning to support our patients if the spread in Illinois continues. We consider our ability to support surrounding facilities a priority and are getting requests to transfer patients not only from the region, and throughout Illinois, but also from hospitals throughout the country. All areas of Illinois are seeing substantial spread, which means all hospitals in the state are working to address more need. Ultimately, it is important that people get vaccinated now to limit the spread of infection and hospitalizations.”


California-based United Health Centers suffered a ransomware attack that reportedly disrupted all of their locations and resulted in patient data theft. United Health Centers is a health care provider in California with twenty-one community health centers servicing Fresno, Kings, and Tulare counties. On August 31st, BleepingComputer was told by a source in the cybersecurity industry that United Health Centers was reeling from a Vice Society ransomware attack that caused them to shut down their entire network. We were told the outage caused disruptions in the IT system for all of their locations and that they have begun to reimage computers and recover data from offline back-ups. At the time, BleepingComputer reached out to UHC multiple times but did not receive a response to any of our queries to confirm the attack. We have been told that the leaked files contain sensitive information, such as patient benefits, financial documents, patient lab results, and audits. Furthermore, UHC has not disclosed this attack or the potential compromise of patient data on their website.



A revival in the U.S. Farm Belt is in full swing, boosting markets for land and equipment and raising concerns over farmers’ escalating costs. A monthslong rally in prices for major agricultural commodities such as corn and soybeans is pushing up incomes for U.S. farmers and unleashing spending and investment that had been subdued for years, according to agricultural economists and executives. The run-up in land and equipment prices that has followed could leave farmers exposed if big harvests send crop prices lower again, some economists said.


US agriculture secretary Tom Vilsack has urged the country‘s agri co-op sector to improve cyber defences after two ransomware attacks. His comments came after Russian hackers struck against Minnesota-based farm supply and grain marketing co-op Crystal Valley, and Iowa’s corn and soy growers’ co-op New Cooperative. New Cooperative was hit with a $5.9m ransomware demand to unlock the computer networks used to keep food supply chains and feeding schedules on track for millions of farm animals. Hacking group BlackMatter threatened to publish the co-op’s data, including invoices, research and development documents, and the source code to its soil-mapping technology, if it did not receive the ransom in cryptocurrency. The co-op developed a workround and contained the attack, but took its system offline as a precaution, leaving farmers to use paper tickets to log shipments. Crystal Valley Cooperative announced on Facebook  that it had been hit with a ransomware attack on 19, September. “The attack has infected our computer systems and interrupted the daily operations of our company,” it said. “Due to this computer breach, all systems of the Mankato-based cooperative have been shut down until they can be restored safely and securely.” Speaking at the National Association of State Departments of Agriculture’s annual meeting, Mr Vilsack said: “We want to make sure during this harvest that we don’t have any additional disruptions as a result of systems being hacked.” Eric Goldstein, executive assistant director for cybersecurity at the Cybersecurity and Infrastructure Security Agency, told the Washington Post his organisation is in “in close contact with New Cooperative and have offered assistance in supporting the company’s response and recovery. The company is engaging proactively with CISA as the investigation progresses.” Digital identity management firm FYEO told tech website zdnet it had identified problems of weak passwords at New Cooperative and urged the industry to strengthen its passwords policy. FYEO’s chief operating officer Tommy Khan said he was also concerned that the attack suggeested that “hackers are still going after critical infrastructure and seeking to disrupt supply chains.“



Viasat Customer Service says customers in the North Eastern and North Central U.S. are without internet after a major incident in Canada. Viasat, the internet service, says the network outage is due to a “train derailment” in Canada, and the result is “ground segment damage.” Crews have not been able to repair the damage, as the area has still not been deemed “safe” to gain access. There is no word yet on a repair time.

Back to index