Another day, another round of big-tech layoffs. Per Bloomberg, the number of recently laid-off workers is more than 100,000. That’s a lot of people newly #OpenToWork.

If your LinkedIn page is filled with former Googlers, Meta-ites, and Amazonians seeking new employment after that severance runs out, consider calling them over to the one tech industry that is literally starving for employees. According to the (ISC)2 2022 Cybersecurity Workforce Study, the current cybersecurity workforce gap is 3.4 million people worldwide.

Per (ISC)2’s report: “While the cybersecurity workforce is growing rapidly, demand is growing even faster. (ISC)2’s cybersecurity workforce gap analysis revealed that despite adding more than 464,000 workers in the past year, the cybersecurity workforce gap has grown more than twice as much as the workforce with a 26.2% year-over-year increase, making it a profession in dire need of more people.”

In the United States today, there are nearly 800,000 cybersecurity job openings, according to CyberSeek’s heat map – many of these roles are in states like California, Texas, Florida, Colorado, and Virginia. These states have thousands of openings available in various capacities, ranging from analysts to manager roles.

And according to some cyber experts, soft skills may be just as important as certifications. In a recently-published op-ed in Forbes, Boyd Clewis of Baxter Clewis Cybersecurity highlighted how important communication skills are  for IT professionals.

“In cybersecurity, the number one most valuable trait isn’t being great at working on systems and software—it’s having clear, precise verbal and written communication,” Clewis wrote. “Unfortunately, schools and training programs focus on technical skills, often ignoring communication. This poses a real problem, since communication skills are absolutely necessary in this field. IT and cybersecurity exist only as an extension of business, to help business processes enable applications.”

As previously reported in this blog, the White House has also pushed on filling the widening cybersecurity jobs gap. At the end of 2022, the executive branch celebrated the end of its 120-day cybersecurity “Apprenticeship Sprint.”

At the end of this sprint, the White House boasted 194 new cybersecurity registered apprenticeship programs and more than 7,000 apprentices getting hired. Several hundred new cyber-related occupations were also added to registered apprenticeship programs.

Organizations like Austin Community College, ISC(2), Cisco Systems, and the U.S. Department of Veterans Affairs all started new programs to train up-and-coming security experts, according to the WH press release. The largest provider of apprenticeships is within the U.S. government for the Department of Defense, according to the release.

Looking to expand your understanding of the cybersecurity industry? Meet with us in your city — check out our upcoming events at dataconnectors.com/events.

Laid-Off Tech Workers Could Consider Any of …

Industry News Posted by Jen Greco on Jan 23, 2023

For anyone plugged into the blossoming world of artificial intelligence, you’ve probably heard of (or chatted with) ChatGPT. And for anyone curious about how AI feels about AI when it comes to cybersecurity, look no further.

Following a handful of barbs regarding Asimov’s Rules of Robotics, I asked ChatGPT if it could “write me an article about the role of AI in cybersecurity.” Here is what it said:

The Role of Artificial Intelligence in Cybersecurity

Artificial intelligence (AI) has the potential to revolutionize the field of cybersecurity, and it is already being used in a variety of ways to improve the security and integrity of computer systems and networks. Some of the ways in which AI is being used to enhance cybersecurity include:

Threat detection and prevention: AI can be used to analyze large amounts of data, including network traffic and user behavior, to identify and alert on potential threats. By using machine learning algorithms and other techniques, AI can help to identify patterns and anomalies that may indicate the presence of a security threat, and it can take automated actions to prevent or mitigate these threats.

Vulnerability management: AI can be used to identify and prioritize vulnerabilities in a network, and to suggest patches or other remediation measures to address them. By continuously monitoring networks and systems for vulnerabilities, AI can help organizations to stay ahead of potential security threats and to ensure that their systems are secure and compliant.

Password management: AI can be used to generate strong passwords and to detect and alert on suspicious login activity. By using advanced algorithms and machine learning techniques, AI can help to ensure that passwords are secure and that unauthorized access to systems is detected and prevented.

Phishing and spam detection: AI can be used to analyze emails and other communications for signs of phishing or spam, and to flag or block these messages. By using natural language processing and other techniques, AI can help to identify and filter out malicious communications, and to protect users from falling victim to these scams.

In addition to these specific applications, AI can also be used to improve the efficiency and effectiveness of cybersecurity operations more broadly. By automating tasks and providing actionable insights and recommendations to security professionals, AI can help to streamline and optimize security processes, and to free up human analysts to focus on more complex tasks.

While AI has the potential to significantly improve cybersecurity, it is important to carefully consider the risks and limitations of these technologies. There is a potential for AI to be misused or to introduce new security vulnerabilities, and it is important to ensure that these technologies are used in a responsible and ethical manner.

Overall, the role of AI in cybersecurity is likely to continue to evolve and expand in the coming years, and it will be an important tool in the fight against cyber threats. By leveraging the power of AI, organizations can improve the security of their systems and networks, and better protect themselves and their customers from cyberattacks.

###

Obviously, as an editor by trade, I prodded at the bot for its pro-AI bias, for which it profusely apologized and stated that it didn’t intend to offend.

Apart from this discussion, it was able to offer some insights on Zero Trust in government, but its primary shortfall is that its unable to draw any knowledge on current events as its cutoff is in 2021. Thus, any discussion on recent cyberattacks or up-and-coming methods are less than ideal. Per the bot, it utilizes data available on published sources and integrates algorithms and other data to offer information in a conversational tone. It’s quick to relinquish any possible opinions, and won’t just do whatever the user inputs. For example, I asked the bot to write about the Colonial Pipeline attack, but in the style of a children’s story — to which it chided me, as it would be inappropriate and irreverent to discuss a serious topic in such a manner.

As a matter of cybersecurity, ChatGPT certainly represents a fairly great threat in terms of the ability to utilize AI for rampant disinformation — an issue that has been widely reported toward the end of 2022. In an article on eSecurityPlanet, Robert Blumofe, who is the CTO and EVP at Akamai Technologies, is quoted citing the threat of this tech in phishing.

“The technology will enable attackers to efficiently combine the volume of generic phishing with the high yield of spear phishing,” he said in the article.  “On the one hand, generic phishing works at a massive scale, sending out millions of lures in the form of emails, text messages, and social media postings. But these lures are generic and easy to spot, resulting in low yield. On the other hand and at the other extreme, spear phishing uses social engineering to create highly targeted and customized lures with much higher yield. But spear phishing requires a lot of manual work and therefore operates at low scale. Now, with ChatGPT generating lures, attackers have the best of both worlds.”

What may be most interesting from a security perspective is the fact that the developers are now concerned with those who may use the AI for nefarious purposes. For example, when I asked the bot to generate a password reset email for a Twitter user, it cheerfully complied — with a content warning.

While there’s currently no telling where this technology might take cybersecurity, it’s clear that the developers are beginning to take the potential for abuse.

For anyone interested in delving deeper, the bot is available here. Share your chat highlights in the comments.

Is there a word for the week between Christmas and New Years where time seems to just move differently? Cyber experts know that hackers never take a week off – and in fact, tend to capitalize on these “quiet” times. Here are some of the latest security updates capping off the year.

NO NEW PATIENTS: A New Jersey hospital halted patient admissions due to “an IT security issue” – which is currently under investigation, according to NJ.com. CentraState Medical Center in Freehold diverted all new and incoming patients, though patient care had not been adversely affected, according to the report. The story…

AMONG OTHER DISRUPTIONS FOR THE WEEK: We’ve got the closing of the Harrington Raceway & Casino in Delaware due to a “temporary disruption.” Bristol Community College in Massachusetts has shut down campus internet access thanks to a breach. Plus, Howard Memorial Hospital down in Arkansas just had a breach that may impact patient and employee security and confidentiality.

IMAGINE PAYING $44 BILLION FOR THIS:  If you missed it, Piers Morgan’s Twitter account was really, really hacked over the Christmas holiday, and many are confident that his and other high-profile user data was leaked in a June 2021 bug. By July of 2022, Twitter insiders came to find that this bug was exploited to the tune of 400,000,000 users’ data. All this based on research from Israeli cyber-intelligence firm Hudson Rock, as reported by The Guardian.

TIKTOK’S FINAL COUNTDOWN: Leaving out the obvious cultural decay that TikTok has reaped upon America’s youth, the security threat it brings should be enough to concern any fairly savvy lawmaker. Governors across the United States have announced bans on the use of this app for state employees, and a ban was also included in the massive $1.7 trillion spending bill for all government-issued devices… making it, likely, possibly, the least expensive line item on the bill. Broader story from Stateline.org.

LOOKING FOR THE BEST RECAP OF 2022?: KrebsonSecurity celebrated 13 years in business earlier this week – no small feat in a dynamic industry like this one. To celebrate, the site posted a full year-in-review – definitely an ideal read for putting your arms around the biggest stories in security for 2022. Remember when Norton was installing crypto-mining software on customers’ computers? Yeah, that was this year.

Hackers Don’t Take This Week Off: Wee …

Industry News Posted by Jen Greco on Dec 30, 2022

We may be living in strange times, but that text message you received last week from yourself probably didn’t pass the smell test for most cybersecurity professionals.

In case you missed it, a large number of Verizon customers got texts from their own phone numbers over the last few weeks. The compelling message? It’s a heads up that your March bill was paid, and a link for you to claim a “free gift.” Obviously, the gift likely anything but free.

SMS scams – or smishing – is costly for those who fall victim – in 2020, Americans lost $86 million on text message scams, according to the Federal Trade Commission and the AARP. The average individual loss was $800 in 2020 (that’s roughly $880 in 2022 dollars).

“As part of a recent fraud scheme, bad actors have been sending text messages to some Verizon customers which appear to come from the customers’ own number. Our company has significantly curtailed this current activity, but virtually all wireless providers have faced similar fraudulent activity in recent months,” Verizon said in a statement sent to Fox News.

Verzion doesn’t seem to think the Russians are behind this one, according to the same statement, where they also mentioned that they’re working closely with law enforcement to remedy the issue. That said, the author of this article from The Verge reported that the link in the message seemed to point back to a  Russian state TV network.

This seems to be a result of those robocalls going unanswered, thanks to aggressive phone spam filters offered by mobile carriers, according to Verizon. It’s not so easy to block your own number from spamming you.

“Just as Verizon continues to combat robocalls on behalf of our customers — 20 billion blocked to date — we are working diligently to crack down on pesky spam texts and have put a number of tools in place to prevent them from ever reaching you,” the company said in a press release.

If you’re a Verizon customer tackling these spam texts, they tell you not to delete it (full disclosure: this author deleted it immediately). If you get it, copy the message and text it to “SPAM” (that’s #7726 on your touchtone).

For now, the best move would be to follow the sage advice from AARP:

1. Don’t respond – not even with a STOP.
2. Don’t click links and don’t open attachments.
3. Filter and block spammy messages.

Also, don’t forget to ask yourself why you’d be texting yourself with a free gift – instead, treat yourself to the joy of outsmarting yet another cyber criminal.

Note to Self: Smishing Schemes Are on the R …

Hot Topics in Cybersecurity Posted by Jen Greco on Apr 4, 2022

Mayor Castor, State CIO Grant Join Public Officials, FBI and US Secret Service Agents to Educate Local Leaders on Current Trends

Data Connectors, representing the largest cybersecurity community in North America, confirmed details of the Tampa Cybersecurity Conference on March 15. This first-of-its-kind gathering brings together federal, state, and local organizations with top private-sector executives from area businesses and public-sector leaders of regional municipalities.

The agenda includes Tampa Mayor Jane Castor, Florida State Chief Information Officer Jamie Grant, senior officials from the Tampa Field Offices of the United States Secret Service and the Federal Bureau of Investigation (FBI), the Florida Attorney General’s Office, alongside Chief Information Security Officers (CISOs) and other cybersecurity leaders from over 200 area businesses.

“The City of Tampa’s unique role as home to MacDill Air Force Base and Central Command means that we are very cognizant of the need to protect our critical infrastructure against attacks. We continue to work closely with the Department of Homeland Security, other government agencies and peers to participate in a whole-of-community approach to build and sustain security prevention and protection capabilities. The new reality is that both government and private networks are being attacked daily. That means we all have to be diligent and adapt to technology and education. Our cyber security safeguards are ongoing, with each employee having a role to play in protecting our cyber infrastructure,” Castor said.

The Conference features live expert panel discussions, networking opportunities, and informative presentations from leading cybersecurity solution providers. Honored guests on the agenda include:

• Jane Castor: Mayor for the City of Tampa
• Jamie Grant: Florida’s State Chief Information Officer (CIO)
• Sanjay Virmani: Acting Special Agent in Charge, FBI Tampa Field Office
• Richard Dean: Asst. Special Agent in Charge, US Secret Service – Tampa Field Office
• Jeremy Rodgers: CISO, State of Florida
• Ramin Kouzehkanani: Chief Information & Innovation Officer, Hillsborough County
• Martin Zinaich: CISO, City of Tampa
• Jason Manar: CISO, Kasteya

US Secret Service and FBI representatives will participate in panel discussions, and touch on the importance of public-private partnership to overcome the threats faced by businesses in the region. Keynotes include:

• Jason Menar, the Chief Information Security Officer for Kaseya, who has the unique experience of having investigated the company’s 2021 data breach as an FBI agent, and
• Florida State CIO Jamie Grant, who will talk about his organization’s progress building the Florida Digital Service.

The Conference will be held in downtown Tampa Marriott Water Street on Tuesday, March 15 with sessions starting at 9 a.m. Qualified professionals can obtain Continuing Professional Education (CPE) credits for participation.

Conference registration information can be found at: dataconnectors.com/tampa

About Data Connectors
Since 1999, Data Connectors (dataconnectors.com) has facilitated collaboration between senior cybersecurity professionals, government/law enforcement agencies, industry luminaries, and solution providers. Today, the community comprises over 650,000 members and 250 active vendor partners across North America. Members enjoy informative education, networking and support via our award-winning Virtual Summits, live Conferences, Web Briefings, and regular communications.

As Cybersecurity Threats Related to Russia- …

Press Releases Posted by Jen Greco on Mar 7, 2022

67% of first-year costs follow, as hospitals work to resurrect systems and operations. These expenses include making legal, technical, and regulatory amends, notifying and communicating with affected patients, and heightening data security following the incident. On top of these expenses, more money is lost as hospital business decreases as a result of waning customer trust, damage to their reputation, and system shutdowns during reparation. After hospitals find themselves on a steady path to recovery, small to medium medical organizations have spent 5% of their yearly revenue, which on average, totals to $2.5 million.

An additional layer of data security may be the answer to fears and ignite preventative action. Blockchain, defined as, “a distributed ledger for recording transactions and tracking assets”, can secure healthcare data and shield against breaches. Wearable and remote monitors, telehealth, gamification, and health data NFTs are a few blockchain tools that can make a world of difference.

Wearable and remote devices include narcolepsy, blood pressure, seizure, pulse, sleep apnea, and diabetic monitors among others. These devices can be connected to databases that retain each individual’s recorded information. Healthcare personnel can retrieve patient data as it’s being recorded, patients can have more personalized care, and paramedics can better treat patients according to recent data when they arrive. With better security, less errors in data reporting, and longer-lasting technologies, these devices offer many benefits that can aid both data safety and the productiveness of patient-professional relationships.

Telehealth on its own poses notable risks, as few fully-fleshed out regulations and protocols regarding the storage and distribution of data exist and personal information can be shared with marketers and other parties without consent. By implementing blockchain, telehealth security heightens and becomes more dependable. Blockchain can infuse secure storage systems for medical records and compile data to give medical professionals a more comprehensive account of patient history.  By augmenting customer trust in the system and providing more efficient forms of data exchange, adding blockchain components to telehealth could be another guard against data breaches.

Gamification and health data NFTs go hand-in-hand. With gamification, patients are more focused through strategies that facilitate orientation toward their health-related objectives and openness to adopting new skills and habits. Those who attend doctor’s appointments, complete surveys, take prescriptions, and abide by doctor’s orders are rewarded with cryptocurrency tokens. Medical professionals, in turn, minimize losses as a result of improved, motivated outcomes. 

NFTs for health data describes the utilization of non-fungible tokens to protect an individual’s health record, guarding against theft and fraud. Patients benefit from increased control over their data, the possibility of gaining a profit from sharing select data with third parties, and being able to verify the legitimacy of personal information. 

Blockchain is being adopted into systems by both long-standing and up-and-coming healthcare companies, as they improve services and transactions and guard against the toll that data breaches can take on any organization. Learn more about blockchain and health to see how it can secure your service and operations too.

INFOGRAPHIC: A Line of Defense for Healthcare

Infographics Posted by Jen Greco on Mar 2, 2022

Law Enforcement, Chief Information Security Officers from Region’s Largest Organizations Convene to Get Ahead of Expanding Cyber Threats

ST. LOUIS, MO – November 29, 2021. Data Connectors, representing the largest cybersecurity community in North America, confirmed the details for the State of Cyber 2021 Conference, which will take place December 1st and 2nd, 2021. In partnership with the St. Louis InfraGard Alliance and local field offices of the Federal Bureau of Investigation (FBI) and the US Secret Service, the Chesterfield, MO-based firm will present this year’s in-person and online gatherings, a return from last year’s all-virtual format.

“The United States Secret Service is proud to collaborate with our local, state, and federal partners at the State of Cyber 2021 Conference. Sharing intelligence with them and the organizations responsible for a private infrastructure operating in the St. Louis metropolitan area furthers our investigative mission to thwart crimes against the financial infrastructure of the United States,” stated Thomas Landry, Special Agent in Charge, U.S. Secret Service – St. Louis Field Office.

Landry also headlines the agenda on Wednesday, December 1st.

The conference features prominent Chief Information Security Officer (CISO) executives from the region, as well as industry luminaries, cybersecurity solutions experts, and representatives from government agencies. The two-day agenda represents a combination of the St. Louis Cybersecurity Conference, which has been run annually since 2003, the St. Louis InfraGard Alliance’s State of Cyber event started in 2016, and an annual update for local cyber professionals conducted by the St. Louis Office of the United States Secret Service’ Cyber Fraud Task Force.

Validated professionals in the community that attend the Conference will receive briefings from the Department of Homeland Security (DHS) Cyber Infrastructure Security Association (CISA), and hear from local peer executives from organizations such as Mastercard, First Bank and TikTok.

The Conference will also feature a panel discussion on the State of Cyber Inter-Agency Cooperation, and keynotes from public and private sector executives:

• Richard Quinn, Special Agent in Charge, FBI St. Louis Division
• Erin Hug, Cyber Intelligence Analyst, Cybersecurity Forensics & Intelligence Unit at Missouri State Highway Patrol
• Angela Robinson, Cybersecurity Specialist with the Department of Public Safety (DPS)
• Derek Rieger, Deputy Director of the St. Louis Fusion Center
• Brian Cockrill, Senior Special Agent – Technical Staff Assistant at the United States Secret Service – St. Louis Field Office
• Christopher Cockburn, Cybersecurity Advisor at CISA
• D. Henry, Cyber Security Advisor & Indiana Cybersecurity State Coordinator at CISA

Over 300 members of the Data Connectors Cybersecurity Community are expected to attend this conference. More than 30 community partners and affiliate organizations will also be a part of the gathering including Auth0, Attivo Networks, Darktrace, and Noname Security.

The Conference will take place on Wednesday and Thursday, December 1-2, starting at 8:00 a.m. CST at the Hyatt Regency St. Louis at The Arch, 315 Chestnut St., St. Louis, MO 63102. Registration is FREE for qualified professionals, who can also obtain Continuing Professional Education (CPE) credits for participation.

More information for the Summit can be found at dataconnectors.com/state-of-cyber.

+++++++++

About Data Connectors
Since 1999, Data Connectors (dataconnectors.com) has facilitated collaboration between senior cybersecurity professionals, government/law enforcement agencies, industry luminaries, and solution providers. Today, the community comprises over 650,000 members and 250 Community Partners across North America. Members enjoy informative education, networking and support via award-winning Virtual Summits, live conferences, Web Briefings, and regular communications.

# # #

Note to reporters: If you wish to attend these sessions at no charge, please contact Michael Hiskey, Chief Strategy Officer, at +1.636.778.9495, or info@dataconnectors.com.

“State of Cyber 2021” Brings Together H …

Press Releases Posted by Emily Ramsey on Nov 29, 2021

ATLANTA’S CHIEF INFORMATION SECURITY OFFICERS DEBATE FUTURE OF CYBERSECURITY; 2022 TRENDS

Targeted by Nation-States and Ransomware Gangs, Boards and Executive Leadership Teams Face Realities of Current Threat Landscape

ATLANTA, GA – October 25, 2021 Data Connectors, representing the largest cybersecurity community in North America, confirmed the details for the Atlanta Cybersecurity Conference this week.  The important gathering for senior executives in the region that has been listed as one of the top five in the country returns to an in-person format, after a 19-month hiatus.

The conference features prominent Chief Information Security Officers (CISO) executives from the region, as well as industry luminaries, cybersecurity solutions experts, and representatives from government agencies including the Federal Bureau of Investigation (FBI) and the United States Secret Service.

The 15th annual event returns with a two-day agenda, highlighting important areas of cybersecurity such as identity and access management, cloud email security, development security operations (DevSecOps), and managed detection and response.

“Boards and executive leadership teams are confronted with the reality that they can no longer engage in digital transactions or e-commerce without understanding the global cybersecurity landscape or the state of their internal security program,”  said Derek Johnson, local cybersecurity executive from the Susan G. Komen organization and Board Member at the InfraGard Atlanta Members Alliance. In his featured keynote at the conference, Johnson will lead a discussion for the cybersecurity community members on hand to explore the topic further this Thursday afternoon at the Marriott Buckhead Hotel & Conference Center.

In his presentation “Atlanta FBI Looks Back on 2021 Cyber Threats,” Special Agent Nathan Langmack, from the FBI Atlanta Field Office, will dissect the key components of some of the recent high-profile ransomware attacks such as SolarWinds and Colonial Pipeline. He will use these and others to surface lessons learned that translate to what CISOs and all information security executives should regard as best practices.

These discussions include some of the top executives throughout the region, such as:

• Kevin Gowen, CISO at Synovus Bank
• Dean Mallis, CISO at MARTA (Metropolitan Atlanta Rapid Transit Authority
• Jameeka Green Aaron, CISO at Auth0
• Michael F.D. Anaya, Head of Attack Surface Analysis at Palo Alto Networks
• Tamika Bass, CISO at Georgia Department of Revenue
• Taiye Lambo, Founder at HISPI and Pioneer vCISO

Over 300 members of the Data Connectors Cybersecurity Community are expected to attend this week.  More than 30 community partners and affiliate organizations will also be a part of the gathering including Votiro, Auth0, Attivo Networks, Security Scorecard, and the local chapters of ISC2, AFCEA, and CNSP.

The Conference will take place on Wednesday – Thursday, October 27-28 starting at 8:00 a.m. E.S.T at the Atlanta Marriott Buckhead Hotel & Conference Center, 3405 Lenox Road NE, Atlanta, Georgia 30326. Registration is FREE for qualified professionals, who can also obtain Continuing Professional Education (CPE) credits for participation.

About Data Connectors
Since 1999, Data Connectors (dataconnectors.com) has facilitated collaboration between senior cybersecurity professionals, government/law enforcement agencies, industry luminaries, and solution providers. Today, the community comprises over 650,000 members and 250 active vendor partners across North America. Members enjoy informative education, networking, and support via our award-winning Virtual Summits, live conferences, Web Briefings, and regular communications.

Atlanta’s Chief Information Security …

Press Releases Posted by Emily Ramsey on Oct 25, 2021

STATE, LOCAL, FEDERAL CYBERSECURITY EXECUTIVES CONFER ON 2022 THREATS, ATTACK LANDSCAPE 

Inaugural Cybersecurity in Government Virtual Summit to include CISO Public Sector Discussion Forums this week.

WASHINGTON, D.C. – OCTOBER 18, 2021 Data Connectors, representing the largest cybersecurity community in North America, has announced a first-of-its-kind online event. Over 50,000 professionals focused on information security, risk, and governance have been invited for a Virtual Summit that will debate key issues.

The 2021 Cybersecurity in Government Virtual Summit will fuel a discussion among attendees and invited executive guests that have been wrangling with a continued deluge of cyber-attacks over the past 18 months (SolarWinds, Kaseya, Colonial Pipeline, etc.), alongside increased focus related to the most recent Executive Order on Cybersecurity.

Keynote presentations include John Felker, Former Assistant Director of the Department of Homeland Security’s (DHS) Cyber Infrastructure Security Agency (CISA), as well as Mark McIntyre, Chief Security Advisor from Microsoft Federal.

“The reality for cybersecurity leaders in the public sector can be more challenging than it is for their commercial business counterparts,” said Dawn Morrissey, CEO and Founder at Data Connectors. “The Summit this week will focus on important collaboration to help them overcome the issues they face with regard to ransomware, cyber skills and staffing concerns, as well as the changing threat landscape,” she concluded.

The summit will feature four expert panel discussions with well-known Chief Information Security Officers (CISOs) from state, federal, local government organizations as well as higher education. Community members in attendance are also executives at those same concerns, from across the US and Canada.

Some of the invited panelists include:

• Shane Barney, CISO at USCIS-Department of Homeland Security
• Dr. Brian Gardner, CISO, City of Dallas
• James Wolff, Associate Administrator, CIO at U.S. Department of Energy
• Nathan Shiflet – Former CISO, State of Florida
• Aaron Verdell Call, CISO, WPS Health Solutions & Former CISO at State of Minnesota
• Jeffrey Brown, CISO of State of Connecticut
• Lester Godsey, CISO, Maricopa County, Arizona
• Scott St. Pierre, Deputy Director, Cybersecurity Division at U.S. Navy
• Shannon Lawson – ACIO/CISO, City of Phoenix

Attendees will ask questions and interact with the experts, as well as each other and the organizations who will feature their solutions at the event. Featured solutions providers at this summit include Attivo Networks, Ivanti, Axio, Cisco and many more.

Registration is FREE for qualified professionals, who can also obtain Continuing Professional Education (CPE) credits for participation. More information for the Summit can be found at dataconnectors.com/cyberingov.

About Data Connectors
Since 1999, Data Connectors (dataconnectors.com) has facilitated collaboration between senior cybersecurity professionals, government/law enforcement agencies, industry luminaries, and solution providers. Today, the community comprises over 650,000 members and 250 active vendor partners across North America. Members enjoy informative education, networking, and support via our award-winning Virtual Summits, live conferences, Web Briefings, and regular communications.

State, Local, Federal Cybersecurity Executi …

Press Releases Posted by Emily Ramsey on Oct 18, 2021

Stay tuned for this update each week. This is a joint cybersecurity weekly product from the Missouri Information Analysis Center, St. Louis Fusion Center, Kansas City Regional Fusion Center and the Missouri Office of Homeland Security.

FBI Shares Technical Details for Hive Ransomware

The Federal Bureau of Investigation (FBI) has released some technical details and indicators of compromise associated with Hive ransomware attacks. In a rare occurrence, the FBI has included the link to the leak site where the ransomware gang publishes data stolen from companies that did not pay. Hive ransomware relies on a diverse set of tactics, techniques, and procedures, which makes it difficult for organizations to defend against its attacks, the FBI says. Among the methods that the gang uses to gain initial access and to move laterally on the network, there are phishing emails with malicious attachments and the Remote Desktop Protocol (RDP).

How to Stay Secure from Ransomware Attacks this Labor Day Weekend

Labor Day weekend is just around the corner and, believe it or not, cybercriminals are likely just as excited as you are! Ransomware gangs have nurtured a nasty habit of starting their attacks at the least convenient times: When computers are idle, when employees who might notice a problem are out of the office, and when the IT or security staff who might deal with it shorthanded. They like to attack at night and on weekends, and they love a holiday weekend. Indeed, while many people are looking forward to catching up with friends and family this Labor Day weekend, cybercrime gangs are likely huddling, too, planning to attack somebody. On the last big holiday weekend, Independence Day, attackers using REvil ransomware celebrated with an enormous supply-chain attack on Kaseya, one of the biggest IT solutions providers in the US for managed service providers (MSPs). Threat actors used a Kaseya VSA auto-update to push ransomware into more than 1,000 businesses.

How Ransomware Runs the Underground Economy

The unwanted attention attracted by ransomware attacks recently has caused several of the top cybercrime forums to ban ransomware discussions and transactions on their platforms earlier this year. While some hoped this might have a significant impact on the ability of ransomware groups to organize themselves, the bans only pushed their activity further underground, making it harder for security researchers and companies to monitor it. If anything, the attacks in the months that followed the forum bans then have been more potent and audacious than ever. The truth is that ransomware is the lifeblood of the cybercrime economy and it will take extraordinary measures to put an end to it. The groups coordinating the attacks are highly professionalized and in many ways resemble modern corporate structures with development teams, sales and PR departments, external contractors, and service providers that all get a cut from the illegal proceeds. They even use business lingo in their communications with victims, referring to them as clients who buy their data decryption services.

Cold Wallet, Hot Wallet, or Empty Wallet? What is the Safest Way to Store Cryptocurrency?

In August of 2021, a thief stole about $600 million in cryptocurrencies from The Poly Network. They ended up giving it back, but not because they were forced to. Slightly more than one week later, Japanese cryptocurrency exchange Liquid was hacked and lost $97 million worth of digital coins. These examples of recent news about hacked cryptocurrency exchanges left many investors wondering whether it was still smart to invest in cryptocurrencies and how to keep them safe. We can’t answer the first question for you. I wish I knew. But we can explain the terminology, the methods, and the risks. So you can decide which would be best for you.

CISA Adds Single-Factor Authentication to the List of Bad Practices

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added single-factor authentication to the shortlist of “exceptionally risky” cybersecurity practices that could expose critical infrastructure as well as government and private sector entities to devastating cyberattacks. Single-factor authentication is a method of signing in users to websites and remote systems by using only one way of verifying their identity, typically a combination of username and password. It’s considered to be of low security since it heavily relies on “matching one factor — such as a password — to a username to gain access to a system.” But with weak, reused, and common passwords posing a grave threat and emerging a lucrative attack vector, the use of single-factor authentication can lead to unnecessary risk of compromise and increase the possibility of account takeover by cybercriminals.

Cybersecurity Advisory: Top Routinely Exploited Vulnerabilities

This advisory provides details on the top 30 vulnerabilities—primarily Common Vulnerabilities and Exposures (CVEs)— routinely exploited by malicious cyber actors in 2020 and those being widely exploited thus far in 2021. Cyber actors continue to exploit publicly known—and often dated—software vulnerabilities against broad target sets, including public and private sector organizations worldwide. However, entities worldwide can mitigate the vulnerabilities listed in this report by applying the available patches to their systems and implementing a centralized patch management
system.

File Upload Security Best Practices Rarely Implemented to Protect Web Applications

Despite a marked increase in concerns around malware attacks and third-party risk, only 8% of organizations with web applications for file uploads have fully implemented the best practices for file upload security, a report from OPSWAT reveals. Most concerning, one-third of organizations with a web application for file uploads do not scan all file uploads to detect malicious files and a majority do not sanitize file uploads with CDR to prevent unknown malware and zero-day attacks. “The hybrid workspace has been driving digital transformation and cloud migration initiatives for a while now, and the rise of cloud services, mobile devices, and remote workers has driven organizations to develop and deploy web applications that enhance the experience for their customers, partners, and employees,” said Benny Czarny, CEO at OPSWAT. “Web applications for file uploads help to streamline their business by making it faster, easier, and less expensive to submit and share documents. Consequently, this adoption has also introduced new attack surfaces that organizations are not effectively protecting.”

Cyberattackers are Now Quietly Selling Off Their Victim’s Internet Bandwidth

Cyberattackers are now targeting their victim’s internet connections to quietly generate illicit revenue following a malware infection. On Tuesday, researchers from Cisco Talos said “proxyware” is becoming noticed in the cybercrime ecosystem and, as a result, is being twisted for illegal purposes. Proxyware, also known as internet-sharing applications, are legitimate services that allow users to portion out part of their internet connection for other devices, and may also include firewalls and antivirus programs. Other apps will allow users to ‘host’ a hotspot internet connection, providing them with cash every time a user connects to it. It is this format, provided by legitimate services including Honeygain, PacketStream, and Nanowire, which is being used to generate passive income on behalf of cyber attackers and malware developers.

Cybercriminal Sells Tool to Hide Malware in AMD, NVIDIA GPUs

Cybercriminals are making strides towards attacks with malware that can execute code from the graphics processing unit (GPU) of a compromised system. While the method is not new and demo code has been published before, projects so far came from the academic world or were incomplete and unrefined. Earlier this month, the proof-of-concept (PoC) was sold on a hacker forum, potentially marking cybercriminals’ transition to a new sophistication level for their attacks.

China’s Microsoft Hack May Have Had a Bigger Purpose Than Just Spying

NPR’s months-long examination of the attack — based on interviews with dozens of players from company officials to cyber forensics experts to U.S. intelligence officials — found that stealing emails and intellectual property may only have been the beginning. Officials believe that the breach was in the service of something bigger: China’s artificial intelligence ambitions. The Beijing leadership aims to lead the world in a technology that allows computers to perform tasks that traditionally required human intelligence — such as finding patterns and recognizing speech or faces. “There is a long-term project underway,” said Kiersten Todt, who was the executive director of the Obama administration’s bipartisan commission on cybersecurity and now runs the Cyber Readiness Institute. “We don’t know what the Chinese are building, but what we do know is that diversity of data, quality of data aggregation, accumulation of data is going to be critical to its success.”

T-Mobile Hack Involved Exposed Router, Specialized Tools and Brute Force Attacks

T-Mobile’s CEO and an individual who claims to be behind the recent hacking of the mobile carrier’s systems have shared some information about how the attack was carried out. In a statement issued on Friday, Mike Sievert, CEO of TMobile, said that while the company’s investigation into the incident was “substantially complete,” he could not share too many technical details due to the criminal investigation conducted by law enforcement. He did, however, share a high-level summary of the attack. “What we can share is that, in simplest terms, the bad actor leveraged their knowledge of technical systems, along with specialized tools and capabilities, to gain access to our testing environments and then used brute force attacks and other methods to make their way into other IT servers that included customer data,” he said. “In short, this individual’s intent was to break in and steal data, and they succeeded.”

DMARC 101: How to Keep Phishing Attacks Out of Your Inbox

You have the latest antivirus program. The firewall is turned on. Passwords are strong and frequently updated. Now you can sleep at night knowing your organization is safe from cyberattacks, right? Well, at least until John from HR decides to log in from a link he received in an email. He probably knew not to click on suspicious emails, but what is considered suspicious? That email could have arrived from your own domain. Attackers can spoof your domain to trick employees or your customers into divulging confidential information or downloading a malicious file attachment. Phishing emails are arriving with smarter baiting tactics, becoming harder to identify. Defenses need to catch up as well. Security teams, especially those responsible for domain integrity, should make sure to correctly implement the three anti-phishing standards: SPF, DKIM, and DMARC.

Increase in Credential Phishing and Brute Force Attacks Causing Financial and Reputational Damage

Abnormal Security released a report which examines the escalating adverse impact of socially engineered and never-seen-before email attacks and other advanced email threats—both financial and reputational—to organizations worldwide. The report surveyed advanced email attacks across eight major industry sectors, including retail and consumer goods; manufacturing; technology; energy and infrastructure services; medical; media and television; finance; and hospitality. 32.5% of all companies were targeted by brute force attacks in early June 2021; 137 account takeovers occurred per 100,000 mailboxes for members of the C-suite; 61% of organizations experienced a vendor email compromise attack this quarter; 22% more business email compromise attacks since Q4 2020; 60% chance of a successful account takeover each week for organizations with 50,000+ employees; 73% of all advanced threats were credential phishing attacks; 80% probability of attack every week for retail and consumer goods, technology, and media and television companies.

See Something/Say Something

The three Missouri Fusion Centers: the St. Louis Fusion Center, the Missouri Information Analysis Center, and the Kansas City Regional Fusion Center have teamed up with the Missouri Office of Homeland Security and P3 to create a Suspicious Cyber Activity Reporting Tool. The Suspicious Cyber Activity Reporting Tool is accessible on the SafeNation App.

Your Weekly DHS/CISA Threat Assessment (Sep …

Press Releases Posted by Data Connectors Newsroom on Sep 3, 2021