Cyber Connections News Roundup: March 24

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

March 24, 2020

Bipartisan Committee Delivers Cybersecurity Roadmap

According to a recent report on www.securityboulevard.com, on March 11 the Cybersecurity Solarium Commission, a bipartisan committee, released a new U.S. strategy that outlines steps to reshape the U.S.’s approach to cybersecurity and prepare for resiliency and response before a major cyber incident occurs. The report focuses on action, featuring numerous recommendations addressing organizational, policy, and technical issues. A concluding appendix features draft bills that Congress can rapidly act upon to put these ideas into practice and make America more secure. Read more.

Cybersecurity Risks Increase as More Employees and Students Go Online

A recent article on www.theatlantavoice.com highlights how the dramatic expansion of teleworking by U.S. schools, businesses and government agencies in response to the Coronavirus is raising questions about the capacity and security of the tools many Americans use to connect to vital workplace systems and data. As citizens increasingly log on from home, they are melding their personal technology with professional tools at unprecedented scale. Employers, already concerned about capacity, must now also address the issue of people introducing new potential vulnerabilities into their routines. Read more.

Cybersecurity Experts Band Together to Protect Hospitals

According to an article on www.cyberscoop.com, a recent attack on a hospital inspired experts in the infosec community to get involved. After a cyber attack on a Czech hospital last week, cybersecurity professionals from companies in Israel, Europe and North America banded together in their spare time to send threat data to medical organizations to protect them from hackers trying to exploit the COVID-19 crisis. “If anyone is sick enough to use this global crisis to conduct cyber attacks, we need to try to stop them,” said Ohad Zaidenberg, an Israel-based cyber threat researcher. Zaidenberg assembled the ad-hoc group of around 70 malware hunters to gather data on COVID-19-related hacking. Read more.

Can AI Bridge the Cybersecurity Skills Gap?

A recent article on https://analyticsindiamag.com considers artificial intelligence can be the cure to our cybersecurity challenges, or will it make the skills gap even worse with the changing landscape? The 2019/2020 Official Annual Cybersecurity Jobs Report sponsored by Herjavec Group estimates that there will be 3.5 million unfilled cybersecurity jobs globally by the year 2021. AI could serve as an effective way to streamline the identification, analysis, investigation, and prioritization of security alerts. Through the use of AI and analytics techniques, businesses can also create supervised learning, graph analytics, and reasoning processes, along with leveraging the power of AI to automate the data-mining process. Read more.

HHS Adopts a “People Centric” Approach to Cybersecurity

According to a recent article on https://federalnewsnetwork.com, the National Institutes of Health is taking a “people-centric approach” to protecting one of the largest government bureaucracies. Through its Optimize IT Security effort, one of eight programs launched throughout Department of Health and Human Services to increase the efficiency and effectiveness of its operations, NIH aims to empower employees with the information they need to identify suspicious behavior, such as phishing emails, and make employees feel comfortable reporting these anomalous activities to cyber personnel. NIH has identified 13 different user groups across the enterprise with access its networks, and is tailoring cyber-awareness approaches to positions such as clinicians, researchers, scientists and emergency management personnel. Read more.

Cyber Connections News Roundup: March 10

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

March 10, 2020

UMGC Faculty Weigh in on the Challenge of Protecting Health Data Privacy

In a recent article on www.medicaltechnologyschools.com, faculty experts from University of Maryland Global Campus (UMGC) offered their insights into the relationship between health data and privacy, namely that with further IoT integration, the problem may be exacerbated. According to Dr. Mohammad Bajwa, program chair of the health informatics administration program at UMGC, “The security question is baked into the tech itself, as each individual device in the IoT becomes a potential point of vulnerability.” James Robertson, program director of Cyber DevOps at UMGC added, “With the right design and implementation, IoT can mitigate data interoperability and data privacy issues.” Read more.

FDA Warns of Potential Cybersecurity Risk in Certain Medical Devices

According to a March 3 news release from the Food and Drug Administration, a new set of cybersecurity vulnerabilities, referred to as “SweynTooth,” may pose a risk to certain medical devices using the wireless communication technology known as Bluetooth Low Energy (BLE). BLE allows two devices to “pair” and exchange information to perform their intended functions while preserving battery life and can be found in medical devices as well as other devices, such as consumer wearables and Internet of Things (IoT) devices. These cybersecurity vulnerabilities may allow an unauthorized user to wirelessly crash the device, stop it from working, or access device functions normally only available to the authorized user. Read more.

Experts Sound the Alarm On 5G Security

A recent article on www.techtarget.com argues that regulation and strong proactive measures are necessary to protect 5G networks from cyber attacks, and that the responsibility falls on businesses and governments. As manufacturers such as Nokia, Samsung, and Cisco continue to develop, or plan to develop, 5G enterprise solutions, devices in the workplace already operating on a 5G network, and using IoT devices without a private 5G network or adequate technical knowledge could put organizations’ and their employees’ privacy at risk. Read more.

Rollout of Online Census Questionnaire Raises Fear of Cyber Threats

Beginning on March 12, households will participate in the once-a-decade national census by visiting www.my2020census.gov to complete the online questionnaire. According to a recent report on www.npr.com, the Census Bureau is expecting about six out of 10 households to fill out the form online. But the planned public debut for the online census form comes amidst heightened concerns about cybersecurity risks. Lawmakers fear that a problem with the upcoming digital rollout could undermine public trust in data that carry at least a decade’s worth of implications across the U.S. Read more.

First Open Source Messaging Framework for Security Tools Launched

According to an article on www.zdnet.com, on Feb. 24, the Open Cybersecurity Alliance (OCA), a consortium of cybersecurity vendors including IBM, Crowdstrike, and McAfee announced OpenDXL Ontology, the first open source language for connecting cybersecurity tools through a common messaging framework. OpenDXL Ontology aims to create a common language between cybersecurity tools and systems by removing the need for custom integrations between products that can be most effective when communicating with each other, such as endpoint systems, firewalls, and behavior monitors, but suffer from fragmentation and vendor-specific architecture. Read more.

Cyber Connections News Roundup: Feb. 25

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

February 25, 2020

Data Science Tools Are Helping Cybersecurity Teams Identify Threat Patterns

A recent article on www.ciodive.com offers insight into the trend of using data science tools to help security operation centers (SOCs) identify attack patterns and increase the chances of detecting threats. The trend is driven by the increase of cheap computing power afforded by the cloud, and the need for more sophisticated defenses against breaches. SOCs are using data science tools to enhance the speed and accuracy with which companies can identify threat patterns and where they lie. Read more.

Recent Ransomware Attack on Natural Gas Facility Serves as Warning to Industrial Companies

An article on www.cyberscoop.com reports that the Department of Homeland Security’s cybersecurity agency recently responded to a ransomware attack on a natural gas compression facility that led the organization to shut down its operations for two days. Hackers were able to encrypt data on the unnamed facility’s IT and “operational technology” network, a broad term for a network that oversees industrial processes. As a result, the facility shut down its various assets, including its pipelines, for two days, because it was longer able to read data coming from across its enterprise. Read more.

Accenture’s Upstream Oil and Gas Digital Trends Survey Results Demonstrate Emphasis on Cybersecurity

In related news, the oil and gas sector is investing aggressively in cybersecurity in an effort to protect assets and reputations, according to the recently released results of Accenture’s 2019 Upstream Oil and Gas Digital Trends Survey. In the global survey of 255 industry professionals, cybersecurity emerged as companies’ top investment focus, and the technology driving the greatest impact on business performance. The survey was conducted in early 2019 but the results were only published this month. “As oil companies’ operations come under increasing threat, cyber resilience becomes more important to stakeholders, consumers and government,” said Rich Holsman, a managing director at Accenture who leads the digital practice in the company’s Resources operating group. Read more.

Will the 2020 Census Be the Next Big Target for Hackers?

An article on www.washingtonpost.com details how lawmakers are growing concerned about hacking dangers targeting the 2020 Census after a watchdog detailed a number of cybersecurity challenges that should have been addresses already. A report released by the Government Accountability Office warns that the hacking danger could be compounded by social media misinformation spread by U.S. adversaries or pranksters falsely claiming that census data is corrupted or the count is rigged. Read more.

Tripwire Survey Sheds Light What Companies Are Doing to Bridge the Cybersecurity Skills Gap

Cybersecurity firm Tripwire recently announced the results a survey that examined how organizations and security pros are experiencing skills gap issues. The survey findings, based on the responses from 342 security professionals, revealed that 83 percent of respondents feel more overworked going into 2020 than they were in 2019. Moreover, according to the survey, 85 percent of respondents acknowledged that it became more difficult over the past few years to hire skilled cybersecurity professionals. Around 46 percent stated that they plan to use more managed services in 2020, and more than 50 percent of respondents said they will invest more cybersecurity training for their staff. Read more.

Cyber Connections News Roundup: Feb. 11

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

February 11, 2020

Iowa Caucuses Fall Victim to Faulty App

A recent article on www.ecommercetimes.com laid out the issues involved in the coding error an app used to count vote totals in the Democratic caucuses in Iowa delayed the release of final tallies. Although the data collected by the app was sound, it was reporting only a portion of that data to party headquarters due a coding issue with its reporting system, the party explained in a statement. As it turned out, the app, developed by Shadow, a company that builds political tools and platforms, was reporting only a portion of data to party headquarters due to the coding issue. It appears that the app was rushed to market without adequate testing. Bruce deGrazia, program chair for cybersecurity management and policy at the University of Maryland Global Campus in Adelphi, Maryland, quoted in the article, said, “It was tested for two months. It should have been tested for far longer than that.” He added, “You don’t bring something like this out in the middle of an election cycle.” Read more.

Pentagon Rolls Out New Cybersecurity Standards

The U.S. Department of Defense (DoD) recently published a new set of cybersecurity standards, known as the Cybersecurity Maturity Model Certification (CMMC) version 1.0, according to a recent article on www.cisomag.com. The new standards will require defense companies to adhere to a set of rules and mandates in order to do business with the DoD. The CMMC standards specify five different cybersecurity levels ranging from basic cyber hygiene requirements to detailed lists of security controls. Read more.

CISA Lacks Election Security Readiness, According to GAO Report

A recent article on www.cyberscoop.com sounds the alarm on election security, notably that the Cybersecurity and Infrastructure Security Agency (CISA), which provides state and local election officials with federal assistance, education and information sharing about how to safeguard U.S. voting infrastructure from possible interference has not created a clear plan to respond to possible Election Day security incidents. According to a recent Government Accountability Office (GAO) report, despite three years of work meant to improve security, CISA still is not well positioned to execute a nationwide strategy for securing election infrastructure prior to the start of the 2020 election cycle. Read more.

Cyber Criminals Are Taking Advantage of the Coronavirus to Spread Malware

A recent article on www.securitymagazine.com reports that cyber criminals are taking advantage of the coronavirus outbreak, and using it to spread malware. According to a new report by IBM X-Force Exchange, the practice of leveraging worldwide events by basing malicious emails on current important topics is common among cyber criminals. X-Force discovered the first campaign of this type, in which the outbreak of a biological virus is used as a means to distribute a computer virus. The emails appear to be sent by a disability welfare service provider in Japan, says IBM. The text briefly states that there have been reports of coronavirus patients in the Gifu prefecture in Japan and urges the reader to view the attached document. Read more.

Insider Threats Costing Companies Over $11 Million Annually

Proofpoint, Inc., a cybersecurity and compliance company, recently released Cost of Insider Threats 2020 Global Report, which identifies the costs and trends associated with negligent, compromised, and malicious insiders. The study found that, on average, impacted organizations spent $11.45 million annually on overall insider threat remediation and took 77 days to contain each incident. The report, commissioned with The Ponemon Institute and co-sponsored by IBM, surveyed nearly 1,000 IT and IT security practitioners across North America, Europe, Middle East, Africa, and Asia-Pacific. Read more.

 

Cyber Connections News Roundup: Jan. 28

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

January 28, 2020

Measuring Artificial Intelligence-Based Cybersecurity Readiness

A recent article on www.entrepreneur.com offers a look at how enterprises today can measure their readiness for adoption and implementation of artificial intelligence-based cybersecurity solutions. Because AI in the area of cybersecurity is relatively new, many organizations are hesitant to adopt it for their enterprises. As AI-based cybersecurity begins to pay dividends for some, it is wise to understand some parameters that can help gauge whether or not to make the leap into adoption. Read more.

Three Arrested in Indonesia for Magecart Attack

According to a report on www.cyberscoop.com, police in Indonesia have arrested three men accused of inserting malicious code into e-commerce websites to steal shoppers’ payment data, an emerging hacking technique known as a Magecart-style attack. Interpol announced on Jan. 27 it coordinated a law enforcement operation that identified hundreds of websites that had been infected with malicious software used to collect customers’ financial data and personal details. The Magecart attack relies on a malicious tool that attacks the JavaScript programming language, the digital equivalent of a “smash-and-grab robbery.” Read more.

A Rise in Crypto Wars Predicted at Word Economic Forum

A blog post on www.weforum.org, as part of the World Economic Forum’s annual meeting, predicts that more data will be created and collected than ever before, making policy attempts to protect this data more urgent. Data borders will continue to be drawn. As a result, crypto wars will proliferate as tech companies increasingly find it difficult to resist government calls for back doors to their systems. Moreover, as internet users increase in emerging economies the same challenges of disinformation and cyber attacks experienced in more cyber-advanced countries will occur, the article predicts. Read more.

Bezos Hack Signals Rise in Commercial Tools

An article on www.washingtonpost.com offers the Saudi hacking campaign (thought to have been orchestrated by the Saudi Crown Prince Mohammed bin Salman in 2018) compromised the cellphone of Amazon founder and Washington Post owner Jeff Bezos as an example of how even someone of Bezos’s stature can be hacked with off-the-shelf tools. The escalation in the way nations use commercial hacking tools is fueling calls from officials and experts to ban the international sale of spyware, according to the article. Read more.

Senate Bill Would Require State Cybersecurity Coordinators

According to a recent article on www.scmagazine.com, bipartisan legislation introduced in the Senate on January 17 would create a federal program to bolster response to cyber attacks in states by installing cybersecurity coordinators. Under the Cybersecurity State Coordinator Act, sponsored by Sens. Maggie Hassan, D-N.H., Gary Peters, D-Mich., John Cornyn, R-Texas and Rob Portman, R-Ohio, the program would fall under the umbrella of the Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and would facilitate threat information-sharing as well as boost coordination between state and federal governments. Read more.

2020 Cybersecurity Threats & Detection: An Interview with Two UMGC Cybersecurity Faculty Experts

As we enter the second decade of the 21st century, we enter a world that is more connected than ever before, and developments in technology are progressing faster than our ability to secure them. Michelle Hansen and Valorie King of the School of Cybersecurity and Information Technology at University of Maryland Global Campus offer their insights into the current threat landscape and what cybersecurity professionals need to do to defend against aggressive attacks.

In a recent blog post on http://www.forensicscolleges.com, a comprehensive directory of programs and careers in the fields of digital forensics and cybersecurity, Hansen and King share their insights into the technologies that are vulnerable to cyber attack, the influence of moral reasoning in cybersecurity, and which cybersecurity skills are most in demand.

“Cybersecurity threats and attacks have advanced at scale with the progressions of technology. With every new device and emerging telecommunications development come new vulnerabilities for exploitation.”

— Dr. Michelle Hansen, collegiate faculty, Information Systems Management at UMGC

“Cybercrime has become CaaS or Cybercrime-as-a Service. Exploit packages (pre-written applications used to attack systems and networks) have transitioned towards a Platform-as-a-Service model where attackers can rent time on computing infrastructures that support and deliver attacks.”

— Dr. Valorie King, program director, Cybersecurity Management and Policy at UMGC

Read the full interview.

Cyber Connections News Roundup: Jan. 14

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

January 14, 2020

Cyber Experts Warn of Threats After Iran Attacks

Many experts, including Dave Schroeder, a University of Wisconsin-Madison cybersecurity professor, predict that Iranian cyber bots or other foreign actors may retaliate following the recent attacks. In an interview on WMTV of Madison, Wisconsin, Schroeder, whose main focus is Iran cybersecurity, noted that in the immediate aftermath of the U.S. strike, “we saw Twitter start to be flooded with propaganda, misinformation, disinformation.” Schroeder said that cyber attacks took flight and pro-Iranian bots and trolls started spreading false narratives about the U.S. following the airstrike that killed Iran’s top general. Read more.

The Convergence of IT and OT Devices Ushers in Wave of New Risks

The rapid convergence of IT (internet technology) and OT (operational technology), which traditionally operated in two separate worlds, is creating cybersecurity gaps, according to a recent article on www.rfidjournal.com. Roughly 50 percent of industrial assets will be connected to some sort of network or Internet-based data-collection system by 2020, but because many OT systems were never designed for remote or Web access, not all connectivity exposures were considered, thus creating a major security challenge and operational risk that the manufacturing industry will need to address in 2020 and beyond. Read more.

New Voting Machines Vulnerable to Hacking

According to a Washington Post report, new voting machines that hundreds of districts will use for the first time in 2020 don’t have enough safeguards against hacking by Russia and other U.S. adversaries, according to a study from researchers at the University of Michigan. The study provides an independent review of the machines called ballot-marking devices, or BMDs, which at least 18 percent of the country’s districts will use as their default voting machines in November. The results, according to the Post article, are a major blow for voting machine companies and election officials, who have touted BMDs as a secure option in the wake of Russia’s 2016 efforts to compromise U.S. election infrastructure. Read more.

Latest Accenture Acquisition Signals Dominance in Managed Security Services Sector

Accenture Security plans to acquire Symantec’s Cyber Security Services business from Broadcom, according to multiple reports, including an article on www.infosecurity-magazine.com. No financial terms were disclosed regarding the acquisition, but the deal is expected to close in March 2020. The deal is the latest in a long line of acquisitions by Accenture Security in the threat intelligence and cybersecurity fields. Already in Accenture’s cyber-stable are déjà vu, Security, iDefense, Maglan, Redcore, Arismore, and FusionX. With this latest acquisition, Accenture Security will become one of the main players on the managed security services stage. Read more.

New Survey Offers Insight into Constraints in Cybersecurity Salaries

According to a report on https://securityboulevard.com, despite a shortage of cybersecurity expertise, a global salary survey of 1,324 cybersecurity professionals found nearly half the respondents (48%) earn less than $50,000 a year. Only 36% earn more than $70,000 a year, according to the survey, conducted by Cynet, a provider of tools for detecting breaches. The survey also found that cybersecurity professionals with the same level of experience generally make equivalent salaries regardless of whether they have a degree in computer science or a related engineering field. The report also noted that people who transitioned from an IT occupation to a cybersecurity position earned more than their peers who started out in cybersecurity. Read more.