Cyber Connections News Roundup: March 12

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

March 12, 2019

Hackers Penetrate Three U.S. Colleges

Hackers recently breached admissions files at three private colleges, Oberlin College in Ohio, Grinnell College in Iowa and Hamilton College in New York. According to a www.washingtonpost.com report, applicants to each of the three colleges received a suspicious email offering them the chance to buy their admission files. For a fee, the sender promised access to confidential information in the applicant’s file, including comments from admissions officers and a tentative decision. The emails demanded thousands of dollars in ransom from prospective students for personal information the hackers claimed to have stolen. Read more.

New Study Predicts Steep Growth in Cybersecurity Market

According to a new study by Absolute Markets Insights, the cybersecurity market will grow at a CAGR of 13.5 percent over the forecast years (2019 – 2027). Cyber attacks, predicted as the fastest growing type of crime worldwide during this period, are predicted to drive this increase. Emerging technologies, such as machine learning and big data, are also increasingly causing several industries to become more vulnerable to exploitation and cyber-attacks. Read more.

AT&T Launches Cybersecurity Division

AT&T announced at last week’s RSA Conference (March 4-8) a new standalone security division, AT&T Cybersecurity. The new unit, according to a recent report on www.sdxcentral.com, combines technology and threat intelligence from Alien Vault, which A&T acquired last year, and AT&T’s security consulting and managed services. AT&T also announced that it has become the first North American operator to join the Global Telco Security Alliance, a group launched last year by Etisalat, Singtel, SoftBank, and Telefónica to share threat intelligence and security best practices. Read more.

Winning the War on Cybersecurity Starts Young

In a recent opinion post on www.forbes.com, Danny Pehar, managing director of security awareness at Cytelligence, maintains that instilling cybersecurity knowledge and awareness in the next generation of Internet users is the key to making progress in winning the war on cybersecurity. Sharing digital information has become such a big part of our every day lives that it has become vital that we teach children how to determine whether or not certain information is sensitive and how it needs to be protected. The bottom line, according to Pehar, is teaching young people about risk. “Everything in cybersecurity begins and ends with the understanding that if you have data, then you have cyber risk,” he said. Read more.

Should Selling Products Now Mean Selling Trust?

A recent article Harvard Business Review article illuminates two conflicting trends: an increased reliance on software and technology in just about every aspect of our lives and the inherent privacy and security vulnerabilities that come with the territory. More and more companies are adopting the philosophy that successfully selling products means selling trust – the ability safeguard the relationship with customers by being honest about the dangers of data in the digital age. Read more.

Cyber Connections News Roundup: February 12

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

February 12, 2019

Strategic Alignment Top Concern for CISOs in the New Year

In a recent article on http://www.techtarget.com, chief information security officers (CISOs) from a variety of industries weighed in on their top priorities for 2019, which focus mainly on aligning their objectives with their organization’s strategic roadmap. In the article, Mansur Hasib, chair of the cybersecurity technology program in The Graduate School at UMUC, said that CISOs should develop strategic plans based on what the business needs and on its appetite for risk. Read more.

K-12 Schools Experienced 100-Plus Cyber Attacks in 2018

According to an article on http://www.campussafetymagazine.com, U.S. K-12 schools experienced 122 cyber attacks last year at 119 K-12 public education institutions, averaging out to an attack every three days, according to a new report on the misuse of technology in U.S. public schools from the K-12 Cybersecurity Resource Center. The report also found that data breaches were the most common type of attack, making up 46.7 percent of the 2018 cyber incidents in K-12 schools. Read more.

Could Huawei’s Access to 5G Expand China’s Surveillance State?

In a recent report on www.washingtonpost.com the Rob Strayer, the State Department’s top cyber official, said that allowing Huawei and other Chinese companies into next-generation 5-G telecommunications networks may allow Beijing to expand its surveillance state around much of the globe. The argument from Strayer makes a compelling case against Huawei’s inclusion in 5G networks and supports pressure by U.S. officials to ban the Chinese telecom giant from 5G in Canada, Britain, Europe and elsewhere. Read more.

Automotive Cybersecurity Market to Reach USD 912 billion by 2026

According to a new report by Acumen Research and Consulting, a provider of market intelligence and consulting services to information technology among other markets, the automotive cybersecurity market’s current worth is nearly USD 191 million and projected to reach USD 912 million by 2026. The overall spending on cybersecurity, according to the report, is expanding to keep pace with the rise in cybercrimes and malware assaults. As a result, the automotive sector has rolled out new capabilities, but a surge in cybercrime is driving the need for efficient automotive cybersecurity solutions over the forecast period. Read more.

New Synopsys/SAE Study Highlights Risks in the Automotive Industry

In a survey conducted by the Ponemon Institute, Synopsis, Inc. and SAE International found that automotive manufacturers and suppliers are struggling to incorporate cybersecurity best practices throughout product development life cycle. Titled “Securing the Modern Vehicle: A Study of Automotive Industry Cybersecurity Practices” and based on a survey of global automotive manufacturers and suppliers, the report also reavealed that the majority of automotive professionals have concerns that their organizations’ cybersecurity practices are not keeping pace with evolving technologies. Moreover, many organizations lack an established cybersecurity program or team. Read more.

 

Don’t Let Romance Scams Spoil Your Valentine’s Day

By Dr. Richard White

Valentine’s Day is for romance and connection, but scammers are skilled at using emotion as a social engineering tool.

In my book “CYBERCRIME: The Madness Behind the Methods,” I explain in detail how social engineering manipulates how we see and hear what we want to believe. In turn, dopamine released in the brain reinforces our new actualized belief.

There are five areas where scammers are most successful at engineering our beliefs and driving our actions through emotional connections.

1. Email and Phishing scams are always a threat. When romance is in the air, concerns for security may take a back seat to the excitement of finding the perfect romantic gift.

For example, scammers develop ads designed to lure victims to malicious websites or steal their credit card information with promises of gift cards, great discounts or a gift you never knew existed. Be wary of unknown companies and always verify the validity of a company before clicking a link.

2. Facebook and social media are powerful marketing sights for scammers. Perpetrators use the power of search algorithms to seek out the right victims for their scam and ads you clicked in the past combined with your search patterns allow just the right ad to be placed on your screen.

Scammers’ ads may look legitimate and their products or services may be real, but their goal is to steal your information or take your payment without delivering merchandise. Remember that social media platforms are designed to get people to respond to ads. Don’t click on an ad until you research the company with a Google search or the Better Business Bureau to ensure trustworthiness.

3. Fake profiles are a common problem on dating sites. Leading up to and during Valentine’s Day, scammers up their romantic game to establish online relationships. Remember, people tend to see and hear what they want to believe.

A common scam involves a U.S. citizen or service member who is living abroad but soon to return home, conveniently right near were you live. Once the online relationship is established, the scammer comes up with an issue and needs your financial assistance to return home.

4. Variations of the Nigerian prince scam abound. This scam involves receiving something amazing in exchange for documentation, money or a credit card number.

You receive some type of communication from a person searching for someone with your name who claims to be a long-lost love, family member, or special someone who got away. But he or she is not sure you’re the right person, so asks you to provide information to prove who you are.

Remember who is at risk here, and that you are the one putting yourself out there—possibly in harm’s way. Slow down, think and verify whom you are dealing with.

5. Compromised websites are a great way to spread malware. A website may be real and belong to a legitimate business or person, but it may have been hacked.

Be careful with any type of site that is open to the public for posting comments. Anyone can post a link that will direct you to malware or a compromised website. Whether an advertisement, a product review, or a personal ad from someone searching for you, do not let your emotions get the better of you and do not rush into something out of pure excitement. Research links before clicking on them and don’t ever post personal information online.

Also, don’t forget about the things you can do to mitigate your risk. Here are five:

  1. Always be mindful of phishing emails and attachments. If a link seems to be exactly what you are looking for, beware. Scammers may have targeted you.
  2. Many websites will allow you to test a link before you click on it, such as checkshortURL.com, virusdesk.kaspersky.com/, and scanurl.net/. These sites will let you know if the link has been reported as malicious or if malware was found on the site. Always test a link before clicking on it.
  3. Be careful when sharing personal or financial information with someone you have not met personally.
  4. Protect your privacy when using an online dating site. Do not use the same username and email address used for your normal daily activity and never put your full name on your profile.
  5. Never go off-site to use personal email or instant messaging. Social media and dating sites have a communication platform designed to protect you and keep your information private.

Finally, if you do have a need to send money overseas please follow this advice: Wiring money is the same as sending cash. It is gone as soon as it is sent. The most secure way to send money to a U.S. citizen abroad is through the U.S. State Department. To find out more about this and other options for sending money abroad go to http://www.travel.state.gov and visit the international travel section or contact Western Union and ask about this program.

Remember, your best defense online is combining awareness of cyber threats and risks with recognizing your own personal bias in the moment. Ultimately, if you are not completely comfortable with an email or website, then leave it alone.

Happy Valentine’s Day!

Dr. Richard White is an adjunct professor of cybersecurity and information assurance at University of Maryland University College (UMUC) and the author of Cybercrime: The Madness Behind the Method.”

Cyber Connections News Roundup: January 29

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

January 29, 2019

New Law In Australia May Affect Data Security Worldwide

A new law in Australia gives law enforcement authorities the power to compel tech-industry giants like Apple to create tools that would circumvent the encryption built into their products. As reported on http://www.nytimes.com, the law, the Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018, applies only to tech products used or sold in Australia, but its impact could be felt around the world as these so-called “back-doors” expose data to friendly agencies yet may also risk exposure of the same data to not-so-friendly entities. Read more.

New Cybersecurity Coalition Filing Raises Privacy vs. Security Debate

In a similar privacy debate, the Cybersecurity Coalition, a group of companies that specializes in cybersecurity products and policy, recently filed a “request for comment” with the National Technology and Information Administration (NTIA) that states that companies occasionally need to compromise customers’ personal data and privacy in order to protect themselves from cyber threats. The filing, according to a report on www.insidesorces.com, raises the old debate over privacy versus security. In its filing, the Cybersecurity Coalition explains that in order to learn more about cyber attacks and prevent them from happening again, the affected company will share data and “large-scale information” about the threat or attack. Read more.

Congress Debates the Merits of Bug Bounties

Lawmakers on Capitol Hill recently passed the Hack the State Department Act, which offers cash prizes to ethical hackers who undergo background checks in exchange for reports about vulnerabilities in government websites and other Internet tools. However, as reported on http://www.washingtonpost.com, many inside and outside government worry that while congress views bug bounties as useful in exposing vulnerabilities, it may also view them as a replacement for fixing institutional problems in government cybersecurity. Read more.

Cybersecurity Tops List of Concerns Discussed at World Economic Forum

At the recent World Economic Forum, held last week in Davos, Switzerland, cybersecurity was high on the agenda as one of the biggest challenges facing chief executives and political leaders around the world. As reported on www.thenational.ae, leaders discussed the need for a global framework to address the loss of $600 billion annually to cyber crime, according to the Centre for Strategic and International Studies. Read more.

Parents of Teenage Boys Beware: Security Flaw Detected in Fortnite

Researchers at cybersecurity firm Check Point Software have discovered a major security flaw in the popular online video game Fortnite that may have let hackers gain access to player accounts and use their stored credit card information to buy digital goods and then resell them. According to a report on http://fortune.com, the company said it had notified Fortnite’s developer, Epic Games, in November 2018. Epic Games appears to have fixed the flaw in late December, but declined to comment as to whether any user accounts were compromised. Read more.

 

Cyber Connections News Roundup: January 15

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

January 15, 2018

Cybersecurity Implications of the Government Shutdown Could Have Long-term Implications

Furloughed workers and frozen funding has compromised our nation’s defenses against foreign cyber attackers, according to cyber blogger Joseph Steinberg. As a very basic example, it is highly unlikely that updates and patches are being tested and applied in a timely fashion to all computers that need them. The shutdown is also having a dramatic impact on the ability of key federal departments and agencies, such as the Department of Homeland Security and the National Institute of Standards and Technology, to secure the private sector, according to a recent www.govtech.com report. Read more.

Compliance Costs and Mobile Attacks Top the List of APAC Cyber Predictions for 2019

According to a recent article on www.networksasia.net, China is the top source of security incidents in Asia, accounting for more than one-fifth (22.8%) of them, followed followed by India (18.4%) and Russia (11.3%). These insights were derived from research developed by Ensign InfoSecurity (EIS), from the period of October 2017 to March 2018. Key cybersecurity predictions for the APAC region include: rising compliance costs; growing attacks on mobile, cloud platforms and SCADA systems; an increased influence of artificial intelligence; and an increase in the complexity of attacks. Read more.

Airline Industry To Take a More Proactive Stance on Cyber Threats

Airports and airlines are industry leaders when it comes to physical security checks, such as baggage scans, restrictions on liquids, and random passenger searches. But now they are focusing more on online threats, according to a recent www.webtravel.com report. The wake-up call came last year, when Cathay Pacific, British Airways, Delta Air Lines and Singapore Airlines all experienced cybersecurity breaches that exposed the personal data of millions of travellers worldwide. Read more.

U.S. Education Industry’s Cybersecurity Lags Behind 16 Other Sectors

According to a recent http://www.edweek.com article, the education industry has the worst cybersecurity vulnerability among 17 industry sectors. Citing a recent report by SecurityScorecard that surveyed 2,393 companies in the education industry, schools tend to underestimate the need for monitoring and protecting network infrastructures. The growth of computer-based assessments also creates cybersecurity concerns. Read more.

HHS Releases Voluntary Healthcare Cybersecurity Practices

In late December, the Department of Health and Human Services (HHS) released voluntary cybersecurity practices to the healthcare industry with the aim of providing practice guidelines to cost-effectively reduce cybersecurity risks. According to a report on www.healthcare-informatics.com, the “Health Industry Cybersecurity Practices (HICP): Managing Threats and Protecting Patients” publication aims to provide guidance to healthcare organizations of all types and sizes, ranging from local clinics to large hospital systems. The publication was produced in response to a mandate set forth by the Cybersecurity Act of 2015 Section 405(d), to develop practical cybersecurity guidelines to cost-effectively reduce cybersecurity risks for the healthcare industry. Read more.

Cyber Connections News Roundup: January 1

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

January 1, 2018

Cybersecurity Trends for 2019: UMUC Faculty Experts Weigh in on What to Expect in the New Year 

As it was when 2018 began, cybersecurity remains a top global priority as we look ahead to 2019, arguably, even more so. We simply need to look back over the past year to see that data breaches have affected just about every aspect of our lives. What can we expect 2019 to bring? Cybersecurity faculty experts at the University of Maryland University College (UMUC) offer five unique industry predictions, trends and priorities for the coming year. Read more.

Maritime Cybersecurity Should Not Be Overlooked

As reported recently on www.pilotonline.com, 70 percent of key maritime industry stakeholders have confidence in the industry’s ability to face cyber attacks, but only 36 percent expressed confidence that their own companies could do the same. These were just two key takeaways from the inaugural Maritime Cybersecurity Survey, conducted by the New Orleans-based law firm Jones Walker LLP. Released in October, 2018, the survey asked senior security and compliance leaders from U.S. maritime companies to gauge the industry’s preparedness for cyber attacks, such as the recent assaults on the ports of San Diego and Barcelona, and the malware attack that cost the shipping giant Maersk more than $300 million last year. Read more.

New Acting Pentagon Chief Is Advocate for Cybersecurity, But Questions Remain

Patrick Shanahan, who will become acting Secretary of Defense on Jan. 1, replacing outgoing Pentagon chief Jim Mattis, has been one of the Pentagon’s top advocates for stronger contractor cybersecurity and IT acquisition, according to a recent article on www.fifthdomain.com. But how Shanahan handles the greater cybersecurity issues we face today, even on a temporary basis, remains an open question that will most likely be tested immediately amid current challenges, such as the alleged hacking campaign from China. Read more.

FINRA Updates Report on Cybersecurity Practices for Broker-Dealers

On December 20, 2018, the Financial Industry Regulatory Authority (FINRA) released a report on cybersecurity practices that continues its efforts to share information that can help broker-dealer firms further develop their cybersecurity programs. This report presents FINRA’s observations regarding effective practices that firms have implemented to address selected cybersecurity risks while recognizing that there is no one-size-fits-all approach to cybersecurity. Read more.

Cybersecurity Remains Among the Top Health IT Risks for 2019

Business continuity and disaster recovery, cybersecurity, biomedical devices, IT governance, system access management, and system implementation will be the biggest IT risk areas for healthcare organizations in 2019, according to a report from Crowe, a global public accounting, consulting, and technology firm. According to a recent article on www.healthitsecurity.com, cybersecurity will continue to be a top boardroom concern among healthcare organizations in 2019. Notably, biomedical device and IoT security will remain as areas of focus to ensure patient safety, HIPAA compliance, and network security risk. Read more.

Cyber Connections News Roundup: December 18

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

December 18, 2018

Does the Latest Bitcoin Hoax Mean Ransom Attacks Are on the Rise?

On Dec. 13, school administrators, business owners and others across the U.S. and Canada received emails threatening them to pay $20,000 worth of Bitcoin or risk a deadly explosion. The scam, which put law enforcement agencies and emergency personnel on high alert, represents a shift in the threat landscape, namely as it relates to scale, according to a recent article on http://www.circa.com. Once phoned in, perpetrators now can email thousands of bomb threats and financial scams with one click of the mouse. Ransom attacks are most likely on the rise, as they are seen as an inexpensive and easy way for individuals and nation states to raise money and move that money around. Read more.

Why Satellites Need Cybersecurity Too

Cybersecurity is a threat countries must not overlook when protecting their satellites, according to a recent article on http://www.space.com. Vulnerable to a number of different types of threats and attacks are hard to trace, satellites also have a series of attack points, rather than a single entry point that’s easier to defend. Read more.

Think a Department of Cybersecurity is a Good Idea? Maybe Think Again

A recent report from http://www.defense360.com argues that many of the cybersecurity challenges we face today already have an approach suited to the problem, and none of them involve a Department of Cybersecurity, a disruptive bureaucratic solution that would fail to solve problems and may also add new ones. One notable concern is that turning cybersecurity over to a centralized department runs the risk of a one-size-fits-all technical solution that does not consider the unique risk environments of other agencies. Read more.

Aramco and Raytheon Cybersecurity Joint Venture A Boon to Job Creation

Saudi Aramco and American defense contractor Raytheon have signed a memorandum of understanding (MoU) to establish a joint venture cybersecurity company, the companies announced on Dec. 14. According to a report on http://www.arabianbusiness.com, the new company will market and provide cybersecurity software and hardware capabilities as well as research and development. The venture also is expected to advance Saudi Arabia’s economic development goals by creating highly skilled jobs in the cybersecurity sector. Read more.

New Mimecast Survey Exposes Lack of Employee Cybersecurity Training

According to a new study by cloud-based email protection company Mimecast, of 1,000 employees who use employer-issued devices, 25 percent of employers do not understand the most common cybersecurity threats against their organizations. Mimecast also found that only 45 percent of businesses put their employees through mandatory, formal cybersecurity training. What does this mean? According to Mimecast, it could indicate that businesses are inherently trusting of their employees. Or, it could also mean that companies simply don’t have the resources or know-how to implement formal cybersecurity training. Read more.