FBI San Francisco
San Francisco Media Office
June 2, 2022

FBI San Francisco Announces Cyber Security Awareness Campaign for Bay Area Companies

“Cyber Risk is Business Risk, and Cyber Security is National Security”

SAN FRANCISCO – FBI San Francisco is announcing an awareness campaign to warn the private industry of increased malicious cyber intrusions into organizations of all sizes. The San Francisco Bay Area, including Silicon Valley, remains a target-rich environment for cyberattacks. The FBI encourages organizations to establish proactive relationships with their local FBI field office.

The awareness campaign will last from June 1 to September 2, 2022, and will include media appearances, a social media campaign, and presentations to local industry groups. The FBI will also participate in the 2022 RSA Conference from June 6 to June 9, 2022, at the Moscone Center in San Francisco, California. FBI employees will have a booth on the expo floor and will speak on various panels about emerging and persistent cybersecurity threats.

“The FBI can provide companies with near real-time intelligence, threat trends, and actionable guidance to strengthen a company’s defenses against cybersecurity attacks,” said FBI San Francisco Special Agent in Charge Sean Ragan. “When a cybersecurity incident does occur, the FBI can respond quickly and effectively to investigate the attack, identify the criminal actors, and help companies mitigate the damage of the intrusion. Cyber risk is business risk, and cyber security is national security. We all need to work together to strengthen our country’s cyber defenses.”

Recent Trends in Malicious Cyber Activity

FBI San Francisco has seen recent increases in the following types of cyber intrusions:

  • Ransomware: The FBI has seen criminal ransomware groups cause more destruction and demand larger ransoms in recent years. In some cases, when a company pays a ransom, the criminal group targets the company again a few months later. The FBI has also seen ransomware groups operate on a franchise model, where the criminals who create the ransomware variants are willing to sell the code to less-sophisticated cybercriminals for an easy profit.
  • Supply Chain Attacks: The FBI warns companies that supply chains are increasingly a point of vulnerability for computer intrusions. A company’s cybersecurity is only as good as the security of its trusted vendors.
  • Critical Infrastructure Attacks: In 2021, America’s critical infrastructure experienced an unprecedented increase in cyber-attacks. While nation-state threats remain concerning for their persistence, sophistication, and potential for destructive intent, cybercriminals deploying ransomware undoubtedly have the most visible direct impact on U.S. critical infrastructure, including hospitals, the energy sector, and emergency services.

How the FBI Can Help with Preventative Measures

The most important action a company can take in preparing for cyber security incidents is to develop a relationship with their local FBI field office before an intrusion. When the FBI can quickly engage with a company, we can share indicators that help network defenders identify malicious activity and intelligence about what the actors have been doing elsewhere that inform a company’s decision-making during a crisis.

The FBI recommends that all companies, regardless of size, take these preventive measures during this heightened threat environment:

  • If possible, identify your company’s most sensitive information and encrypt it.  Hackers will often steal this information and attempt to extort companies by threatening to leak it online.
  • Ensure your organization has an incident response plan that includes the FBI. Your organization should exercise your incident response plan on a routine basis.
  • Ensure you have offline backups of critical data.
  • When you realize your system is compromised, cybercriminals may have already taken your data. There are several red flags to look for that might indicate a cyber-attack, including passwords not working, a large number of pop-up ads, unexplained online activity, slow-running devices, and altered system settings.
  • Know if your company has any connectivity in Eastern Europe that may cause additional vulnerabilities.
  • If compromised, contact the FBI immediately.

What to Do After a Cyber Intrusion

Contact the FBI as soon as you learn of a cyber intrusion. During a crisis, we can work shoulder-to-shoulder with your incident response team in your U.S. office while also working with foreign partners to mitigate an attack, develop threat intelligence, understand exfiltration, and inform defensive posture. If your company experiences a breach—while it may be brand new to you—there is a good chance the FBI has seen the hackers before, whether firsthand or via our global network.

As a federal law enforcement agency, the FBI can conduct criminal investigations and gather evidence of violations of U.S. computer hacking and espionage laws using criminal legal processes, like subpoenas, search warrants, and wiretaps. That collection yields details that unlock who is compromising our networks, how our adversaries are succeeding, and where they may strike next, all because of the technical clues they leave behind.

Because cyberattacks are a global issue, the FBI has legal attaches in over 70 U.S. embassies worldwide and partnerships with law enforcement agencies in each of these countries. The FBI maintains a global workforce of cyber experts, working closely with a network of foreign law enforcement and intelligence agencies. This means infrastructure utilized in foreign countries can be exploited to develop threat intelligence or mitigate attacks through international agreements and partnerships.

By working with the FBI, you are working to help prevent the actor from victimizing others and potentially from re-victimizing you.

FBI - Private Sector Partnership Groups

The FBI shares information with the private sector through one-on-one outreach, cyber threat bulletins, and through our many partnerships, including the Fortune-1000 companies who belong to the Domestic Security Alliance Council (DSAC) and the U.S. critical infrastructure professionals in our national InfraGard program. 

The Domestic Security Alliance Council, or DSAC, is a security and intelligence-sharing initiative between the FBI, the Department of Homeland Security, and the private sector. Created in 2005, DSAC enables an effective two-way flow of vetted information between the FBI and participating members to help prevent, detect, and investigate threats impacting American businesses and U.S. economic and national security. For more information, please visit: https://www.dsac.gov/.

InfraGard is a partnership between the FBI and members of the private sector to protect U.S. Critical Infrastructure. Through seamless collaboration, InfraGard connects owners and operators within critical infrastructure to the FBI to provide education, information sharing, networking, and workshops on emerging technologies and threats. InfraGard’s membership includes business executives, entrepreneurs, lawyers, security personnel, military, and government officials, IT professionals, academia, and state and local law enforcement—all dedicated to contributing industry-specific insight and advancing national security. To learn more about joining InfraGard, please visit www.infragard.org. FBI alerts and advisories are provided directly through the InfraGard platform.

The FBI’s Internet Crime Complaint Center (IC3) also provides Industry Alerts at https://www.ic3.gov/Home/IndustryAlerts.

Contacting the FBI

Contact the FBI San Francisco Field Office at (415) 553-7400. You can report internet crimes at www.ic3.gov and other suspicious criminal activity at tips.fbi.gov.

*For media inquiries, please contact the FBI San Francisco Media Office at media.sf@fbi.gov*