Cyber Connections News Roundup: July 27

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

July 27

Keeping the Tokyo Olympics Cyber Safe

Law enforcement and cyber defenders are sounding alarms about possible cybersecurity attacks from Russia or elsewhere hitting the Summer Olympics, according to a recent article on www.washingtonpost.com. The FBI recently warned about the possibility of such an attack, asserting that hackers could disrupt live broadcasts, knock ticketing and other digital systems offline, steal and release athletes’ and teams’ personal data or even lock up critical Olympics tech and hold it for ransom. The warning comes after Russian hackers targeted the past two Olympic Games, seemingly in retaliation after the International Olympic Committee barred Russian athletes from competing under their country’s flag after a humiliating doping investigation. Read more.

House Passes Bipartisan Cybersecurity Bill on the Heels of Major Attacks

On Tuesday, July 20, the House passed five bipartisan cybersecurity bills designed to enhance the nation’s cybersecurity following recent major cyberattacks. According to a recent report on www.thehill.com, the package, passed in a 319-105 vote, included measures to fund cybersecurity at the state and local level, bolster reporting requirements and test critical infrastructure. One bill, the State and Local Cybersecurity Act, would establish a grant program to provide $500 million annually to state and local governments over the next five years for cybersecurity needs. Another, the Cybersecurity Vulnerability Remediation Act, would improve the reporting of cybersecurity vulnerabilities. Other bills in the package address critical infrastructure readiness and bulk power system readiness among other issues. Read more.

Cyberattacks Are Looking for Unpatched Software According to Recent Research

A recent article on www.thehindubusinessline.com points to unpatched software vulnerabilities as the root cause of the current rise in cyberattacks. These attacks are looking for publicly disclosed vulnerabilities for which a security update is yet to be installed. According to a recent report by cybersecurity firm Barracuda, which analyzed data from the attacks blocked by their systems over the past two months, Barracuda researchers identified hundreds of thousands of automated scans and attacks per day, with the numbers sometimes spiking into the millions. The data also points towards thousands of scans per day for the recently patched Microsoft and VMware vulnerabilities. Read more.

Seven Recommendations to Prevent Ransomware Attacks

An article on www.forbes.com offers seven tips that companies can use to prevent ransomware attacks. The top three recommendations are as follows: Start with an audit so that you can understand where your security vulnerabilities lie. Second, make sure you have sufficient cyber professionals working for you who are adequately trained. Companies need reliable resources and a staff that is equipped to respond quickly to attacks. Smaller companies can turn to a managed security service providers (MSSP) for round the clock service. And third, make sure you have a recovery action plan in place. If you execute office fire drills, then do the same for a cybersecurity emergency. Read more.

Nearly Half of Education Institutions Were Ransomware Targets Last Year

A recent survey of education IT professionals published by cybersecurity firm Sophos found that nearly half of all education institutions globally were targeted by ransomware in 2020, with 58% of those saying that cyber criminals succeeded in encrypting their data. As reported on www.edscoop.com, the company asked 499 education IT professionals about their organizations’ exposure to ransomware, with 44% of respondents saying they had been hit last year. Sophos also found that 33% of the education officials it interviewed said they expected to be victims in the future; 22% said they weren’t hit in 2020 and don’t expect to fall victim. Read more.

Cyber Connections News Roundup: July 13

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

July 13

Cybersecurity Training Is in Need of an Upgrade

Traditional cybersecurity training generally relies on a 30- to 60-minute session of basic training once a year, enhanced with email reminders and other reminders. According to a recent article on www.securitymagazine.com, this form of static training doesn’t work, mainly because it lacks agility and relevancy. What’s needed is a shift to mobile devices, a daily or weekly cadence, team and department interactions, specific industry relevant content, and, most notably, microlearning — training that is remembered. Just like one doesn’t go to the gym once a year to keep muscles fit, the mind is a muscle. Just like exercise, training daily and in small doses optimally helps maintain and improve performance. Read more.  

With a Return to a Hybrid Work Model Comes an Increased Threat to Cloud Security

A growing body of research indicates that a shift to a hybrid working models isn’t set to end as the pandemic recedes, according to a recent article on www.techerati.com. Cloud-based technologies will play a central role in enabling this hybrid future. But cyber attackers also see the growing usage of cloud technologies as an opportunity, according to a recent report from Netskope, a security cloud provider, that found as cloud activity increased, so too has the threat from cyberattacks. Read more.

Shared Responsibility is Key to Medical Device Cybersecurity

Medical device connectivity has helped patient care at healthcare facilities and in the home, according to a recent report on www.healthcareitnews.com. At the same time, these devices represent network vulnerabilities. Dr. Suzanne B. Schwartz, director of the Office of Strategic Partnerships and Technology Innovation at the U.S. Food and Drug Administration, says it will take collective action to address such vulnerabilities. “It has to be through partnership through collaboration, through recognition that we all have different roles to play, different types of expertise, different responsibilities,” she said. For its part, the FDA has a public-private partnership under its critical infrastructure protection program, which in turn houses the Healthcare Sector Cybersecurity Council. Read more.

A Cybersecurity Audit – Explained

Cybersecurity audits, according to a recent article on https://fedtechmagazine.com, are about assessing compliance. They allow organizations to assess whether or not they have the proper security mechanisms in place while also making sure they are in compliance with relevant regulations. It should be noted that cybersecurity audits differ from cybersecurity risk assessments, which explore an organization’s IT security protections and its ability to remediate vulnerabilities. Cybersecurity audits, rather, act as a checklist that organizations can use to validate their security policies and procedures. Moreover, cybersecurity audits should be conducted by a third-party vendor to eliminate any conflicts of interest. Read more.

Biden Administration Tackles Ransomware, Considers Banning Secret Payments

According to a recent report on www.cyberscoop.com, Anne Neuberger, the deputy national security adviser, said that that a joint FBI, U.S. Cyber Command and private sector effort like the one used to cripple the Trickbot botnet hacking tool used to disrupt the 2020 election, is the type of operation needed to tackle ransomware gangs in the future. Speaking at an event hosted by the Silverado Policy Accelerator, a nonprofit think tank, Neuberger said that before law enforcement can go fully target ransomware gangs, the U.S. government needs more “visibility” into their activity. That includes considering whether to prohibit companies from keeping ransomware payments secret. Read more.

Cyber Connections News Roundup: June 29

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

June 29

Cyber Insurance May Be Hurting Efforts to Quell the Proliferation of Ransomware Attacks

A recent article on www.zdnet.com suggests that cyber insurance may be helping perpetuate ransomware. Designed to protect organizations against the fallout of cyberattacks, some critics argue that insurance encourages ransomware victims to simply pay the ransom demand that will then be covered by the insurers, rather than have adequate security to deter hackers in the first place. Insurers argue that it’s the customer that makes any decision to pay the ransom, not the insurer. A recent paper by UK-based defense think tank Royal United Services Institute (RUSI). this practice isn’t just encouraging cyber criminals, it’s also not sustainable for the cyber insurance industry. Read more.

Russian SolarWinds Hackers Are at it Again

State-sponsored Russian hackers compromised a Microsoft customer support representative’s account, leveraging that access to try to hack other customers, according to a recent report on www.cyberscoop.com. The same group, which Microsoft calls Nobelium and is known as APT 29 and Cozy Bear, is the primary suspect in the SolarWinds attack, a hack in which spies also breached nine U.S. federal agencies and scores of technology companies. The alleged Russian hackers used information-stealing malware to infect a customer support machine, then used data found on that device to target IT companies, government agencies and non-government organizations and think tanks. Targets were in 36 countries. Learn more.

Blackberry Transforms its Business to Focus on Cybersecurity

According to a recent report on www.msspalert.com, Blackberry has reorganized its software and services business around the two groups — specifically, the Internet of Things (IoT) and cybersecurity. The IoT business unit involves such BlackBerry technologies as QNX, IVY, Certicom, Jarvis and Radar. Meanwhile, the cybersecurity business unit spans BlackBerry’s Spark endpoint security and endpoint management product, UEM, as well as AtHoc, the critical event management software, and Secusmart, secure voice and text product. Read more.

Bipartisan Bill Introduced to Promote Cybersecurity Literacy

A bipartisan group of U.S. House members introduced legislation to establish a cybersecurity literacy and public awareness campaign. According to a report on www.channelfutures.com, U.S. Rep. Adam Kinzinger of Illinois leads the cybersecurity literacy initiative. U.S. representatives of both parties from Florida, California, Texas and Pennsylvania are co-sponsoring the bill, called the American Cybersecurity Literacy Act. The legislation would require the National Telecommunications and Information Administration (NTIA) to establish a cybersecurity literacy campaign to help promote understanding of how to stay safe online and prevent successful cyberattacks. It would also include lessons on how to identify malicious phishing emails, the need to change passwords often and use multifactor authentication (MFA) on sensitive accounts. Read more.

Embracing Neurodiversity Will Help Close the Cybersecurity Skills Gap

A recent article on www.techcrunch.com explains how embracing neurodiversity can help address the cybersecurity skills gap and strengthening your own security team by embracing different minds and perspectives. Neurodiversity is a concept that views the spectrum of neurological differences —ADHD, autism, dyslexia, Tourette’s and other cognitive and developmental disorders — as natural variations of the human brain. The article argues that to have a chance at closing the cybersecurity skills gap, we would benefit from people with a variety of different abilities and thought processes. For example, many people with autism are pattern thinkers and are highly detail-oriented. This allows someone in a threat-hunting position to find those subtle differences between malicious and non-malicious code and catch the threats that automated tools might miss. Read more.

Cyber Connections News Roundup: June 15

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

June 15

UMGC Ahead of the Field in Emerging Cyber Accounting Field

According to a recent article on the University of Maryland Global Campus Global Media Center, cybersecurity and IT experts are working alongside a new breed of accountants with the technological and financial training to assess risk and help combat cyber threats. “Public accountants have a huge volume of financial data that belongs to their clients,” said Dr. Sharon L. Levin, professor of accounting at University of Maryland Global Campus (UMGC). “If you are a management accountant, working for an individual company such as Apple, IBM or Target, you are responsible for implementing internal controls to protect corporate assets,” she added. “The skill set that accountants possess is a natural fit for cyber audits,” said Bruce deGrazia, professor of Cybersecurity Management and Policy at UMGC. Read more.

Inglis Closes in on Cyber Director Appointment

According to a recent report on www.washingtonpost.com, congress is close to confirming the Chris Inglis as the first-ever national cyber director. Inglis faced a confirmation hearing on June 11 before the Senate Homeland Security and Governmental Affairs Committee — the first step in what is likely to be an easy path to confirmation. If confirmed, he will be responsible for recovering from a massive Russian theft of data and a scourge of ransomware attacks against vital U.S. infrastructure. Inglis comes to the job after a nearly three-decade tenure at the National Security Agency, including as deputy director. Since leaving the NSA, he’s taught at the U.S. Naval Academy and served on the boards of FedEx and Huntington Bancshares. Read more.

Misinformation Now Poses a Threat to Cybersecurity

Warnings of misinformation are common on Facebook and Twitter, but now pose a new threat to scientific and technical fields such as cybersecurity, public safety, and medicine, according to an article on www.inputmag.com. There is growing concern that it is now possible for artificial intelligence systems to generate false information in critical fields like medicine and defense that is convincing enough to fool experts. For example, artificial intelligence models, called “transformers,” which help Google and other companies improve their search engines, can also generate false cybersecurity misinformation to cybersecurity experts for testing, thus fooling them. Read more.

U.S. Coast Guard to Create Cybersecurity Red Team

According to a recent article on www.fedtechmagazine.com, a Coast Guard official indicated that the service branch would create its first cybersecurity “red team” as part of its approach to IT security. In a red team exercise, the red team acts as an adversary attempting to identify and exploit potential weaknesses within the organization’s defenses by using sophisticated attack techniques. Additionally, according to the article, the Coast Guard is turning its cybersecurity “blue team” unit into a more holistic IT security outfit called the Cyber Operational Assessments Branch. The red team is being launched this summer. Read more.

Cybersecurity Needs a New Market Model

A recent article on www.techtarget.com makes a case for a new cybersecurity market model, one based on efficacy. The article argues that in a fast-paced cyber threat landscape, organizations often buy new technology solutions without being able to fully assess their efficacy and then must move on to new problems before they have a chance to optimize the new tools. A new model for acquiring cybersecurity tools based on efficacy will help buyers gain visibility into available technologies and base their purchasing decisions on detailed assessments of how well those technologies do what they’re supposed to do. Read more.

Cyber Connections News Roundup: June 1

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

June 1

White House Budget Calls for Improved Cybersecurity

According to a report on www.nextgov.com, the White House is asking Congress to appropriate $9.8 billion for federal agencies to improve their cybersecurity, about $1.2 billion more than the administration estimates civilian agencies will spend on cybersecurity in 2021, a 14% increase. The budget proposal to improve the government’s cybersecurity, which repeatedly mentions the SolarWinds hacking campaign that compromised nine federal agencies and hundreds of private-sector companies, is closely tied to efforts to modernize its information technology. Read more.

Ransomware Shakes Up Cyber Insurance Market

A recent report on www.cyberscoop.com discusses the rise in insurance premiums due to the growing number of cybersecurity incidents, notably the proliferation of ransomware attacks. According to a recent Government Accountability Office (GAO) report, insurers are reducing cyber coverage limits for certain riskier industry sectors. According to a recent survey conducted by the Council of Insurance Agents and Brokers (CIAB), more than half of the brokers surveyed said that their clients saw premiums increase between 10% and 30% in late 2020, the report noted. Read more.

DHS to Issue First Cybersecurity Regulations for Pipelines

According to a recent report on www.washingtonpost.com, the Department of Homeland Security is moving to regulate cybersecurity in the pipeline industry for the first time to prevent a repeat of the ransomware attack that crippled the East Coast’s fuel supply. The Transportation Security Administration, a DHS unit, will issue a security directive this week requiring pipeline companies to report cyber incidents to federal authorities. It will follow up with a more robust set of mandatory rules for how pipeline companies must safeguard their systems against cyberattacks and the steps they should take if they are hacked. Read more.

SolarWinds Hackers Behind Phishing Campaign Impersonating USAID

The Russian spies who exploited SolarWinds software to infiltrate U.S. government agencies have recently launched a phishing campaign aimed at some 150 organizations in 24 countries, according to a recent report on www.cyberscoop.com. The suspected hackers posed as the U.S. Agency for International Development (USAID), a government agency that funds aid projects around the world, to target some 3,000 individual accounts in a blitz of phishing emails since May 25. Read more.

Airports to Become Fastest Growing Critical Infrastructure Facility Sector for Cybersecurity Spending

Frost & Sullivan’s recent analysis finds that critical infrastructure facilities have become increasingly viable threat targets, as they are highly vulnerable to major operational disruptions and cyber incidents. The global critical infrastructure cybersecurity marketsegmented into oil and gas facilities, utilities (electric and water), maritime (ports and entry points), and airports—is estimated to reach $24.22 billion by 2030 from $21.68 billion in 2020. The study includes growth drivers, customer priorities, and spending forecasts across verticals and regions. Airports, according to the company’s analysis, will prove to be the fastest-growing facility with cybersecurity spending is expected to reach $1.87 billion by 2030. Read more.

Cyber Connections News Roundup: May 18

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

May 18

U.S. Government Acts in Wake of Colonial Pipeline Attack

The Biden administration announced an executive order that contains sweeping improvements to the nation’s cybersecurity defenses, according to a recent article on www.cpomagazine.com. The executive order, a response to the Colonial Pipeline incident that impacted states along the southern and eastern coast, echoes themes established in the recent proposal of a ransomware task force, calling for increased partnership with the private sector along with significant investments. One measure calls for the sharing of threat information, as IT and OT service providers often have contracts that prevent them from sharing information about cybersecurity breaches with other agencies. Read more.

DHS Plans to Hire 200 Cyber Professionals In Response to Recent Attacks

A recent article on www.workscoop.com reports that the Department of Homeland Security (DHS) plans to hire 200 new cybersecurity professionals by July as the Biden administration aims to curb ransomware attacks affecting U.S. corporations, as well as foreign espionage operations. In a speech May 12, Homeland Security Secretary Alejandro Mayorkas said the cyber recruiting was part of “the most significant hiring initiative” that DHS has undertaken in its 18-year history. Half of the new jobs will be with DHS’s Cybersecurity and Infrastructure Security Agency (CISA) and the other half will be with other DHS agencies that work on cybersecurity. Read more.

Metropolitan Police Department Hackers Claim to Release Data After Ransom Remains Unpaid

According to a recent article on www.forbes.com, hackers who broke into the Washington, D.C., Metropolitan Police Department, locked up files and demanded $4 million in return for not leaking the agency’s data, have now released what they claim is the full batch of documents they stole. The Babuk ransomware crew said it amounted to a huge 250GB trove of files, including a “gang database” and masses of personal data of police personnel and informers. The Metropolitan Police Department (MPD) declined to comment, though it has previously acknowledged an attack on its IT systems and has brought in the FBI to assist with the investigation. Babuk first started leaking data in April. Read more.

Cyber Attackers Continue to Exploit Security Gaps from COVID019

A recent article on https://manufacturingglobal.com highlights the need for companies to protect IP from cyberattacks. As the fallout from the SolarWinds attack and the recent Colonial Pipeline attack dominate the news, the applications companies use for day-to-day operations can be turned into malicious programs by nefarious actors. And the cost of each breach for manufacturers is now greater than $1M according to Manufacturers Alliance for Productivity & Innovation (MAPI). According to the article, researchers say that manufacturers have already experienced an 11% increase in attacks and intrusions on their networks in 2020 than all of 2019. Read more.

Florida Homecoming Queen Accused of Hacking Computer System to Win

According to an article on www.cyberscoop.com, a teenager accused of gaining unauthorized access to school computer systems in order to rig a homecoming queen contest with her mother will stand trial as an adult, and could spend 16 years in prison if convicted. Emily Grover, who turned 18 in April but who was arrested in March, when she was 17, faces four charges alongside her mother, Laura Carroll. The pair allegedly schemed to cast hundreds of fraudulent votes in the homecoming contest, an election that Grover ultimately won. The Florida teen and her mother each face charges of offenses against users of computers, computer systems, computer networks, and electronic devices; unlawful use of a two-way communications device; criminal use of personally identifiable information; and conspiracy to commit these offenses. Read more.

Cyber Connections News Roundup: May 4

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

May 4

Justice Department Conducts Review of Cybersecurity Strategies

Deputy Attorney General Lisa Monaco said on April 30 at the Munich Cyber Security Conference that the Justice Department will review its approach to combatting malicious cyber activity from foreign governments and criminals, according to a recent report on www.cyberscoop.com. The review of Justice Department policies will cover the cryptocurrencies that cybercriminals use to cash in on ransomware, among other threats. The policy review is an acknowledgement that cyberthreats to U.S. businesses and government agencies remain unrelenting. Read more.

Will a Civilian “Cybersecurity National Guard” Help Combat Vulnerabilities?

According to a recent article on https://securityboulevard.com, some lawmakers want to create a National Guard-like program to address growing cybersecurity vulnerabilities faced by the U.S. government. Much like a civilian cybersecurity reserve, the program would be voluntary and by invitation only. This would allow our national security agencies to have access to the qualified, capable, and service-oriented American talent necessary to respond when an attack occurs. Read more.

Eight Virginia Universities Plan Cybersecurity Research Projects

Researchers from eight Virginia universities will soon take part in $1 million worth of state-funded cybersecurity and autonomous vehicle-focused research projects through a statewide research initiative, according to a recent report on www.edscoop.com. The universities involved — George Mason University, Longwood University, Marymount University, Old Dominion University, Radford University, University of Virginia, Virginia Tech and William and Mary — will focus their projects on different aspects of the cybersecurity workforce, including bio-cybersecurity and autonomous vehicle cybersecurity. The slate of projects will be funded through the Commonwealth Cyber Initiative. Read more.

Cybersecurity Studies Gaining Traction in Higher Education Institutions

While big tech companies such as IBM, with its IBM Skills Academy, are investing in IT career development in higher education, higher ed institutions of all sizes have used internal and external funds to create new cybersecurity and IT career programs to produce the professionals needed in today’s digital workforce, according to a recent article on www.govtech.com. In the past two months, the University of Hawaii announced new cybersecurity internships, Benedict College in South Carolina added a master’s degree extension of its cybersecurity program, Maryland’s Frostburg State University received grant money for cybersecurity workforce training and New York’s LaGuardia Community College announced accelerated education courses in cybersecurity. Read more.

D.C. Police Department Victim of Ransomware Leak

According to a recent article on www.statescoop.com, files belonging to the Washington, D.C., Metropolitan Police Department appeared April 24 on a leak site affiliated with a relatively new form of ransomware. Actors associated with the Babuk malware, which was first identified earlier this year, claimed to have stolen upward of 250 gigabytes of data from D.C. police, including police reports, arrest records, internal memos and documents shared with other authorities, like the FBI. It is likely the incident involving the 4,000-officer D.C. police department was more likely a crime of opportunity than a deliberate attack on the nation’s capital. Read more.

Cyber Connections News Roundup: April 20

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

April 20

FIN7 Administrator Sentenced to Prison

According to a recent report on www.cyberscoop.com, a U.S. federal judge on April 16 sentenced Fedir Hladyr to 10 years in prison for his alleged role as an administrator of the multibillion-dollar cybercrime group known as FIN7, which has breached hundreds of U.S. firms. FIN7, one of the most formidable cybercriminal groups of recent history, allegedly siphoned off millions of credit card numbers from restaurant and hospitality chains in 47 U.S. states. Hladyr allegedly controlled an instant messaging service that the crime group used to upload stolen payment card data and screenshots from hacked financial firms. Read more.

Promoting Diversity Is Key to Closing the Jobs Gap

The shortage of cybersecurity professionals in the U.S., which is only expected to grow, according to a recent article on www.washingtonpost.com, has encouraged government officials to ramp up their efforts to address barriers surrounding diversity. In a recent speech Department of Homeland Security Secretary Alejandro Mayorkas said the agency plans to launch a diversity and workforce development initiative in the coming months. The plan includes equal access to professional development opportunities to fill the current half-million cyber vacancies across our country and to prevent future shortages that threaten our ability to compete. Read more.

Wind Energy Latest Concern Among Cybersecurity Experts

In a recent opinion piece on www.theepochtimes.com, Bonner Cohen, senior fellow at the National Center for Public Policy Research, warns that by announcing its intention to increase the dependence of the American energy grid on renewable sources such as wind, the Biden administration may also be increasing the threat of cyber attacks on infrastructure by random hackers and hostile governments such as Communist China. Cohen said that the more wind installations that come into service, the more cybersecurity challenges their integrated control systems and related technologies will pose. As tensions rise between the United States and China, a growing Chinese presence in the wind power industry could end up becoming a national cybersecurity threat. Read more.

Recent Annual Threat Assessment Report Pins SolarWinds Attack Squarely on Russia

The Office of the Director of National Intelligence released its Annual Threat Assessment on April 13. A recent article on www.cyberscoop.com breaks down that report, noting that the intelligence communitymade its most direct public attribution, yet that Russia perpetrated the SolarWinds attack in order to facilitate a sweeping espionage operation, impacting hundreds of companies and U.S. federal agencies. Specifically, and without directly naming SolarWinds, the report said that a Russian software supply chain operation against a US-based IT firm exposed approximately 18,000 customers worldwide, including enterprise networks across US Federal, state, and local governments. Under the Trump, the intelligence community had stated that the operation was “likely” Russian in origin. Read more.

Democrats Reintroduce IoT Bill

According to a recent article on www.msspalert.com, Democrats have reintroduced the Cyber Shield Act, a bill to legislate cybersecurity into Internet of Things (IoT) devices. The bill calls for a voluntary certification program that would allow manufacturers to verify their connected devices as hacker proof. The bill was first introduced in 2017 and again in 2019, with this latest attempt again sponsored by Senator Edward J. Markey (D-MA) and Congressman Ted Lieu (D-CA). The Act establishes cybersecurity benchmarks for IoT devices based on standards set by an advisory committee of cybersecurity experts from academia, industry, consumer groups, government and the public. Read more.

Cyber Connections News Roundup: April 6

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

April 6

University of California Latest Victim of Accellion Attack

The University of California learned recently that it, along with other universities, government agencies, and private companies throughout the country, was subject to the cybersecurity attack involving the use of Accellion, a vendor used by many organizations for secure file transfer. According to a recent report on https://ucnet.universityofcalifornia.edu, upon learning of the attack UC reported the incident to federal law enforcement, took measures to contain it, and began an investigation. At this time, UC believes the attack only affected the Accellion system and did not compromise other UC systems or networks. Read more.

HHS Secretary Mayorkas Promises Improvements to Country’s Cyber Defenses

In recent remarks related to cybersecurity, Homeland Security Secretary Alejandro Mayorkas pledged to harness federal resources to improve public and private cyber defenses. According to a recent report on www.cyberscoop.com, Mayorkas expressed alarm at the steady stream of ransomware incidents hampering state and local governments and U.S. businesses during the coronavirus pandemic. Mayorkas pledged to improve nearly every major facet of DHS’s cybersecurity work. Part of this work will come through an executive order President Joe Biden is expected to release soon. Read more.

“Hacktivists” Seeking Political Points Pose Emerging Threat

A recent article on https://wtvbam.com highlights a new wave of “hactivism,” whereby ideologically motivated entities such as hacktivists, leaktivists, and public disclosure organizations are now viewed as significant threats. Three major hacks show the power of this new wave of “hacktivism,” according to the article. The exposure of AI-driven video surveillance being conducted by the startup Verkada, a collection of Jan. 6 riot videos from the right-wing social network Parler, and disclosure of the Myanmar military junta’s high-tech surveillance apparatus. The U.S. government has demonstrated that it regards the uptick in hacktivism with alarm. An indictment last week accused 21-year-old Tillie Hottmann, a Swiss hacker who took credit for the Verkada breach, of a broad conspiracy. Read more.

National Cybersecurity Center to Offer Training to State Governments

According to a recent article on www.statescoop.com, the nonprofit National Cybersecurity Center recently introduced a new program to offer training sessions on cyber hygiene and IT security to elected officials in state governments and their staff members. The program will feature virtual briefings, on-demand workshops and other materials addressing not only good online safety measures, but also an overview of the many different cyberthreats state and local government face. The training series is backed in part by Google, which recently expanded its election-security products after offering them to campaigns and candidates last year. Read more.

Canada Addresses Growing Cybersecurity Threat to Agricultural Sector

A recent article on www.hstoday.us reports that Canada plans to invest more than CA$500,000 over four years to the Community Safety Knowledge Alliance for its Cyber Security Capacity in Canadian Agriculture project. This project will contribute to enhancing agricultural critical infrastructure protection in Canada by assessing the cybersecurity capacity of the Canadian agricultural sector and engaging with Canadian farm operators and other stakeholders to promote awareness and develop resources related to cybersecurity of farming operations. Read more.

Cyber Connections News Roundup: March 23

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

March 23

FBI Reports $4 Billion in Cybercrime Losses for 2020

In a new report, the Federal Bureau of Investigation claims that Americans reported $4.2 billion in losses as a result of cybercrime and internet fraud to the FBI in 2020, a roughly 20% increase in the money known to be lost to scammers in 2019. According to a www.cyberscoop.com report, the FBI’s Internet Crime Complaint Center, the organization through which U.S. citizens and businesses report financial losses from hackers, received an average of more than 2,000 complaints per day through 2020. The uptick in crime reporting was driven largely by business email compromise (BEC), ransomware attacks and widespread technology support scams, in which fraudsters impersonate customer support representatives from tech firms or financial institutions, only to dupe victims into sending wire transfers. Read more.

New Infographic Highlights Cyber Scams During COVID-19

The global spread of coronavirus has also brought about a cyber pandemic, according to a new infographic on www.greycampus.com. The career skills and certification provider offers insights into how cyber incidents and security events brought in an exponential change in the cybersecurity landscape in 2020. Some of the different kinds of pandemic-related scams that took place in 2020 and caused disruption include: information stealing; malware and ransomware attacks; vulnerabilities around work from home; and scams related to fake products. Read more.

Vaccine Card Selfies Are a Bad Idea According to Cyber Experts

As more people get vaccinated for COVID-19, it has become popular to post on social media a picture of the vaccination record card. Not a good idea, says cybersecurity experts. According to a recent article on www.wfla.com, experts say your face is fine, but the card gives criminals more information than you know, including geolocation tagging, time of day, your house, where you live, where you work, etc. Even if you’re blocking out or blurring information you think is relevant, you could be providing thieves the pieces of information they need to complete your profile. Read more.

Are Federal Agents Prepared for the Next SolarWinds Attack?

During the March 18 testimony before the Senate Homeland Security and Governmental Affairs Committee on federal cybersecurity weaknesses, Brandon Wales, acting director of the Cybersecurity and Infrastructure Security Agency (CISA) told senators on that federal defenses simply aren’t aligned properly to detect advanced attackers. According to a recent report on www.cyberscoop.com, Wales warned that you can only secure what you can see and that historically our system of protection has largely relied on sensors at the perimeter of networks that are designed to be fed by information from the private sector. Hackers have advanced to the point where they are moving from server to server within the U.S. to avoid getting caught. Read more.

Buffalo Schools Shuttered Due to Ransomware Attack

The Buffalo public school system is the latest victim in a growing number of cyberattacks targeting school districts across the U.S. According to an article on https://buffalonews.com, the school district disclosed late afternoon on March 12 stating that it was a victim of a ransomware attack. It was unclear if personal information was stolen from the district’s networks. All classes — remote and on-site — were cancelled for March 15 and 16, 2021, so that the school district can stress-test various recovery steps and associated applications. Read more.