Kobargo Technology Partners offers real-world cybersecurity solutions for our clients. Our Cybersecurity team delivers a superior threat defense design using industry-leading security partners and technologies. We appropriately design and size affordably-priced solutions for small and mid-sized company budgets, including low total cost of ownership.
As part of our commitment to delivering comprehensive solutions, Kobargo is constantly monitoring what’s happening in cybersecurity. Here is a round-up of some interesting items we spotted in the news recently.
Scammers target tax time. As the April 15 deadline looms to file your Federal income taxes, hackers have come up with a new scam designed to separate people from their money. You may have been exposed to this latest scam, which is delivered to people via emails claiming to be from trustworthy sources such as ADP and Paychex. A new study from IBM disclosed scammers are targeting malware campaigns aimed at businesses, with the potential to impact consumers as well. These new tax-themed malware spam campaigns appear to be from legitimate accounting, tax, and payroll services firms and contain malicious Microsoft Excel attachments with a payload familiar as one of the most common and effective banking Trojans: TrickBot, a malicious software strain. TrickBot steals valuable data such as banking credentials, which allows thieves to wire themselves money from victims without immediate detection. Since they appear to be from Paychex and ADP—names that users are familiar with, especially during tax season—there is a great likelihood these diabolical emails will be effective. Researchers tracked these emails to early March, when they were delivered to people’s inboxes between 11:45 a.m. and 3:45 p.m. Eastern time, during working hours. They were written in English, using a technique known as typo-squatting, where a hacker creates a fake website meant to look like a legitimate one in order to fool users into clicking and divulging personal information. For example, a scammer will direct a person to log onto the nefarious “Gooogle.com” instead of the legitimate site, “Google.com.” Sadly, this type of phishing can prove effective. “The size of the spoofed firms suggests the criminals are likely to have some success in snagging individual users and some businesses that are customers of these well-known companies,” researchers said. “Recipients are more likely to expect an email about taxes from their service provider, so attackers can be much more successful if they spoof the names and email addresses of trusted HR services and accounting companies to deliver malware right around tax season.” To try to proactively alert people to this type of attack, ADP issued two security alerts this year to tell customers they might be targets of phishing emails intended to steal their information. For years, the Internal Revenue Service has been trying to stop scammers from using documents in a victim’s name with the intention of stealing their return. A Treasury Department inspector general’s report issued in February 2018 found that, with months to go before the April filing deadline, the IRS had identified more than 9,500 tax returns with approximately $46 million had been claimed. By that same time, the agency had stopped more than $22 million (48.3 percent) in fraudulent refunds from being issued. As of Feb. 28, 2018, the IRS had prevented more than 7,300 fraudulent electronically filed tax returns from being returned and as of March 15, 2018, more than 1,400 paper-filed tax returns were prevented from being returned. Of course, Phishing is only one way scammers use to steal information. The agency issued a “dirty dozen” list of things to watch out for, including falsifying income to claim credits, offshore tax avoidance, and fake charities.
A career in cybersecurity? Soon there’ll be more young people working in cybersecurity, thanks to the efforts of three large companies. Mastercard, Microsoft, and Workday recently announced they’ve started a new initiative designed to attract recent college graduates to work in cybersecurity jobs for the government. The companies are partnering with 11 federal agencies in the program, which will offer two-year fellowships to 50 promising recent college grads, beginning next year. Once the selected students finish working for the government for two years, they will be offered fast-track consideration for full-time jobs working in cybersecurity at one of the sponsoring companies. As if that isn’t a sweet enough offer, the students will also be eligible for up to $75,000 in college loan forgiveness. The participating agencies will pay for the cost of the fellowships, and Workday, Microsoft, and Mastercard will pick up any administrative costs along with the costs of the loan forgiveness. This program is being run by a non-profit focused on government efficiency, the Partnership for Public Service. This program is aimed at reducing a shortage on the national level of workers in the cybersecurity sector. Data from the government estimates that shortage is around 300,000 trained workers; currently there are a bit more than 715,000 people employed in the cybersecurity workforce. There are several federal agencies taking part in this new program, including the U.S. Department of Defense, U.S. Department of Energy, the Federal Bureau of Investigation and the Central Intelligence Agency.
Mastercard’s Chief Security Officer, Ron Green, said these organizations hope to run the Cybersecurity Talent Initiative every year, and to bring in new corporate sponsors as well as additional participating agencies. He also said there’s an incentive for the companies taking part in this initiative. By the time the fellows are ready to accept jobs in the private sector, they will already have considerable experience dealing with, and protecting against, the sophisticated hackers who target government agencies, and are often aligned with nefarious nation-states.
While the program is currently structured for fellows to work for just two years in the government sector, the CEO of the Partnership for Public Service, Max Stier, said he hopes that eventually fellows will choose to continue working for the government, or alternate between the government and private sectors throughout their careers in cybersecurity.
Government working to improve cybersecurity. The United States Senate recently reintroduced two bills dealing with cybersecurity. The first measure, the State Cyber Resiliency Act (S. 516) is a bipartisan effort that would create a program run by the U.S. Department of Health Services designed to “encourage state, local, and tribal governments to strengthen their defenses against cybersecurity threats and vulnerabilities.” This measure is co-sponsored by Sen. Mark R. Warner, a Democrat from Virginia. He explained why he is tackling the issue of cybersecurity. “As cyberattacks increase in frequency and gravity, we must ensure that our nation—from our local governments on up—is adequately prepared to protect public safety and combat cyber threats,” said Sen. Warner. “Nearly 70 percent of states have reported that they lack adequate funding to develop sufficient cybersecurity. This bill will aim to mitigate that need by providing grants to state and local jurisdictions so that they are better prepared to take on these emerging challenges,” he added. The State Cyber Resiliency Act is co-sponsored by Sen. Cory Gardner, a Republican from Colo. He is partnering with his Democratic colleague from across the aisle because he sees the threat to the United States if something isn’t done to proactively deal with the threats posed by cybercriminals. “It’s critical that our state and local governments invest in cyber preparedness and training, and I’m proud to work with Senator Warner and Representatives Kilmer and McCaul to create a grant program to help our communities with this effort,” said Sen. Gardner. “Colorado is at the forefront of our nation’s cybersecurity efforts and home to the National Cybersecurity Center in Colorado Springs. As the threat of cyber warfare intensifies, it’s important that local governments are properly prepared to deter and protect themselves from cyber-attacks.”
The State Cyber Resiliency Act is co-sponsored in the United States House of Representatives by Rep. Derek Kilmer, a Democrat from Washington State. He agrees with his Senate colleagues that cybersecurity needs to be addressed, and soon. “America should dedicate far more attention and resources to combating cyber threats,” said Rep. Kilmer. “Cyber-attacks could threaten our election systems, municipally-owned water treatment facilities, local emergency responder networks, or other vital systems that impact our communities. With that in mind, building our cyber resiliency matters to employers, workers, local governments, consumers—and even to our national security. That’s why I’m proud to join my colleagues in introducing a bipartisan plan to give state, local, and tribal governments more tools to counter these cyber threats,” he added. Kilmer’s House co-sponsor is Rep. Michael McCaul, a Republican from Texas. Speaking about the State Cyber Resiliency Act, he said, “As our nation continues to face cyber threats, we must ensure all levels of government are prepared to combat the emerging attacks to our cyber networks and other critical infrastructure. The enactment of CISA last year was a positive step forward to recalibrate our federal posture on cybersecurity, however, more needs to be done on a state and local level. Despite playing a vital role in protecting our nation against cyber-attacks, state governments often do not have the vital resources they need to strengthen their cybersecurity capabilities or retain or recruit seasoned cybersecurity professionals,” said Rep. McCaul. “As a co-chair of the House Congressional Cybersecurity Caucus, I will continue to think holistically about protecting our networks on a federal, state, and local level. I am proud to join Senators Warner and Gardner, along with Congressman Kilmer, in introducing the State Cyber Resiliency Act to aid state and local governments with a new grant program to enhance their cyber defenses.”
The other measure that Congress is considering is the Cyber League of Indo-Pacific States Act (CLIPS, S.Res.140), which is co-sponsored by Sen. Gardner and Sen. Chris Coons, a Del. Democrat. This bill would create a cybersecurity alliance in the Indo-Pacific region, keying in on sharing digital threat information, extraditing cyber criminals between nations, and imposing consequences on countries that violate standards of good behavior in cyberspace. Sen. Coons backs the bill because the issue of cybersecurity doesn’t just affect the United States. “The increasing use of cyber-attacks and cybercrime to steal information, influence populations, and attack infrastructure requires a global solution,” said Sen. Coons, who added, “I am proud to introduce this resolution to urge the Administration to work with our partners in the Indo-Pacific to ensure a free and open Internet safe from economically crippling cyber-attacks.” For co-sponsor Sen. Gardner, the cybersecurity issue has a financial impact. “Estimates put losses from cybercrime at $600 billion annually and growing, impacting companies from Wall Street to Main Street, as well as the infrastructure supporting the entire U.S. economy,” said Sen. Gardner, adding, “This bipartisan legislation would unite like-minded countries to address the fundamentally unfair competition when other countries support or directly engage in cyber theft.”
If it’s passed, CLIPS Treaty member countries would agree to:
- Create an Information Sharing and Analysis Center
- Consult on emerging cyber threats
- Pledge not to conduct or support theft of intellectual property
- Introduce and enforce minimum criminal punishment for cyber theft
- Extradite cyber thieves
- Enforce laws protecting intellectual property, including patents
- Ensure government agencies comply with software license terms
- Minimize data localization requirements consistent with the United States- Mexico-Canada Agreement
- Seek cooperation with respect to standards
- Provide for public input when devising legislation on cybersecurity
- Cooperate on the attribution of cyber-attacks and impose appropriate consequences
Spy app attacks iPhones. Apple fans have long thought their devices are safer than the competition, because cybercriminals primarily focused their hacking efforts on non-Mac laptop and desktop computers. Today, they’re targeting smartphones and tablets more often, and Apple’s iPhone and iPad are increasingly in the crosshairs of hackers looking to steal from consumers who use their mobile devices for banking, connecting on social media, and making online purchases. Security researchers recently discovered a surveillance app, which was first designed for Android devices, can be used to target iPhone users. This revelation, announced by a mobile security firm in San Franciso, said the nefarious app’s developer abused their Apple-issued enterprise certificates to bypass Apple’s App Store to infect unsuspecting victims. The disguised carrier app can silently grab much from a victim’s phone, including contacts, audio recordings, photos, videos and other device information, including their real-time location data. It can also be triggered remotely to listen in on people’s conversations. While researchers don’t have data on who might have been targeted, they did say the malicious app was served from fake sites claiming to be cell carriers in Turkmenistan and Italy.
Researchers linked this app to the makers of a previously discovered Android app, Exodus, which was developed by an Italian surveillance app maker, Connexxa, which has been found to have been used by Italian authorities and claimed hundreds of victims, who either installed the app or had it installed. According to Security Without Borders, Exodus had a larger feature set, and expanded spying capabilities by downloading an additional exploit, designed to gain root access to the device. This gave the app almost complete access to the device’s data, including cellular data, emails, and Wi-Fi passwords.
Both apps use the same backend infrastructure, but the iOS app used several techniques, such as certificate pinning, to make it difficult to analyze the network traffic. A security intelligence engineer said, “This is one of the indicators that a professional group was responsible for the software.” While the app’s Android version was downloadable directly from Google’s app store,
the iOS version was not widely available. Connexxa signed the app with an enterprise certificate issued to the developer by Apple, which allowed the app maker to bypass strict App Store checks. This was a violation of Apple’s rules, which don’t allow certificates designed to be used strictly for internal apps to be marketed to consumers.
More women hold leadership roles in cybersecurity. A new study from the non-profit cybersecurity professional organization ISC² found that, thanks to higher levels of education and more certifications, a larger percentage of women working in cybersecurity hold leadership positions than men. The study said that even though men outnumber women in the cybersecurity sector by a wide margin—three to one—more women make it to higher level positions. Researchers found the following:
- Seven percent of women are chief technology officer, compared to two percent for men
- Nine percent of women are vice president of IT, versus five percent for men
- For IT director, the figures for women are 18 percent, while it’s 14 percent for men
- For C-level/executive positions, the figures are 28 percent for women, 19 percent for men
Women in cybersecurity are younger and better-educated than their male counterparts, with more than half (52 percent) holding a post-graduate degree, compared with 44 percent of men. Almost half (45 percent) of female cybersecurity professionals are millennials.
You can’t afford to ignore your company’s cybersecurity. Contact Kobargo Technology Partners today to set up a no-obligation consultation to go over your IT system security and discuss ways to safeguard your organization in today’s digital world. Let our team show you how we can help increase productivity, decrease downtime and keep your customers—and employees—safe and happy.