FBI Jackson

Are you interested in a new career in assisting victims of federal crimes? Learn more about here: fbijobs.gov/victim-service….

Since 1935, the FBI's Law Enforcement Bulletin has highlighted the work and experiences of the FBI and our law enforcement partners. #LawEnforcement This month, learn how agencies are working to prevent suicide clusters among law enforcement officers. Read more at leb.fbi.gov.

Cyber threats are on the rise, with hijacked networks, cryptocurrency heists, and corporate espionage becoming alarmingly common. Learn how #YourFBI Cyber Division is working to unmask hackers and safeguard Americans and businesses from these cyber-attacks: fbi.gov/investigate/cy….

Survivors trafficked on Backpage or CityXGuide may be eligible for financial compensation. The process can feel overwhelming, but free legal help is available at backpageremission.com. You have until March 31, 2026. #NMEC

Biloxi Man Sentenced to 10 Years in Prison and a Lifetime of Supervised Release for Possession of Images of Minors Engaging in Sexually Explicit Conduct. Read about it here: justice.gov/usao-sdms/pr/b…

Operation Winter Shield Step 10: Exercise your incident response plan with stakeholders Why: Practiced organizations respond faster, contain more effectively, and reduce impact. ■ Maintain a concise incident response playbook defining roles, decision authority, isolation actions, and evidence preservation. ■ Conduct a focused 60-minute tabletop exercise quarterly with technical, legal, communications, operations, and leadership teams. ■ Include law enforcement contacts in your incident response plan such as your local FBI field office to enable rapid coordination.

Operation Winter Shield Step 9: Reduce administrator privileges Why: Broad, persistent administrative access enables rapid escalation when credentials are compromised. ■ Minimize the number of administrator accounts and administrative group memberships to only those necessary. ■ Those granted administrator access should only use those privileges when necessary, and use a standard account at all other times ■ Require just-in-time admin access from secured devices using separate admin accounts. ■ Restrict where administrator logins are permitted and block use on standard workstations. ■ Monitor and alert on privilege changes and new admin accounts. ■ Remove local admin rights from user devices, approving exceptions with expiration dates.

Operation Winter Shield Step 8: Strengthen email authentication and malicious content protections Why: Email remains a favored initial access vector for intrusions and fraud. ■ Publish and enforce DMARC, SPF, and DKIM for all sending domains; align third-party senders. ■ Progress DMARC policy from monitoring to quarantine to reject as alignment matures. ■ Quarantine high-risk attachments, block internet-sourced macros, and sandbox suspicious files. ■ Enable time-of-click link protection and restrict automatic external forwarding.

Operation Winter Shield Step 7: Identify, inventory, and protect internet-facing systems and services Why: Unnecessary exposure creates low-effort entry points for attackers. ■ Maintain a concise list of all internet-reachable systems with owners. ■ Remove unnecessary exposure; require authenticated gateways for what remains. ■ Disable direct internet-facing remote desktop; use brokered access instead. ■ Regularly scan public IP space to detect new exposures.

Operation Winter Shield Step 6: Maintain offline, immutable backups and test restoration Why: Backups are routinely targeted early in intrusions; resilience depends on isolation and tested recovery. ■ Follow the 3-2-1 backup rule: maintain at least three copies of critical data on two different media types, with one stored offline and immutable. ■ Secure backup platforms with strong authentication, separate admin accounts, and consoles limited to secured devices. ■ Define recovery requirements, including configurations and identity systems. ■ Test restorations regularly, measure recovery time, and remediate gaps.

FBI personnel are fully engaged on the situation overseas. Last night I instructed our Counterterrorism and intelligence teams to be on high alert and mobilize all assisting security assets needed. Our JTTFs throughout the country are working 24/7, as always, to address and disrupt any potential threats to the homeland. While the military handles force protection overseas, the @FBI remains at the forefront of deterring attacks here at home - and will continue to have our team work around the clock to protect Americans. We ask everyone to please report anything that may seem suspicious to law enforcement - 1-800-CALL-FBI and tips.fbi.gov. Thank you to all military service members, federal partners, and law enforcement who continue to put mission first.

Operation Winter Shield Step 5: Protect security logs and preserve them for an appropriate time Why: Reliable, preserved logs are essential for detection, response, and attribution. Adversaries often attempt to erase them. ■ Centralize authentication, email, endpoint, network, DNS, remote access, and cloud audit logs in a SIEM or centralized logging platform; export daily to protected, immutable storage. ■ Retain logs based on legal and response needs (12 months is a common baseline). ■ Synchronize system clocks and validate retention. ■ To identify gaps in log centralization and retention, conduct quarterly exercise to review logs of activity for a single user and/or server.

Operation Winter Shield Step 4: Manage third-party risk Why: An organization’s security extends only as far as its least-protected vendor with network or data access. Adversaries often exploit these gaps to bypass stronger defenses. ■ Maintain a single list of third parties with access or data-handling responsibilities and named owners. ■ Require strong authentication, least-privilege access, and monitored gateways where feasible. ■ Audit for and disable unused accounts. ■ Contractually require rapid breach notification, encryption, and annual control verification. ■ Revoke access and confirm data disposition upon contract change or termination.

Operation Winter Shield Step 3: Track and retire end-of-life technology on a defined schedule Why: End-of-life systems no longer receive security updates and, as a result, are routinely targeted. ■ Maintain a rolling 12-month EOL forecast, reviewed quarterly with owners and procurement. ■ Track EOL systems by product, owner, location, and retirement date. ■ Replace or isolate EOL assets; if delays occur, apply compensating controls with firm decommission dates

The #FBI joins the country in remembering and honoring the victims of the bombing of the World Trade Center on February 26, 1993. Learn about the #FBI investigation and our efforts to seek justice in their honor at fbi.gov/history/famous…

Operation Winter Shield Step 2: Implement a risk-based vulnerability management program Why: Adversaries often exploit known vulnerabilities that remain unaddressed due to a lack of ownership, an undefined mitigation process, and unclear deadlines for resolution. ■ Maintain a complete asset inventory with owners and business criticality. ■ Set remediation timelines based on risk; critical systems should be measured in days, not months. ■ Use authenticated internal scans to reflect actual configurations. ■ Document exceptions with compensating controls and fixed completion dates.

Operation Winter Shield Adopt phish-resistant authentication Step 1: Why: Many breaches start with stolen passwords. Phish-resistant methods make it significantly harder for attackers to gain access. ■ Prioritize administrators, executives, and other high-impact accounts. ■ Deploy phish-resistant methods (FIDO2 compliant security keys or device-bound passkeys) for authentication, remote access, and critical systems. ■ If authenticator apps are used, require number-matching and domain display; avoid push-only approvals. ■ Eliminate SMS based multi-factor and disable legacy authentication methods

One year ago, I was honored to be confirmed as the 9th Director of the @FBI. Every day since, under President Trump, we’ve worked 24/7 to help deliver the safest America on record - with historic results. Mission first.

#ICYMI The #FBI, CISA, and UK’s National Cyber Security Centre (NCSC) released a joint advisory on reducing the attack surface for end-of-support (EOS) edge devices. Hostile nation-state actors exploit EOS edge devices to gain network access, maintain presence, and compromise sensitive data. EOS edge devices pose significant risks for organizations because threat actors can exploit unresolved security gaps. To stay ahead of threats like this, it is vital for organizations to track and retire end-of-life technology, which is one of Operation Winter SHIELD’s 10 Key Defenses. We encourage organizations to follow the mitigations outlined at ic3.gov/CSA/2026/26020… and learn more about Operation Winter SHIELD at fbi.gov/wintershield.

For over 20 years, criminals operated proxy services known as 5Socks and Anyproxy that were built entirely on hacked end-of-life home and business routers. The operators made $46 million selling access to anyone who wanted to hide their identity online, and the router owners never knew their devices had been compromised. In 2025, the #FBI and international partners dismantled the botnet and indicted four foreign nationals. If your router no longer receives security updates, it is not just outdated – it may already be working for someone else. Old technology is not just inefficient, it is dangerous, and attackers actively scan for and exploit outdated, unpatched systems. Learn more about protecting yourself at fbi.gov/wintershield.