Cyber Connections News Roundup: June 1

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

June 1

White House Budget Calls for Improved Cybersecurity

According to a report on, the White House is asking Congress to appropriate $9.8 billion for federal agencies to improve their cybersecurity, about $1.2 billion more than the administration estimates civilian agencies will spend on cybersecurity in 2021, a 14% increase. The budget proposal to improve the government’s cybersecurity, which repeatedly mentions the SolarWinds hacking campaign that compromised nine federal agencies and hundreds of private-sector companies, is closely tied to efforts to modernize its information technology. Read more.

Ransomware Shakes Up Cyber Insurance Market

A recent report on discusses the rise in insurance premiums due to the growing number of cybersecurity incidents, notably the proliferation of ransomware attacks. According to a recent Government Accountability Office (GAO) report, insurers are reducing cyber coverage limits for certain riskier industry sectors. According to a recent survey conducted by the Council of Insurance Agents and Brokers (CIAB), more than half of the brokers surveyed said that their clients saw premiums increase between 10% and 30% in late 2020, the report noted. Read more.

DHS to Issue First Cybersecurity Regulations for Pipelines

According to a recent report on, the Department of Homeland Security is moving to regulate cybersecurity in the pipeline industry for the first time to prevent a repeat of the ransomware attack that crippled the East Coast’s fuel supply. The Transportation Security Administration, a DHS unit, will issue a security directive this week requiring pipeline companies to report cyber incidents to federal authorities. It will follow up with a more robust set of mandatory rules for how pipeline companies must safeguard their systems against cyberattacks and the steps they should take if they are hacked. Read more.

SolarWinds Hackers Behind Phishing Campaign Impersonating USAID

The Russian spies who exploited SolarWinds software to infiltrate U.S. government agencies have recently launched a phishing campaign aimed at some 150 organizations in 24 countries, according to a recent report on The suspected hackers posed as the U.S. Agency for International Development (USAID), a government agency that funds aid projects around the world, to target some 3,000 individual accounts in a blitz of phishing emails since May 25. Read more.

Airports to Become Fastest Growing Critical Infrastructure Facility Sector for Cybersecurity Spending

Frost & Sullivan’s recent analysis finds that critical infrastructure facilities have become increasingly viable threat targets, as they are highly vulnerable to major operational disruptions and cyber incidents. The global critical infrastructure cybersecurity marketsegmented into oil and gas facilities, utilities (electric and water), maritime (ports and entry points), and airports—is estimated to reach $24.22 billion by 2030 from $21.68 billion in 2020. The study includes growth drivers, customer priorities, and spending forecasts across verticals and regions. Airports, according to the company’s analysis, will prove to be the fastest-growing facility with cybersecurity spending is expected to reach $1.87 billion by 2030. Read more.

Cyber Connections News Roundup: May 18

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

May 18

U.S. Government Acts in Wake of Colonial Pipeline Attack

The Biden administration announced an executive order that contains sweeping improvements to the nation’s cybersecurity defenses, according to a recent article on The executive order, a response to the Colonial Pipeline incident that impacted states along the southern and eastern coast, echoes themes established in the recent proposal of a ransomware task force, calling for increased partnership with the private sector along with significant investments. One measure calls for the sharing of threat information, as IT and OT service providers often have contracts that prevent them from sharing information about cybersecurity breaches with other agencies. Read more.

DHS Plans to Hire 200 Cyber Professionals In Response to Recent Attacks

A recent article on reports that the Department of Homeland Security (DHS) plans to hire 200 new cybersecurity professionals by July as the Biden administration aims to curb ransomware attacks affecting U.S. corporations, as well as foreign espionage operations. In a speech May 12, Homeland Security Secretary Alejandro Mayorkas said the cyber recruiting was part of “the most significant hiring initiative” that DHS has undertaken in its 18-year history. Half of the new jobs will be with DHS’s Cybersecurity and Infrastructure Security Agency (CISA) and the other half will be with other DHS agencies that work on cybersecurity. Read more.

Metropolitan Police Department Hackers Claim to Release Data After Ransom Remains Unpaid

According to a recent article on, hackers who broke into the Washington, D.C., Metropolitan Police Department, locked up files and demanded $4 million in return for not leaking the agency’s data, have now released what they claim is the full batch of documents they stole. The Babuk ransomware crew said it amounted to a huge 250GB trove of files, including a “gang database” and masses of personal data of police personnel and informers. The Metropolitan Police Department (MPD) declined to comment, though it has previously acknowledged an attack on its IT systems and has brought in the FBI to assist with the investigation. Babuk first started leaking data in April. Read more.

Cyber Attackers Continue to Exploit Security Gaps from COVID019

A recent article on highlights the need for companies to protect IP from cyberattacks. As the fallout from the SolarWinds attack and the recent Colonial Pipeline attack dominate the news, the applications companies use for day-to-day operations can be turned into malicious programs by nefarious actors. And the cost of each breach for manufacturers is now greater than $1M according to Manufacturers Alliance for Productivity & Innovation (MAPI). According to the article, researchers say that manufacturers have already experienced an 11% increase in attacks and intrusions on their networks in 2020 than all of 2019. Read more.

Florida Homecoming Queen Accused of Hacking Computer System to Win

According to an article on, a teenager accused of gaining unauthorized access to school computer systems in order to rig a homecoming queen contest with her mother will stand trial as an adult, and could spend 16 years in prison if convicted. Emily Grover, who turned 18 in April but who was arrested in March, when she was 17, faces four charges alongside her mother, Laura Carroll. The pair allegedly schemed to cast hundreds of fraudulent votes in the homecoming contest, an election that Grover ultimately won. The Florida teen and her mother each face charges of offenses against users of computers, computer systems, computer networks, and electronic devices; unlawful use of a two-way communications device; criminal use of personally identifiable information; and conspiracy to commit these offenses. Read more.

Cyber Connections News Roundup: May 4

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

May 4

Justice Department Conducts Review of Cybersecurity Strategies

Deputy Attorney General Lisa Monaco said on April 30 at the Munich Cyber Security Conference that the Justice Department will review its approach to combatting malicious cyber activity from foreign governments and criminals, according to a recent report on The review of Justice Department policies will cover the cryptocurrencies that cybercriminals use to cash in on ransomware, among other threats. The policy review is an acknowledgement that cyberthreats to U.S. businesses and government agencies remain unrelenting. Read more.

Will a Civilian “Cybersecurity National Guard” Help Combat Vulnerabilities?

According to a recent article on, some lawmakers want to create a National Guard-like program to address growing cybersecurity vulnerabilities faced by the U.S. government. Much like a civilian cybersecurity reserve, the program would be voluntary and by invitation only. This would allow our national security agencies to have access to the qualified, capable, and service-oriented American talent necessary to respond when an attack occurs. Read more.

Eight Virginia Universities Plan Cybersecurity Research Projects

Researchers from eight Virginia universities will soon take part in $1 million worth of state-funded cybersecurity and autonomous vehicle-focused research projects through a statewide research initiative, according to a recent report on The universities involved — George Mason University, Longwood University, Marymount University, Old Dominion University, Radford University, University of Virginia, Virginia Tech and William and Mary — will focus their projects on different aspects of the cybersecurity workforce, including bio-cybersecurity and autonomous vehicle cybersecurity. The slate of projects will be funded through the Commonwealth Cyber Initiative. Read more.

Cybersecurity Studies Gaining Traction in Higher Education Institutions

While big tech companies such as IBM, with its IBM Skills Academy, are investing in IT career development in higher education, higher ed institutions of all sizes have used internal and external funds to create new cybersecurity and IT career programs to produce the professionals needed in today’s digital workforce, according to a recent article on In the past two months, the University of Hawaii announced new cybersecurity internships, Benedict College in South Carolina added a master’s degree extension of its cybersecurity program, Maryland’s Frostburg State University received grant money for cybersecurity workforce training and New York’s LaGuardia Community College announced accelerated education courses in cybersecurity. Read more.

D.C. Police Department Victim of Ransomware Leak

According to a recent article on, files belonging to the Washington, D.C., Metropolitan Police Department appeared April 24 on a leak site affiliated with a relatively new form of ransomware. Actors associated with the Babuk malware, which was first identified earlier this year, claimed to have stolen upward of 250 gigabytes of data from D.C. police, including police reports, arrest records, internal memos and documents shared with other authorities, like the FBI. It is likely the incident involving the 4,000-officer D.C. police department was more likely a crime of opportunity than a deliberate attack on the nation’s capital. Read more.

Cyber Connections News Roundup: April 20

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

April 20

FIN7 Administrator Sentenced to Prison

According to a recent report on, a U.S. federal judge on April 16 sentenced Fedir Hladyr to 10 years in prison for his alleged role as an administrator of the multibillion-dollar cybercrime group known as FIN7, which has breached hundreds of U.S. firms. FIN7, one of the most formidable cybercriminal groups of recent history, allegedly siphoned off millions of credit card numbers from restaurant and hospitality chains in 47 U.S. states. Hladyr allegedly controlled an instant messaging service that the crime group used to upload stolen payment card data and screenshots from hacked financial firms. Read more.

Promoting Diversity Is Key to Closing the Jobs Gap

The shortage of cybersecurity professionals in the U.S., which is only expected to grow, according to a recent article on, has encouraged government officials to ramp up their efforts to address barriers surrounding diversity. In a recent speech Department of Homeland Security Secretary Alejandro Mayorkas said the agency plans to launch a diversity and workforce development initiative in the coming months. The plan includes equal access to professional development opportunities to fill the current half-million cyber vacancies across our country and to prevent future shortages that threaten our ability to compete. Read more.

Wind Energy Latest Concern Among Cybersecurity Experts

In a recent opinion piece on, Bonner Cohen, senior fellow at the National Center for Public Policy Research, warns that by announcing its intention to increase the dependence of the American energy grid on renewable sources such as wind, the Biden administration may also be increasing the threat of cyber attacks on infrastructure by random hackers and hostile governments such as Communist China. Cohen said that the more wind installations that come into service, the more cybersecurity challenges their integrated control systems and related technologies will pose. As tensions rise between the United States and China, a growing Chinese presence in the wind power industry could end up becoming a national cybersecurity threat. Read more.

Recent Annual Threat Assessment Report Pins SolarWinds Attack Squarely on Russia

The Office of the Director of National Intelligence released its Annual Threat Assessment on April 13. A recent article on breaks down that report, noting that the intelligence communitymade its most direct public attribution, yet that Russia perpetrated the SolarWinds attack in order to facilitate a sweeping espionage operation, impacting hundreds of companies and U.S. federal agencies. Specifically, and without directly naming SolarWinds, the report said that a Russian software supply chain operation against a US-based IT firm exposed approximately 18,000 customers worldwide, including enterprise networks across US Federal, state, and local governments. Under the Trump, the intelligence community had stated that the operation was “likely” Russian in origin. Read more.

Democrats Reintroduce IoT Bill

According to a recent article on, Democrats have reintroduced the Cyber Shield Act, a bill to legislate cybersecurity into Internet of Things (IoT) devices. The bill calls for a voluntary certification program that would allow manufacturers to verify their connected devices as hacker proof. The bill was first introduced in 2017 and again in 2019, with this latest attempt again sponsored by Senator Edward J. Markey (D-MA) and Congressman Ted Lieu (D-CA). The Act establishes cybersecurity benchmarks for IoT devices based on standards set by an advisory committee of cybersecurity experts from academia, industry, consumer groups, government and the public. Read more.

Cyber Connections News Roundup: April 6

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

April 6

University of California Latest Victim of Accellion Attack

The University of California learned recently that it, along with other universities, government agencies, and private companies throughout the country, was subject to the cybersecurity attack involving the use of Accellion, a vendor used by many organizations for secure file transfer. According to a recent report on, upon learning of the attack UC reported the incident to federal law enforcement, took measures to contain it, and began an investigation. At this time, UC believes the attack only affected the Accellion system and did not compromise other UC systems or networks. Read more.

HHS Secretary Mayorkas Promises Improvements to Country’s Cyber Defenses

In recent remarks related to cybersecurity, Homeland Security Secretary Alejandro Mayorkas pledged to harness federal resources to improve public and private cyber defenses. According to a recent report on, Mayorkas expressed alarm at the steady stream of ransomware incidents hampering state and local governments and U.S. businesses during the coronavirus pandemic. Mayorkas pledged to improve nearly every major facet of DHS’s cybersecurity work. Part of this work will come through an executive order President Joe Biden is expected to release soon. Read more.

“Hacktivists” Seeking Political Points Pose Emerging Threat

A recent article on highlights a new wave of “hactivism,” whereby ideologically motivated entities such as hacktivists, leaktivists, and public disclosure organizations are now viewed as significant threats. Three major hacks show the power of this new wave of “hacktivism,” according to the article. The exposure of AI-driven video surveillance being conducted by the startup Verkada, a collection of Jan. 6 riot videos from the right-wing social network Parler, and disclosure of the Myanmar military junta’s high-tech surveillance apparatus. The U.S. government has demonstrated that it regards the uptick in hacktivism with alarm. An indictment last week accused 21-year-old Tillie Hottmann, a Swiss hacker who took credit for the Verkada breach, of a broad conspiracy. Read more.

National Cybersecurity Center to Offer Training to State Governments

According to a recent article on, the nonprofit National Cybersecurity Center recently introduced a new program to offer training sessions on cyber hygiene and IT security to elected officials in state governments and their staff members. The program will feature virtual briefings, on-demand workshops and other materials addressing not only good online safety measures, but also an overview of the many different cyberthreats state and local government face. The training series is backed in part by Google, which recently expanded its election-security products after offering them to campaigns and candidates last year. Read more.

Canada Addresses Growing Cybersecurity Threat to Agricultural Sector

A recent article on reports that Canada plans to invest more than CA$500,000 over four years to the Community Safety Knowledge Alliance for its Cyber Security Capacity in Canadian Agriculture project. This project will contribute to enhancing agricultural critical infrastructure protection in Canada by assessing the cybersecurity capacity of the Canadian agricultural sector and engaging with Canadian farm operators and other stakeholders to promote awareness and develop resources related to cybersecurity of farming operations. Read more.

Cyber Connections News Roundup: March 23

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

March 23

FBI Reports $4 Billion in Cybercrime Losses for 2020

In a new report, the Federal Bureau of Investigation claims that Americans reported $4.2 billion in losses as a result of cybercrime and internet fraud to the FBI in 2020, a roughly 20% increase in the money known to be lost to scammers in 2019. According to a report, the FBI’s Internet Crime Complaint Center, the organization through which U.S. citizens and businesses report financial losses from hackers, received an average of more than 2,000 complaints per day through 2020. The uptick in crime reporting was driven largely by business email compromise (BEC), ransomware attacks and widespread technology support scams, in which fraudsters impersonate customer support representatives from tech firms or financial institutions, only to dupe victims into sending wire transfers. Read more.

New Infographic Highlights Cyber Scams During COVID-19

The global spread of coronavirus has also brought about a cyber pandemic, according to a new infographic on The career skills and certification provider offers insights into how cyber incidents and security events brought in an exponential change in the cybersecurity landscape in 2020. Some of the different kinds of pandemic-related scams that took place in 2020 and caused disruption include: information stealing; malware and ransomware attacks; vulnerabilities around work from home; and scams related to fake products. Read more.

Vaccine Card Selfies Are a Bad Idea According to Cyber Experts

As more people get vaccinated for COVID-19, it has become popular to post on social media a picture of the vaccination record card. Not a good idea, says cybersecurity experts. According to a recent article on, experts say your face is fine, but the card gives criminals more information than you know, including geolocation tagging, time of day, your house, where you live, where you work, etc. Even if you’re blocking out or blurring information you think is relevant, you could be providing thieves the pieces of information they need to complete your profile. Read more.

Are Federal Agents Prepared for the Next SolarWinds Attack?

During the March 18 testimony before the Senate Homeland Security and Governmental Affairs Committee on federal cybersecurity weaknesses, Brandon Wales, acting director of the Cybersecurity and Infrastructure Security Agency (CISA) told senators on that federal defenses simply aren’t aligned properly to detect advanced attackers. According to a recent report on, Wales warned that you can only secure what you can see and that historically our system of protection has largely relied on sensors at the perimeter of networks that are designed to be fed by information from the private sector. Hackers have advanced to the point where they are moving from server to server within the U.S. to avoid getting caught. Read more.

Buffalo Schools Shuttered Due to Ransomware Attack

The Buffalo public school system is the latest victim in a growing number of cyberattacks targeting school districts across the U.S. According to an article on, the school district disclosed late afternoon on March 12 stating that it was a victim of a ransomware attack. It was unclear if personal information was stolen from the district’s networks. All classes — remote and on-site — were cancelled for March 15 and 16, 2021, so that the school district can stress-test various recovery steps and associated applications. Read more.

Cyber Connections News Roundup: March 9

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

March 9

Women Lag Behind Men in Cybersecurity Salaries

The recent Exabeam 2020 Cybersecurity Professionals Salary Skills and Stress survey, which focuses on a variety of key topics affecting people across the sector, reveals some alarming salary disparities between men and women. In the U.S., according to the survey, on average male respondents made $91K vs. $62K for female respondents. In New York, for example, a man and a woman, each with 4-5 years’ experience and the same job title (information security director), are receiving very different salaries. While the female makes $33-46K, her male counterpart is making $98-130K — a huge difference and totally at odds with objectives relating to gender equality. Read more.

Latest Microsoft Hack Turning into a Global Crisis

According to a recent report on, an attack on Microsoft’s business email software started by a Chinese government-backed hacking group has so far claimed at least 60,000 known victims globally. The European Banking Authority became one of the latest victims. Other victims include banks and electricity providers, as well as senior citizen homes. The Chinese hacking group, which Microsoft calls Hafnium, appears to have been breaking into private and government computer networks through the company’s popular Exchange email software for a number of months, initially targeting only a small number of victims. The result is a second cybersecurity crisis coming just months after suspected Russian hackers breached nine federal agencies and at least 100 companies through tampered updates from IT management software maker SolarWinds LLC. Read more.

Army Warns of QR Code Cyber Scams

Quick response codes, or QR codes, according to an article on, offer convenience, but may also help cyber criminals use them to connect phones to run scams. When smart phones scan a QR code, which is made up of black and white dots arranged in a square, the code will typically open up a browser or enable a payment to a business. Users should also be wary of criminals who try to use them to steal money, according to the Army Criminal Investigation Command’s Major Cybercrime Unit, which issued an alert last week. Scams could also include connecting devices that scan QR codes to a malicious network and sending texts or making calls to users’ contacts or adding malicious contacts to the contact list, the Army alert warned. Read more.

CIS Launches Free Ransomware Protection for U.S. Hospitals

According to a recent report on, the nonprofit group Center for Internet Security (CIS) recently launched a free ransomware protection service for private U.S. hospitals. CIS is providing the service to help combat the dramatic escalation of ransomware attacks against hospitals during the pandemic. Specifically, the Malicious Domain Blocking and Reporting Service (MDBR) uses security services from Akamai to proactively look for traffic from domains associated with malicious activity, including ransomware attacks. If it detects a malicious domain trying to connect with hospital networks, the software blocks the connection. The free software program is targeted at underfunded hospitals in the U.S. that lack their own basic cybersecurity services. Read more.

Organizations Are Increasing Adoption of AI in Cybersecurity

According to a recently released report by Capgemini Research Institute, nearly three-quarters of firms (73%) said they were testing use cases for AI for cybersecurity in some way. Currently, 28% are using security products with AI embedded, with 30% using proprietary AI algorithms. The remainder, 42%, currently either use (or plan to use by next year) both proprietary solutions and embedded products. The number one application was for network security, followed by data security and endpoint security. However, half of the executives surveyed said that they qualified cybersecurity experts who are capable of improving the logic underpinning AI algorithms to detect threats efficiently. Those surveyed also expressed the need for a governance mechanism that would ensure the ethical and transparent use of AI algorithms. Read more.

Cyber Connections News Roundup: Feb. 23

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

February 23

SolarWinds Response to Be Part of Biden Administration Cybersecurity Efforts

According to an article on, as part of its commitment to cybersecurity, which includes more than $10 billion of it of its $1.9 trillion COVID-19 recovery proposal, the Biden administration’s will propose an executive order to address “gaps” in the federal government’s network security to prevent future breaches like the massive SolarWinds attack. The breach, which impacted nine federal agencies and compromised about 100 private sector companies, is believed to have been the result of Russian hackers. The administration is also working with allies who have been similarly affected by Russian cyberattacks and espionage. Read more.

U.S. Charges North Koreans With Cybercrime Theft

Prosecutors unsealed an indictment on Feb. 17 charging three North Korean computer programmers with a criminal conspiracy to steal and extort $1.3 billion from financial institutions and companies in both cryptocurrency and cash. According to a report on, the indictment of three men— Jon Chang Hyok, Kim Il and Park Jin Hyok, the third of whom the DOJ targeted in 2018 — accuses them of working on behalf of North Korea’s Reconnaissance General Bureau, a military intelligence agency. The charges expand on the first case brought in 2018 against a North Korean regime-affiliated hacker tied to some of the nation’s most prominent alleged hacking campaigns, including the 2014 Sony attack, the 2016 Bangladesh bank heist and the 2017 WannaCry outbreak. Read more.

Integrated Security Models Gaining Traction According to New PwC Survey

PwC’s 2021 Global Digital Trust Insights, a survey of 3,249 business and technology executives worldwide, tells us that innovation is changing the cybersecurity game, giving new advantages to defenders and leveling the playing field with attackers. According to the report, an existing array of cyber solutions has matured, enabling a shift to Zero Trust architectures, real-time threat intelligence, security orchestration and automation, advanced endpoint protection, identity and access management and other advanced technologies—prompted in large part by a threefold growth in cloud services. Organizations are investing in the classic digital transformation trifecta—people, processes and technologies—to close the wide lead that attackers have long held. Read more.

Recent Cyber Attack on Florida Water Supply Exposed Gaps in Security

According to a recent report on, hackers looked to poison the water supply in Oldsmar, Florida. Experts say the hack, which was addressed quickly, was a prime example of why the cybersecurity of the U.S. water supply remains one of the greatest risks to the country’s infrastructure. In the case of the Oldsmar attack, the hackers needed only to gain access to a TeamViewer account, which lets remote users take full control of a computer associated with the plant. That let them set the chemical content for the underground water reservoir that provides the drinking water for nearly 15,000 people. The facility has backup alarms to measure unsafe chemical levels, but the hackers were at least briefly able to order the plant to poison the water. Read more.

Educators Lagging in Cyber Training

A recent article on claims that 44% of K-12 and college educators say they haven’t received basic cybersecurity training, and another 8% were unsure if they had been trained at all. That’s according to an October 2020 survey by Morning Consult on behalf of IBM, a technology company. That finding is despite the fact that many educators teaching in full-time remote or hybrid learning environments have experienced the problem. Perhaps more problematic from a cybersecurity perspective is that more than half of K-12 educators report that they are using their own personal computing devices for remote learning. Such devices tend to lack the same level of cybersecurity protections as school-issued. Read more.

Cyber Connections News Roundup: Feb. 9

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

February 9

Biden’s Cybersecurity Call to Action

According to a recent article on, a recent memo from the Biden administration calls for federal agencies with foreign policy and national security missions to modernize to ensure officials performing those roles have the latest technologies at their disposal. Biden‘s memo, issued on Feb. 4, calls for recruiting and retaining technical talent that will strengthen the national security and foreign policy workforce. The memo also establishes an Interagency Working Group on the National Security Workforce chaired by the principal deputy national security adviser with deputy directors of the Office of Management and Budget, Office of Personnel Management, and Office of Science and Technology Policy serving as vice chairs. Read more.

Cybersecurity Continues to Gain Boardroom Presence

According to a recent report on, Gartner predicts that by 2025, 40% of boards of directors will have a dedicated cybersecurity committee overseen by a qualified board member, up from less than 10% today. According to the Gartner 2020 Board of Directors Survey, cybersecurity-related risk is rated as the second-highest source of risk for the enterprise, following regulatory compliance risk. Hence, many boards of directors are forming dedicated committees that allow for discussion of cybersecurity matters in a confidential environment, led by someone deemed suitably qualified. Read more.

FDA Appoints Medical Device Cybersecurity Director

The Food and Drug Administration has appointed Kevin Fu, a University of Michigan associate professor, to serve a one-year term as acting director of medical device cybersecurity at the agency’s Center for Devices and Radiological Health. According to a report on, Fu is a long-time security advocate and researcher will serve as an “expert in residence” and the FDA’s first medical device cyber chief in CDRH’s Office of Strategic Partnerships and Technology Innovation. Read more.

To Ramp Up Cybersecurity Training Think Industrial Revolution

A recent article on suggests we look back to the Industrial Revolution to better understand the relationship between automation and people and how that relates to cybersecurity training. Back then, companies built factories and invested in new manufacturing technologies, but they still required training people to operate the machinery. Today, this is the same problem we face in cybersecurity. Companies have invested heavily in automation to compensate for the lack of available experts, we still need qualified security professionals to use the tools, interpret the signals and gather intelligence. But cybersecurity is different, requiring a much broader skill set and big picture view. Read more.

The Ransomware One Percent Club

A recent article on examines how the ransomware industry is developing its own version of the 1%, where a small number of players enjoy most of the wealth. Cybercrime investigators are suggesting that the trend of increasingly large ransomware cash demands and attack frequency is not the work of a large number of criminals, but instead the result of a specialized black market economy, in which hackers will different skill sets collaborate on a breach, then split the proceeds. A relatively small number of attack groups actually seem to make up most of that black market economy, offering their malicious software on a rental basis and then taking a sizable chunk of the profits and relying on money laundering to cover their tracks. Read more.

Cyber Connections News Roundup: Jan. 26

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

January 26

Covid-19 Vaccine Producers Facing a Growing Number of Threats

Pharmaceutical companies have rolled out Covid-19 vaccines in record time, which also has exposed a number of new cybersecurity threats. According to a recent article on, in R&D, clinical trials, manufacturing and distribution, we’re seeing a proliferation of new threat surfaces cyber attackers are targeting today. A new report from the U.S. Department of Homeland Security’s Cybersecurity & Infrastructure Security Agency (CISA) describes how cyberattackers, impersonating an executive from a biomedical company known for having end-to-end cold chain expertise, conducted credential harvesting spear-phishing attacks against global companies who support the global cold chain needed for distributing vaccines. Read more.

White House Taps Rob Silvers as New CISA Chief

According to a recent article on, the Biden administration plans to select Rob Silvers, a lawyer and former Department of Homeland Security (DHS) official, to run the Cybersecurity and Infrastructure Security Agency (CISA), the federal agency in charge of election security and stopping hacking threats to government networks. The choice of Silvers, according to the report, signals the new administration’s intent to strengthen CISA’s role in cyber-defense. If confirmed, Silvers would assume the position previously held by Christopher Krebs, whom former President Donald Trump fired via Twitter. CISA is now investigating one of the largest cyber-espionage campaigns against U.S. government networks in recent memory, in which Russian hackers exploited software from the federal contractor SolarWinds to infiltrate multiple federal agencies. Read more.

Government May Have Failed to Heed Warnings that Led to SolarWinds Hack

A recent article on suggests that congress and federal agencies were slow or unwilling to address warnings about cybersecurity, shelving recommendations and investing in programs that have fallen short. The SolarWinds cyber-attack by suspected Russian hackers came after years of warnings from a watchdog groups and cybersecurity experts, according to the report. For instance, the Cyberspace Solarium Commission, which was created by Congress to come up with strategies to thwart sizable cyber-attacks, presented a set of recommendations to Congress in March that included additional safeguards to ensure more trusted supply chains. By then, the alleged Russian hackers may have already breached the government’s software supply chain. Read more.

Underground Cyber Attackers Feasted on States’ Pandemic Unemployment Program

According to an article on, online actors specializing in financial fraud took advantage of a widely used unemployment insurance program designed in response to the COVID-19 pandemic, making it one of the single biggest targets for cybercrime in 2020. According to a report by threat intelligence firm Recorded Future, the Pandemic Unemployment Assistance program — implemented to help freelance and gig workers through the health crisis’ economic shutdowns — quickly became one of the most widely mentioned targets on dark-web forums where criminals gather shortly after it was created last March. Read more.

The Threat of Fake Content Generated from Laptops Stolen During Capitol Occupation Could Have Long-Term Implications

An article on noted that cybersecurity issues raised by the loss of physical control in the U.S. Capitol during the occupation may have long-term implications. Laptops that were stolen during the occupation of the Capitol are now in the hands of adversarial threat actors who are now in a position to create messages or files containing any kind of content and then claim that they were retrieved from one of these devices. Such faked content released to the public could sow additional confusion and create endless problems for the owners of the devices. Read more.