Cyber Connections News Roundup: Feb. 11

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

February 11, 2020

Iowa Caucuses Fall Victim to Faulty App

A recent article on www.ecommercetimes.com laid out the issues involved in the coding error an app used to count vote totals in the Democratic caucuses in Iowa delayed the release of final tallies. Although the data collected by the app was sound, it was reporting only a portion of that data to party headquarters due a coding issue with its reporting system, the party explained in a statement. As it turned out, the app, developed by Shadow, a company that builds political tools and platforms, was reporting only a portion of data to party headquarters due to the coding issue. It appears that the app was rushed to market without adequate testing. Bruce deGrazia, program chair for cybersecurity management and policy at the University of Maryland Global Campus in Adelphi, Maryland, quoted in the article, said, “It was tested for two months. It should have been tested for far longer than that.” He added, “You don’t bring something like this out in the middle of an election cycle.” Read more.

Pentagon Rolls Out New Cybersecurity Standards

The U.S. Department of Defense (DoD) recently published a new set of cybersecurity standards, known as the Cybersecurity Maturity Model Certification (CMMC) version 1.0, according to a recent article on www.cisomag.com. The new standards will require defense companies to adhere to a set of rules and mandates in order to do business with the DoD. The CMMC standards specify five different cybersecurity levels ranging from basic cyber hygiene requirements to detailed lists of security controls. Read more.

CISA Lacks Election Security Readiness, According to GAO Report

A recent article on www.cyberscoop.com sounds the alarm on election security, notably that the Cybersecurity and Infrastructure Security Agency (CISA), which provides state and local election officials with federal assistance, education and information sharing about how to safeguard U.S. voting infrastructure from possible interference has not created a clear plan to respond to possible Election Day security incidents. According to a recent Government Accountability Office (GAO) report, despite three years of work meant to improve security, CISA still is not well positioned to execute a nationwide strategy for securing election infrastructure prior to the start of the 2020 election cycle. Read more.

Cyber Criminals Are Taking Advantage of the Coronavirus to Spread Malware

A recent article on www.securitymagazine.com reports that cyber criminals are taking advantage of the coronavirus outbreak, and using it to spread malware. According to a new report by IBM X-Force Exchange, the practice of leveraging worldwide events by basing malicious emails on current important topics is common among cyber criminals. X-Force discovered the first campaign of this type, in which the outbreak of a biological virus is used as a means to distribute a computer virus. The emails appear to be sent by a disability welfare service provider in Japan, says IBM. The text briefly states that there have been reports of coronavirus patients in the Gifu prefecture in Japan and urges the reader to view the attached document. Read more.

Insider Threats Costing Companies Over $11 Million Annually

Proofpoint, Inc., a cybersecurity and compliance company, recently released Cost of Insider Threats 2020 Global Report, which identifies the costs and trends associated with negligent, compromised, and malicious insiders. The study found that, on average, impacted organizations spent $11.45 million annually on overall insider threat remediation and took 77 days to contain each incident. The report, commissioned with The Ponemon Institute and co-sponsored by IBM, surveyed nearly 1,000 IT and IT security practitioners across North America, Europe, Middle East, Africa, and Asia-Pacific. Read more.

 

Cyber Connections News Roundup: Jan. 28

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

January 28, 2020

Measuring Artificial Intelligence-Based Cybersecurity Readiness

A recent article on www.entrepreneur.com offers a look at how enterprises today can measure their readiness for adoption and implementation of artificial intelligence-based cybersecurity solutions. Because AI in the area of cybersecurity is relatively new, many organizations are hesitant to adopt it for their enterprises. As AI-based cybersecurity begins to pay dividends for some, it is wise to understand some parameters that can help gauge whether or not to make the leap into adoption. Read more.

Three Arrested in Indonesia for Magecart Attack

According to a report on www.cyberscoop.com, police in Indonesia have arrested three men accused of inserting malicious code into e-commerce websites to steal shoppers’ payment data, an emerging hacking technique known as a Magecart-style attack. Interpol announced on Jan. 27 it coordinated a law enforcement operation that identified hundreds of websites that had been infected with malicious software used to collect customers’ financial data and personal details. The Magecart attack relies on a malicious tool that attacks the JavaScript programming language, the digital equivalent of a “smash-and-grab robbery.” Read more.

A Rise in Crypto Wars Predicted at Word Economic Forum

A blog post on www.weforum.org, as part of the World Economic Forum’s annual meeting, predicts that more data will be created and collected than ever before, making policy attempts to protect this data more urgent. Data borders will continue to be drawn. As a result, crypto wars will proliferate as tech companies increasingly find it difficult to resist government calls for back doors to their systems. Moreover, as internet users increase in emerging economies the same challenges of disinformation and cyber attacks experienced in more cyber-advanced countries will occur, the article predicts. Read more.

Bezos Hack Signals Rise in Commercial Tools

An article on www.washingtonpost.com offers the Saudi hacking campaign (thought to have been orchestrated by the Saudi Crown Prince Mohammed bin Salman in 2018) compromised the cellphone of Amazon founder and Washington Post owner Jeff Bezos as an example of how even someone of Bezos’s stature can be hacked with off-the-shelf tools. The escalation in the way nations use commercial hacking tools is fueling calls from officials and experts to ban the international sale of spyware, according to the article. Read more.

Senate Bill Would Require State Cybersecurity Coordinators

According to a recent article on www.scmagazine.com, bipartisan legislation introduced in the Senate on January 17 would create a federal program to bolster response to cyber attacks in states by installing cybersecurity coordinators. Under the Cybersecurity State Coordinator Act, sponsored by Sens. Maggie Hassan, D-N.H., Gary Peters, D-Mich., John Cornyn, R-Texas and Rob Portman, R-Ohio, the program would fall under the umbrella of the Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and would facilitate threat information-sharing as well as boost coordination between state and federal governments. Read more.

2020 Cybersecurity Threats & Detection: An Interview with Two UMGC Cybersecurity Faculty Experts

As we enter the second decade of the 21st century, we enter a world that is more connected than ever before, and developments in technology are progressing faster than our ability to secure them. Michelle Hansen and Valorie King of the School of Cybersecurity and Information Technology at University of Maryland Global Campus offer their insights into the current threat landscape and what cybersecurity professionals need to do to defend against aggressive attacks.

In a recent blog post on http://www.forensicscolleges.com, a comprehensive directory of programs and careers in the fields of digital forensics and cybersecurity, Hansen and King share their insights into the technologies that are vulnerable to cyber attack, the influence of moral reasoning in cybersecurity, and which cybersecurity skills are most in demand.

“Cybersecurity threats and attacks have advanced at scale with the progressions of technology. With every new device and emerging telecommunications development come new vulnerabilities for exploitation.”

— Dr. Michelle Hansen, collegiate faculty, Information Systems Management at UMGC

“Cybercrime has become CaaS or Cybercrime-as-a Service. Exploit packages (pre-written applications used to attack systems and networks) have transitioned towards a Platform-as-a-Service model where attackers can rent time on computing infrastructures that support and deliver attacks.”

— Dr. Valorie King, program director, Cybersecurity Management and Policy at UMGC

Read the full interview.

Cyber Connections News Roundup: Jan. 14

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

January 14, 2020

Cyber Experts Warn of Threats After Iran Attacks

Many experts, including Dave Schroeder, a University of Wisconsin-Madison cybersecurity professor, predict that Iranian cyber bots or other foreign actors may retaliate following the recent attacks. In an interview on WMTV of Madison, Wisconsin, Schroeder, whose main focus is Iran cybersecurity, noted that in the immediate aftermath of the U.S. strike, “we saw Twitter start to be flooded with propaganda, misinformation, disinformation.” Schroeder said that cyber attacks took flight and pro-Iranian bots and trolls started spreading false narratives about the U.S. following the airstrike that killed Iran’s top general. Read more.

The Convergence of IT and OT Devices Ushers in Wave of New Risks

The rapid convergence of IT (internet technology) and OT (operational technology), which traditionally operated in two separate worlds, is creating cybersecurity gaps, according to a recent article on www.rfidjournal.com. Roughly 50 percent of industrial assets will be connected to some sort of network or Internet-based data-collection system by 2020, but because many OT systems were never designed for remote or Web access, not all connectivity exposures were considered, thus creating a major security challenge and operational risk that the manufacturing industry will need to address in 2020 and beyond. Read more.

New Voting Machines Vulnerable to Hacking

According to a Washington Post report, new voting machines that hundreds of districts will use for the first time in 2020 don’t have enough safeguards against hacking by Russia and other U.S. adversaries, according to a study from researchers at the University of Michigan. The study provides an independent review of the machines called ballot-marking devices, or BMDs, which at least 18 percent of the country’s districts will use as their default voting machines in November. The results, according to the Post article, are a major blow for voting machine companies and election officials, who have touted BMDs as a secure option in the wake of Russia’s 2016 efforts to compromise U.S. election infrastructure. Read more.

Latest Accenture Acquisition Signals Dominance in Managed Security Services Sector

Accenture Security plans to acquire Symantec’s Cyber Security Services business from Broadcom, according to multiple reports, including an article on www.infosecurity-magazine.com. No financial terms were disclosed regarding the acquisition, but the deal is expected to close in March 2020. The deal is the latest in a long line of acquisitions by Accenture Security in the threat intelligence and cybersecurity fields. Already in Accenture’s cyber-stable are déjà vu, Security, iDefense, Maglan, Redcore, Arismore, and FusionX. With this latest acquisition, Accenture Security will become one of the main players on the managed security services stage. Read more.

New Survey Offers Insight into Constraints in Cybersecurity Salaries

According to a report on https://securityboulevard.com, despite a shortage of cybersecurity expertise, a global salary survey of 1,324 cybersecurity professionals found nearly half the respondents (48%) earn less than $50,000 a year. Only 36% earn more than $70,000 a year, according to the survey, conducted by Cynet, a provider of tools for detecting breaches. The survey also found that cybersecurity professionals with the same level of experience generally make equivalent salaries regardless of whether they have a degree in computer science or a related engineering field. The report also noted that people who transitioned from an IT occupation to a cybersecurity position earned more than their peers who started out in cybersecurity. Read more.

 

 

Cyber Connections News Roundup: December 31

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

December 31, 2019

UMGC Cyber Faculty Members’ Predictions for 2020

Cybersecurity faculty members of University of Maryland Global Campus offer their top five trends and predictions for the New Year. As we head into a new decade in the 21st century, one prediction is almost certain. The sophistication and number of cyber attacks perpetrated globally most likely will rise, but some questions remain. Will attackers focus on emerging technologies like artificial intelligence and cloud computing? Will new attack vectors proliferate, replacing the tried and true methods? Read more.

Heading into 2020, Women Still Face Roadblocks in Cybersecurity

A recent podcast on www.threatpost.com examines the challenges and opportunities that women face in the cybersecurity landscape. As the tech industry faces challenges around diversity in general, women are still particularly underrepresented. Threat Post recently sat down with Jessica LaBouve, a pen tester with A-LIGN, to discuss the personal challenges she’s faced in the cybersecurity industry and the opportunities in the space that she sees for improvement. Read more.

U.S. Navy Bans TikTok for Fear of Cybersecurity Threats

According to a recent article on www.digitalmusicnews.com, The United States Navy has issued a blanket ban on the Chinese-owned social media app, TikTok, saying the app may present a cybersecurity threat to service members. A bulletin issued by the Navy said government-issued mobile devices with TikTok installed would be blocked from the Navy Marine Corps Intranet. However, the bulletin did not describe what threat the app may represent. The app is currently part of an ongoing U.S. investigation, despite being popular among teenagers. Read more.

Cino Launches Cybersecurity Program for Hotel Guests

The Marriott International data breach of 2018 highlighted just how vulnerable hotels are to cyber attacks. In response, Cino, a full-service risk management, cybersecurity and training company, has launched a new product designed to protect hotel guests’ personal data from cyber criminals, according to an article on www.hotelmanagement.net. The product, Cyber Safe Travel, is powered by StrikeForce Technology’s military-grade technology. It provides protection for hotel guests’ mobile devices using keystroke encryption, advanced login breach protection and sophisticated screen scraper technologies. In addition, Cyber Safe Travel has a click-jacking attack-warning feature to help mitigate cyber threats. The product was first introduced at the October meeting of the Hotel Financial and Technology Professionals, New York Chapter. Read more.

Cybersecurity for Rural Communities Is Often Neglected

An article on www.arcweb.com points out that while attacks on large U.S. cities have had significant financial and operational impact, these same kinds of attacks, on a much smaller scale, can have a much more significant impact on smaller, more rural communities.  The August 2019 malware attack on 22 Texas communities is a recent example of this. Rural communities often lack the proactive planning and infrastructure to mitigate the damage caused by these threats. In the case of the Texas attacks, many business and financial functions of the communities affected were paralyzed. The article takes an in-depth look at how these communities responded and what must be done in the future to prevent these attacks. Read more.

 

Five Cybersecurity Trends to Watch Out for in 2020

Cybersecurity faculty members of University of Maryland Global Campus offer their top five trends and predictions for the New Year.

As we head into a new decade in the 21st century, one prediction is almost certain. The sophistication and number of cyber attacks perpetrated globally most likely will rise, but some questions remain. Will attackers focus on emerging technologies like artificial intelligence and cloud computing? Will new attack vectors proliferate, replacing the tried and true methods?

Arguably, the greatest challenge in the cybersecurity space for 2020 and beyond will be closing the workforce gap and maintaining a pipeline of skilled cybersecurity experts who are equipped with the tools, skills and leadership experience necessary to combat an ever-changing threat landscape. According to CyberSeek, the US faced a shortfall of almost 314,000 cybersecurity professionals as of January 2019. A recent Frost & Sullivan report predicts that by 2022 the global cybersecurity workforce shortage will reach upwards of 1.8 million unfilled positions.

Two significant developments in 2019 foresee a big year for us UMGC, too. First, effective July 1, 2019, we changed our name from University of Maryland University College to University of Maryland Global Campus to better communicate our status as a respected state university that brings higher education to working adults no matter where life takes them. Second, with an eye on the future, University of Maryland Global Campus has, through a recent realignment, created a School of Cybersecurity and Information Technology, which will further solidify our leadership role in addressing a rapidly changing menu of competencies and skills needed to work in cybersecurity.

From the faculty of the School of Cybersecurtiy and Information Technology, here are our top five cybersecurity trends we think will impact businesses and consumers in 2020:

  1. Artificial Intelligence (AI) will continue to gain popularity.AI is being touted as a possible solution to many human-centric needs, including more accessible healthcare to national security in the form of military robots.  In 2020 AI will use object detection algorithms to improve neural networks so that they are robust and large scale. By improving the neural networks, AI will become more mainstream, applying algorithms to efficiently process large volumes of data to produce results that improve human lives and enterprise operations.
  2. AI tools will both benefit and hinder cybersecurity. Piggy backing on the gaining popularity of AT, as companies continue to launch easy-to-use artificial intelligence tools and technology, cybersecurity will reap the benefits of added automated protection, but also will suffer from smarter, more efficiently organized attacks.
  3. Blockchain technology will enhance data communication systems. Blockchain technology is projected to make a significant impact in security data communication systems. The issue is leakage of data during transit and at rest, and this solution combines key-value pairs with encrypted values, access control policies, and policy and attribute enforcement engines to mitigate data leakage. Integrating a blockchain platform, such as IBM Hyperledger Fabric, ensures integrity of source data, which is essential to investigate data leakage incidents, and allows verification of data transactions for future analysis.
  4. Standards and regulation for autonomous vehicles. Autonomous vehicles are under development or production at most carmakers, and with multiple manufacturers across the globe, regulations are needed to address potential issues with safety, ethics, and personal privacy.
  5. Cloud attacks will continue to rise. As companies continue to migrate to the cloud, rushed schedules combined with a shortage of highly skilled cloud security professionals will cause an increase in cloud attacks and vulnerabilities.

 

 

Cyber Connections News Roundup: December 17

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

December 17, 2019

Recent Cyber Attack in New Orleans Highlights Vulnerability of State and Local Governments

According to a report on www.forbes.com and elsewhere, the City of New Orleans  suffered a cybersecurity attack serious enough for Mayor LaToya Cantrell to declare a state of emergency. A cybersecurity incident was detected around 11 a.m on Friday, December 13. As a precautionary measure, the city’s IT department gave the order for all employees to power down computers and disconnect from wi-fi. All city servers were also powered down, and employees were told to unplug any of their devices. This attack follows another that targeted the state of Louisiana in November, at which time school district computers were taken offline, and a state of emergency declared. Read more.

New Strategy Game from Circadence Aims to Stem Rise in Cyber Attacks During the Holiday Season

A recent article on www.10news.com warns of a rise in cybersecurity attacks during the holiday season. Predictably, a spike in online shopping will lead to a larger field of targets and, likely, more opportunities for stolen data, particularly credit card information. “If you’re saying ‘save my credit card information’, that is a risk that you’re taking for that convenience and it might not be worth it,” said Bradley Hayes, chief technology officer of Circadence, a cybersecurity education and training company. To help educate consumers, Circadence has rolled out InCyt, a web-based battle strategy game that allows users to experience the cyber world from both an offensive and defensive point of view. Read more.

Many Businesses Are Using NDAs to Hide Data Breaches

According to recent article on www.techhq.com, European companies are covering data breaches and possibly avoiding multi-dollar fines under the guise of non-disclosure agreements (NDAs). Citing a recent report on www.businessinsider.com, the article said that Europe’s GDPR (General Data Protection Regulation) legislation came into effect in May 2018 and has since then already led to landmark fines, such as that of British Airways— close to US$230 million— while Marriott was handed a US$123 million fine. NDAs, however, allow companies employing the services of cybersecurity firms to keep breaches confidential, as it is not a requirement for cybersecurity firms to report any incidents of data breaches on behalf of their clients. Read more.

Is Privacy Overshadowing Cybersecurity in Our National Debate?

A recent article on www.slate.com asks if cybersecurity has taken a backseat to privacy in our current national debate, mainly as a result of policy makers conflating the two issues and claiming to be addressing both. The article notes that privacy and cybersecurity are distinct. Privacy provides users with control over how businesses collect, use, and share their information. Cybersecurity prevents unauthorized parties from accessing, altering, or rendering unavailable their data, information systems, or connected devices. While congress focuses on passing a national privacy law, the U.S. lacks a comprehensive set of laws to protect information and critical systems from hackers. Read more.

New Cybersecurity Requirements from DoD Aim to Secure Supply Chain

According to the Department of Defense (www.defense.gov), by June 2020, industry will see cybersecurity requirements included as part of new requests for information, which typically serve as one of the first steps in the awarding of new defense contracts. According to Ellen Lord, the undersecretary of defense for acquisition and sustainment, a new cybersecurity maturity model certification (CMMC) program will help ensure that companies doing business with the department meet important cybersecurity requirements. The goal is a unified standard to secure the entire DoD supply chain. Read more.