This week the #NoPasswordRequired podcast welcomes @winnschwartau the man who coined the phrase, “Electronic Pearl Harbor.” As cool as I find that tidbit…it barely cracked the top ten most-interesting things he said. Winn’s episode drops on Friday.
On the newest episode of #NoPasswordRequired, Winn Schwartau talks about his mother’s greatest lesson; to always learn to learn. At the age of 6, she gifted him a set of encyclopedias. Decades later, his knowledge and love of learning helped define the world of cybersecurity for years to come.
Listen today to hear some of the other things Winn has learned over the years!
Congratulations to the UCF C3 team! They won the 2021 Raymond James Invitational CTF on Saturday, October 2. In addition to claiming the 1st Place trophy, team members will share the $10,000 Grand Prize. This is the fourth time that UCF has won this annual Raymond James competition.
The CTF competition is designed to continue strengthening the talent pipeline between Raymond James and their target colleges and universities. Raymond James is looking to expose students to challenges faced by the financial services industry and identify talent for potential internship and employment opportunities in the Raymond James Information Security and Infrastructure organization. This year, Raymond James hosted 14 teams including the University of Central Florida, University of Florida, University of South Florida, Florida State University, Florida A&M University, Florida Institute of Technology, University of Tampa, St. Petersburg College, and Saint Leo University. Raymond James also invited target schools outside of Florida including Johns Hopkins University, Purdue University, Utica College, and the University of Memphis.
$10,000
Grand Prize will be shared among the team members
Cyber Florida is pleased to support the Foundation of Associated Industries of Florida (FAIF), the Florida Department of Economic Opportunity, and FloridaMakes in presenting the third annual Florida Cyber Forum on October 18 – 19. Businesses in engaged in critical infrastructure, supply chain, transportation, and defense contracting are invited to learn about the latest in Department of Defense cybersecurity requirements, including DFARS and CMMC.
The Forum will provide information on how the business community is reacting and preparing their companies for cyber threats and attacks. Hear from some of Florida’s important business leaders, cybersecurity experts, and lawmakers on the current and future assistance available to comply with cybersecurity requirements. Although we will cover Florida’s industries as a whole, we will focus on critical state infrastructure, supply chain, and transportation and the challenges that they face with regard to data protection.
Learn about the new federally mandated Cybersecurity Maturity Model Certification Program (CMMC) set to become effective this year for companies who do business with the Department of Defense (DoD). The intent of the CMMC is to combine various current cybersecurity standards into one unified standard for cybersecurity. The CMMC will also measure the maturity of a company’s cybersecurity practices and processes through an independent auditing process. It will serve as a framework to protect sensitive unclassified information under the control of a DoD Contractor. This discussion will be brought to attendees by the authors and consultants of the standards themselves.
Whether your company is contracting directly with the Department of Defense as a prime contractor or a subcontractor, or vendor providing services or products to the prime contractor or subcontractors, regardless of size, your company will now have to be audited and certified as compliant with these new standards. Specifically designed to be cost-effective and affordable for small businesses, these new CMMC Standards will be described in detail with timelines for compliance by members of the commission that actually drafted the standards. Without compliance with these new standards, companies will soon realize that they are precluded from providing services and products that possibly were a mainstay in their profitability in the past. Awareness of the applicability of these new standards and need for compliance will be an essential requirement for those affected companies.
Whether you are seeking a “best practices” approach to providing cybersecurity or will be required to meet the new federally mandated standards, this series of educational offerings provide an ever-changing model for responding to real cybersecurity risks that seemingly involve all aspects of our society. Regardless of your profession (risk managers, safety professionals, HR professionals, company managers, IT specialists, attorneys, etc.) or whether you represent individuals or provide services or are a vendor for public or private corporate interests, this seminar will be of significant value to you. Cybersecurity has become a major part of any Risk Management program. It is not for the sole concern of a company’s IT department; rather, it is “everyone’s problem” within the business and needs everyone’s attention.
As it was for so many around the world, 2020-2021 was a year of change at the Florida Center for Cybersecurity (Cyber Florida). In addition to navigating the pandemic, the introduction of new leadership ushered in a bolder vision for the Center with high-reaching objectives designed to position Cyber Florida on the national stage. A comprehensive review of resources, structure, and mission areas culminated in an ambitious three-year Strategic Plan with well-defined goals aligned to our three mission pillars: education, research, and outreach. We were part of three grant awards from the federal government that brought nearly $8 million in funding to the state of Florida, including funding for free workforce training for veterans and first-responders!
Some of the key achievements from 2020-2021 include
According to recent estimates, government agencies and jurisdictions in the United States have experienced nearly 250 ransomware attacks in the past three years, costing roughly $50 billion in combined recovery costs and productivity losses, to say nothing of the disruption of services. It’s a problem that continues to grow year over year, and some people argue that the solution is to outlaw ransomware payments. Using data from a survey conducted by Dr. Stephen Neely at the University of South Florida, Cyber Florida Staff Director Dr. Ron Sanders and Dr. Neely explore how citizens think governments should respond and if the majority option is realistic for the future. Read the full commentary on Route Fifty.
56.6%
responded that Florida should outlaw ransomware payments by local governments
Cybercriminals are stealing one-time password tokens (OTPs) in order to gain access to PayPal, Apple Pay, Google Pay, and other contactless payment services.
Researchers from Intel 471 have discovered that cybercriminals are using Telegram bots to steal OTPs and defraud people through banks and online payment systems.[1] Intel 471 researchers reported that the thieves have been operational since June. The threat actors are using Telegram bots, and a range of other tactics, to gain account information, including calling victims and impersonating banks and legitimate services. The cybercriminals are also trying to bypass two-factor authentication by using social engineering and deceiving victims into giving them an OTP, or other verification code via a mobile device, which the criminals use to defraud accounts.[1]
This isn’t the first time that Telegram bots have been used to defraud victims. A similar campaign was discovered in January, called Classiscam, where bots were sold as-a-service by Russian-speaking cybercriminals with the purpose of stealing money and payment data from European victims. Other criminals have been discovered using Telegram bots as command-and-control for spyware.[1] Intel 471 researchers analyzed and found three bots in this campaign: SMSRanger, BloodOTPbot, and SMS Buster.[1]
Intel 471 researchers described SMSRanger as “easy to use,” and similar in nature to a bot in the collaboration tool Slack. By using a “/”, scripts can be accessed that can target specific banks or payment services, like PayPal, Apple Pay, or a wireless carrier.[1] SMSRanger sends a potential victim a text message requesting for their phone number. Once the phone number has been entered in the chat, the bot takes over, ultimately giving the threat actors access to whatever account has been targeted. Researchers say that approximately 80 percent of the users who are targeted by SMSRanger will provide their full and accurate information to the cybercriminals, allowing the cybercriminals to defraud the victims.[1]
BloodOTPBot has the ability to send users a fraudulent OTP code via SMS. However, this bot requires an attacker to spoof the victim’s phone number and impersonate a bank or company representative.[1] The bot attempts to call victims and uses social engineering techniques to gather a verification code from the targeted victim. The attacker will receive a notification from the bot during the call, and the bot will tell the attacker when to request the OTP during the authentication process.[1] The bot then texts the code to the attacker once the victim receives the OTP and enters it on the phone’s keyboard. BloodOTPBot runs at $300 a month. Users can also pay between $20-$100 more to access live phishing panels that target social media networks, like Facebook, Instagram, Snapchat, and financial services like Venmo, PayPal, Robinhood, and even cryptocurrency marketplaces like Coinbase.[1]
The third bot, SMS Buster, requires more effort than the other previously mentioned bots, Intel 471 researchers say. The bot provides options so an attacker can shroud a call made from any phone number to make it seem as though a legitimate contact from a specific bank is calling. Once a potential victim has been reached, attackers follow a script to try to fool the victim into providing sensitive information like an ATM card PIN, a credit card verification value, or an OTP.[1] Researchers also saw that criminals use SMS Buster against Canadian victims, using English and French to target them. Intel 471 researchers have seen eight different Canadian-based banks illegally accessed by SMS Buster.
At the time of writing, no IOCs, or CVEs, have been issued.
(1) Montalbano, Elizabeth. “Threat Actors Weaponize Telegram Bots to Compromise PayPal Accounts.” Threatpost English Global, September 29, 2021. https://threatpost.com/telegram-bots-compromise-paypal/175099/.
Threat Advisory created by the Cyber Florida Security Operations Center. Contributing Security Analysts: James Krepps, Orlando Huertas, Dorian Pope, Jessica Senatus, Sreten Dedic, EJ Bulut, Uday Bilakhiya and Tural, Hagverdiyev.
