Monthly Archives: October 2021

Working from Home Cybersecurity Checklist

Over the past year and half, many organizations have transitioned to remote work. While remote work has many benefits for both employees and employers, it poses specific problems for organizational cybersecurity by introducing a host of new potential points of entry for cybercriminals in the form of personal devices and home internet service. Working from Home Cybersecurity Checklist, provided by Cyber Florida community partner Scarlett Cybersecurity, offers guidance to help ensure that your remote staff are implementing good cybersecurity practices and doing their part to protect the organization from cybercrime.

 

n

2022-02-12T16:11:15-05:00October 12, 2021|

Introducing the Man Who Coined the Phrase “Electronic Pearl Harbor” – Winn Schwartau

This week the #NoPasswordRequired podcast welcomes @winnschwartau the man who coined the phrase, “Electronic Pearl Harbor.” As cool as I find that tidbit…it barely cracked the top ten most-interesting things he said. Winn’s episode drops on Friday.


LISTEN NOW
2021-10-14T14:39:45-04:00October 11, 2021|

It’s National Cybersecurity Month!

Pas$w0rds_d0n’t_hav3_ 2b_th!s_Complic@teD! Seriously, who can remember that? Make your password a passphrase and put it in a password manager! #BeCyberSmart


LEARN MORE
2021-10-14T14:40:02-04:00October 11, 2021|

Winn Schwartau – a Man Whose Mom Taught Him That The Golden Rule is Learning

Winn Schwartau - No Password Required Podcast

On the newest episode of #NoPasswordRequired, Winn Schwartau talks about his mother’s greatest lesson; to always learn to learn. At the age of 6, she gifted him a set of encyclopedias. Decades later, his knowledge and love of learning helped define the world of cybersecurity for years to come.

Listen today to hear some of the other things Winn has learned over the years!


LISTEN NOW
2021-10-14T14:39:52-04:00October 8, 2021|

Episode 18: Winn Schwartau – an infowar expert who was almost certainly the first to pave the path from rock-and-roll to cybersecurity

2021-11-16T19:02:45-05:00October 8, 2021|

The UCF C3 Team Wins the 2021 Raymond James Invitational CTF for the Fourth Time

Congratulations to the UCF C3 team! They won the 2021 Raymond James Invitational CTF on Saturday, October 2.  In addition to claiming the 1st Place trophy, team members will share the $10,000 Grand Prize. This is the fourth time that UCF has won this annual Raymond James competition.

The CTF competition is designed to continue strengthening the talent pipeline between Raymond James and their target colleges and universities. Raymond James is looking to expose students to challenges faced by the financial services industry and identify talent for potential internship and employment opportunities in the Raymond James Information Security and Infrastructure organization. This year, Raymond James hosted 14 teams including the University of Central Florida, University of Florida, University of South Florida, Florida State University, Florida A&M University, Florida Institute of Technology, University of Tampa, St. Petersburg College, and Saint Leo University.  Raymond James also invited target schools outside of Florida including Johns Hopkins University, Purdue University, Utica College, and the University of Memphis.

$10,000

Grand Prize will be shared among the team members

2021-10-13T20:58:38-04:00October 4, 2021|

2021 Florida Cyber Forum

Cyber Florida is pleased to support the Foundation of Associated Industries of Florida (FAIF), the Florida Department of Economic Opportunity, and FloridaMakes in presenting the third annual Florida Cyber Forum on October 18 – 19. Businesses in engaged in critical infrastructure, supply chain, transportation, and defense contracting are invited to learn about the latest in Department of Defense cybersecurity requirements, including DFARS and CMMC.

DAY 1 – October 18

The Forum will provide information on how the business community is reacting and preparing their companies for cyber threats and attacks. Hear from some of Florida’s important business leaders, cybersecurity experts, and lawmakers on the current and future assistance available to comply with cybersecurity requirements. Although we will cover Florida’s industries as a whole, we will focus on critical state infrastructure, supply chain, and transportation and the challenges that they face with regard to data protection.

Day 2 – October 19

Learn about the new federally mandated Cybersecurity Maturity Model Certification Program (CMMC) set to become effective this year for companies who do business with the Department of Defense (DoD). The intent of the CMMC is to combine various current cybersecurity standards into one unified standard for cybersecurity. The CMMC will also measure the maturity of a company’s cybersecurity practices and processes through an independent auditing process. It will serve as a framework to protect sensitive unclassified information under the control of a DoD Contractor. This discussion will be brought to attendees by the authors and consultants of the standards themselves.

Whether your company is contracting directly with the Department of Defense as a prime contractor or a subcontractor, or vendor providing services or products to the prime contractor or subcontractors, regardless of size, your company will now have to be audited and certified as compliant with these new standards. Specifically designed to be cost-effective and affordable for small businesses, these new CMMC Standards will be described in detail with timelines for compliance by members of the commission that actually drafted the standards. Without compliance with these new standards, companies will soon realize that they are precluded from providing services and products that possibly were a mainstay in their profitability in the past. Awareness of the applicability of these new standards and need for compliance will be an essential requirement for those affected companies.

Who Should Attend?

Whether you are seeking a “best practices” approach to providing cybersecurity or will be required to meet the new federally mandated standards, this series of educational offerings provide an ever-changing model for responding to real cybersecurity risks that seemingly involve all aspects of our society. Regardless of your profession (risk managers, safety professionals, HR professionals, company managers, IT specialists, attorneys, etc.) or whether you represent individuals or provide services or are a vendor for public or private corporate interests, this seminar will be of significant value to you. Cybersecurity has become a major part of any Risk Management program. It is not for the sole concern of a company’s IT department; rather, it is “everyone’s problem” within the business and needs everyone’s attention.

2023-01-19T13:58:12-05:00October 2, 2021|

2020-2021 Annual Report

As it was for so many around the world, 2020-2021 was a year of change at the Florida Center for Cybersecurity (Cyber Florida). In addition to navigating the pandemic, the introduction of new leadership ushered in a bolder vision for the Center with high-reaching objectives designed to position Cyber Florida on the national stage. A comprehensive review of resources, structure, and mission areas culminated in an ambitious three-year Strategic Plan with well-defined goals aligned to our three mission pillars: education, research, and outreach. We were part of three grant awards from the federal government that brought nearly $8 million in funding to the state of Florida, including funding for free workforce training for veterans and first-responders! 

Some of the key achievements from 2020-2021 include

  • Retooling the University of South Florida’s M.S. in Cybersecurity into four new master’s degree programs to more effectively address employer needs
  • Implementing Operation K12: a highly successful initiative in partnership with the Florida Center for Instructional Technology that has infused cybersecurity hygiene and career awareness curricula into public schools throughout Florida and created numerous pathways for K-12 students to spark and encourage interest in cybersecurity careers
  • Partnering with DC-based think-tank New America to create a national Cyber Citizenship Education program to combat the rising threat of mis- and disinformation online
  • Funding rapid research projects to investigate how COVID-19 misinformation spread via social media in the early weeks of the pandemic, how the public used social media to seek health-related information, and cybercrime victimization stemming from COVID-19
  • Landing three grant projects to support the National Security Agency’s Centers of Academic Excellence in Cybersecurity (CAE-C) program by providing leadership support for the Southeast Region; designing and implementing a national workforce development program, CyberSkills2Work, as part of a 10-member consortium; and creating a national collegiate cyber competition for the CAE Community with a focus on encouraging newcomers to field, particularly those from underrepresented groups
  • Adding staff resources to enhance our role in enabling and facilitating of state-of-the-art research across the State University System of Florida (SUS) by capturing more grant opportunities, bringing more research dollars to Florida, and leading a series of research-focused events
  • Introducing a public policy aspect to our outreach mission area to effect change at the state and national level, advocating for legislative and budgetary support to improve the overall cybersecurity posture of our citizens, organizations, and nation-at-large
  • Bringing together an incredible roster of distinguished thought-leaders for a major virtual conference hosted on behalf of U.S. Central Command examining the United States’ role in cyberspace through the lens of the ‘Great Power Competition’
  • Creating a Governing Council of dean-level representatives from across the SUS to guide and support our efforts
  • Conducting several successful public outreach campaigns—one in partnership with the Florida Secretary of State to raise awareness about voting misinformation—on matters of public cyber safety
2021-10-01T23:56:19-04:00October 1, 2021|

To Pay or Not to Pay? What Citizens Think Governments Should Do with Ransomware

According to recent estimates, government agencies and jurisdictions in the United States have experienced nearly 250 ransomware attacks in the past three years, costing roughly $50 billion in combined recovery costs and productivity losses, to say nothing of the disruption of services. It’s a problem that continues to grow year over year, and some people argue that the solution is to outlaw ransomware payments. Using data from a survey conducted by Dr. Stephen Neely at the University of South Florida, Cyber Florida Staff Director Dr. Ron Sanders and Dr. Neely explore how citizens think governments should respond and if the majority option is realistic for the future. Read the full commentary on Route Fifty.

56.6%

responded that Florida should outlaw ransomware payments by local governments

2021-10-01T19:05:45-04:00October 1, 2021|

Weaponized Telegram Bots

I. Targeted Entities

  • Telegram
  • Banks
  • Contactless payment systems

II. Introduction

Cybercriminals are stealing one-time password tokens (OTPs) in order to gain access to PayPal, Apple Pay, Google Pay, and other contactless payment services.

III. Background Information

Researchers from Intel 471 have discovered that cybercriminals are using Telegram bots to steal OTPs and defraud people through banks and online payment systems.[1] Intel 471 researchers reported that the thieves have been operational since June. The threat actors are using Telegram bots, and a range of other tactics, to gain account information, including calling victims and impersonating banks and legitimate services. The cybercriminals are also trying to bypass two-factor authentication by using social engineering and deceiving victims into giving them an OTP, or other verification code via a mobile device, which the criminals use to defraud accounts.[1]

This isn’t the first time that Telegram bots have been used to defraud victims. A similar campaign was discovered in January, called Classiscam, where bots were sold as-a-service by Russian-speaking cybercriminals with the purpose of stealing money and payment data from European victims. Other criminals have been discovered using Telegram bots as command-and-control for spyware.[1] Intel 471 researchers analyzed and found three bots in this campaign: SMSRanger, BloodOTPbot, and SMS Buster.[1]

Intel 471 researchers described SMSRanger as “easy to use,” and similar in nature to a bot in the collaboration tool Slack. By using a “/”, scripts can be accessed that can target specific banks or payment services, like PayPal, Apple Pay, or a wireless carrier.[1] SMSRanger sends a potential victim a text message requesting for their phone number. Once the phone number has been entered in the chat, the bot takes over, ultimately giving the threat actors access to whatever account has been targeted. Researchers say that approximately 80 percent of the users who are targeted by SMSRanger will provide their full and accurate information to the cybercriminals, allowing the cybercriminals to defraud the victims.[1]

BloodOTPBot has the ability to send users a fraudulent OTP code via SMS. However, this bot requires an attacker to spoof the victim’s phone number and impersonate a bank or company representative.[1] The bot attempts to call victims and uses social engineering techniques to gather a verification code from the targeted victim. The attacker will receive a notification from the bot during the call, and the bot will tell the attacker when to request the OTP during the authentication process.[1] The bot then texts the code to the attacker once the victim receives the OTP and enters it on the phone’s keyboard. BloodOTPBot runs at $300 a month. Users can also pay between $20-$100 more to access live phishing panels that target social media networks, like Facebook, Instagram, Snapchat, and financial services like Venmo, PayPal, Robinhood, and even cryptocurrency marketplaces like Coinbase.[1]

The third bot, SMS Buster, requires more effort than the other previously mentioned bots, Intel 471 researchers say. The bot provides options so an attacker can shroud a call made from any phone number to make it seem as though a legitimate contact from a specific bank is calling. Once a potential victim has been reached, attackers follow a script to try to fool the victim into providing sensitive information like an ATM card PIN, a credit card verification value, or an OTP.[1] Researchers also saw that criminals use SMS Buster against Canadian victims, using English and French to target them. Intel 471 researchers have seen eight different Canadian-based banks illegally accessed by SMS Buster.

IV. MITRE ATT&CK

  • T1528 – Steal Application Access Token
    Account access is dependent on threat actors stealing a user’s one-time password or OTP.
  • T1566 – Phishing
    Telegram bots are being used to call users and impersonate banks and other services.
  • T1078 – Valid Accounts
    Once an OTP has been compromised, attackers can use the client’s account to steal information, money, and potentially compromise other users.
  • T1199 – Trusted Relationship
    Account access allows attackers to breach the organization and access their intended victims.
  • T1036 – Masquerading
    Threat actors pretend to be the client’s bank to manipulate OTP controls and access the user.

V. Recommendations

  • Phishing Awareness Training
    Users should be informed and educated about new kinds of phishing scams currently being used and ones that have been used in the past. Awareness training should instruct users to avoid suspicious emails, links, websites, attachments, etc. Users should alsobe educated about new types of attacks and schemes to mitigate risk.
    Recommended link: https://www.us-cert.gov/ncas/tips/ST04-014
  • Strong Cyber Hygiene
    Enforce a strong password policy across all networks and subsystems. Remind users to be wary of any messages asking for immediate attention, links, downloads, etc. All sources should be verified.
    Recommended link: https://us-cert.cisa.gov/ncas/alerts/aa21-131a
  • Turn on Endpoint Protection
    Enable endpoint detection and response (EDR) to stop unknown malware in the product you’re using.

VI. Indicators of Compromise (IOCs)

At the time of writing, no IOCs, or CVEs, have been issued.

VII. References

(1) Montalbano, Elizabeth. “Threat Actors Weaponize Telegram Bots to Compromise PayPal Accounts.” Threatpost English Global, September 29, 2021. https://threatpost.com/telegram-bots-compromise-paypal/175099/.

Threat Advisory created by the Cyber Florida Security Operations Center. Contributing Security Analysts: James Krepps, Orlando Huertas, Dorian Pope, Jessica Senatus, Sreten Dedic, EJ Bulut, Uday Bilakhiya and Tural, Hagverdiyev.

2021-10-08T17:34:01-04:00October 1, 2021|