Monthly Archives: March 2022

Miami Dade College and UWF Announce Agreement for Graduate Degrees in Cybersecurity

In an ongoing effort to expand post-graduate opportunities for students, Miami Dade College (MDC) and University of West Florida (UWF) established a new “4+1” articulation agreement that allows MDC graduates with a bachelor’s degree in cybersecurity to seamlessly transfer to a master’s degree in cybersecurity at UWF.

“We are very excited to expand our collaboration with UWF by providing a pathway to our bachelor’s in cybersecurity graduates to one of the strongest master’s in the region,” said Antonio Delgado, vice president of innovation and tech partnerships. “This collaboration will increase talent pipeline opportunities to help close the gap that currently exist in cybersecurity.”

The agreement assures that students graduating from MDC’s School of Engineering and Technology with a Bachelor of Science in Cybersecurity and a grade point average (GPA) of 3.0 or higher, are eligible for express admission into the Masters of Science in Cybersecurity program housed in the Hal Marcus College of Science and Engineering at UWF.

“The UWF MDC Bachelor’s-to-Master’s articulation agreement is a great opportunity to produce highly skilled individuals in areas of cybersecurity with a deep understanding of the security issues we face in software, data, business operations and our nation,” said Dr. Jaromy Kuhl, dean of the Hal Marcus College of Science and Engineering. “The agreement shows that UWF and MDC have made cybersecurity education and meeting the current workforce demands in areas of cybersecurity a priority.”

Learn More
2022-03-18T13:16:05-04:00March 18, 2022|

Germany Advises Citizens to Uninstall Kaspersky Antivirus

Germany’s BSI federal cybersecurity agency has warned the country’s citizens not to install Russian-owned Kaspersky antivirus, saying it has “doubts about the reliability of the manufacturer.” Russia-based Kaspersky has long been a target of suspicious rumors in the West over its ownership and allegiance to Russia’s rulers.

In an advisory published today, the agency said: “The BSI recommends replacing applications from Kaspersky’s virus protection software portfolio with alternative products.” It added: “A Russian IT manufacturer can carry out offensive operations itself, be forced to attack target systems against its will, or be spied on without its knowledge as a victim of a cyber operation, or be misused as a tool for attacks against its own customers.”

As appeared in The Register

Read the Full Article
2022-03-17T13:43:21-04:00March 17, 2022|

Dynamics Test

2022-03-16T14:11:30-04:00March 16, 2022|

Wonder Women: Celebrating Women in Tech 2022


This month, we are celebrating Women in Tech! Join us March 16th for a panel discussion led by four trailblazing women in celebration of Women’s History Month.

No matter your professional background, if you are looking to break into tech or UX design, this enriching discussion offers a fantastic opportunity to hear from our panelists as they speak on their experiences and their journey to success in the field.

Don’t miss out on this engaging and informative event! RSVP today to reserve your seat.

2022-04-01T10:16:36-04:00March 15, 2022|

U.S. Cyber Command Hack the Hiring Process


Want to learn about U.S. Cyber Command civilian hiring opportunities and requirements? The U.S. Command Hack the Hiring Process webinar on March 30th aims to shape the future workforce by providing information on how to start a career in the U.S. Cyber Command. Led by the USCYBERCOM J1 Director of Manpower and Personnel Team, our Command’s personnel and security experts will provide information to:

  • Inspire civilian service in the cyber domain, showcasing the unique mission opportunities to serve across the entire formation.
  • Educate on the civilian service benefits and opportunities.
  • Inform on the desired civilian work roles, training, certifications, and security clearance requirements.
2022-03-30T13:40:36-04:00March 9, 2022|

Trojan Attacks Google Play Store Again

I. Targeted Entities

  • Google Play Store

II. Introduction

The TeaBot banking trojan, which is also known as “Anatsa,” has been spotted on the Google Play store.

III. Background Information

TeaBot is designed to intercept SMS messages and login credentials from unsuspecting users, and has affected users of more than 400 banking and financial apps, including those from Russia, China, and the U.S. [1] This is not the first time TeaBot has been a menace to Android users; TeaBot was first seen last year. It is a straightforward malware designed to steal banking, contact, SMS, and other types of private data from infected devices.[1] What makes TeaBot unique is the way that it spreads; TeaBot requires no malicious email, text message, fraudulent website, or third-party service to spread. Rather, it typically comes packaged in a dropper application.[1] A dropper is a program that seems legitimate from the outside, but in reality, acts as a medium to deliver a second-stage malicious payload.

TeaBot droppers have shrouded themselves in inherently “safe” things, like QR codes or PDF readers. Hank Schless, senior manager of security solutions at Lookout, said that attackers usually stay with apps like QR code scanners, flashlights, photo filters, or PDF scanners because those are apps that users download out of necessity, and are more than likely not looking at reviews that may dissuade them from downloading the app.[1] This strategy seems to be working; in January 2022, an app called QR Code Reader – Scanner App was found distributing 17 different TeaBot variants for over a month. The app had more than 100,000 downloads by the time it was discovered.[1]

App stores have rules and protections aimed at stopping the spread of malware. For example, Google Play Protect helps root our malicious apps before they are installed and scans for evidence of nefarious actions on a daily basis.[1] But TeaBot is different because TeaBot droppers are not obviously malicious; on the surface, they might seem normal and uninteresting. However, once a user opens one of these seemingly innocent apps, they are prompted to download a software update. The update is a second app containing a malicious payload.[1] If the user gives the app permission to install software from an unknown source, the infection process starts.

Like other Android malware, TeaBot attempts to leverage the device’s Accessibility Services. These attacks use an advanced remote access feature that exploits the TeamViewer application, a remote desktop sharing tool, which gives the cybercriminal remote control over the victim’s device.[1] The ultimate goal of these attacks is to steal sensitive information like login credentials, SMS, and two-factor authentication codes, and to perform malicious actions on the device.[1]

According to researchers at Cleafy, “in less than a year, the number of applications targeted by TeaBot have grown more than 500%, going from 60 targets to over 400.”[1] Shawn Smith, director of infrastructure at nVisium, says that real-time scanning of app downloads, including apps that do not originate from Google Play, would help to mitigate the problem. Smith also added that adding additional warning messages when installing app add-ons that do not come from Google Play could also be useful.[1] Until app stores have solved the problem with droppers, users need to remain vigilant and fight to keep their devices safe and secure.

IV. MITRE ATT&CK

  • T11475 – Deliver Malicious App via Authorized App Store
    Malicious applications are a common attack vector used by adversaries to gain a presence on mobile devices. Smartphones are often configured to allow application installation only from an authorized app store (e.g., Google Play Store or Apple App Store). An adversary may seek to place a malicious application in an authorized app store, enabling the application to be installed onto target devices.
  • T1444 – Masquerade as Legitimate Application
    An adversary could distribute developed malware by masquerading the malware as a legitimate application. This can be done in two ways: by embedding the malware in a legitimate application, or by pretending to be a legitimate application.
  • T1413 – Access Sensitive Data in Device Logs
    On versions of Android prior to 4.1, an adversary may use a malicious application holds the READ_LOGS permission to obtain private keys, passwords, other credentials or other sensitive data stored in the device’s system log. On Android 4.1 and later, an adversary would need to attempt to perform, an operating system privilege escalation attack to be able to access the log.

V. Recommendations

  • Phishing Awareness Training
    Users should be informed and educated about new kinds of phishing scams currently being used and ones that have been used in the past. Awareness training should instruct users to avoid suspicious emails, links, websites, attachments, etc. Users should also be educated about new types of attacks and schemes to mitigate risk.
    Recommended link: https://www.us-cert.gov/ncas/tips/ST04-014
  • Set Antivirus Programs to Conduct Regular Scans
    Ensure that antivirus and antimalware programs are scanning assets using up-to-date signatures.
  • Malware Monitoring
    Continuously monitor current and new types of malware. Stay up to date on intel and advancements to prevent, defend, and mitigate these types of threats.
  • Strong Cyber Hygiene
    Enforce a strong password policy across all networks and subsystems. Remind users to be wary of any messages asking for immediate attention, links, downloads, etc. All sources should be verified.
    Recommended link: https://us-cert.cisa.gov/ncas/alerts/aa21-131a
  • Turn on endpoint protection
    Enable endpoint detection and response (EDR) to stop unknown malware in the product you’re using.

VI. Indicators of Compromise (IOCs)

The link below has been included to assist with the download of some identified IOCs related to this Threat Advisory report. Be on the lookout for these IOCs, as well as anything that looks similar.

https://usf.box.com/s/inzlsmaxpkn72bo64sv5wya7ythbftid

VII. References

(1) Cleafy Labs. “TeaBot Is Now Spreading across the Globe.” Cleafy Labs. Cleafy Labs, January 3, 2022. https://www.cleafy.com/cleafy-labs/teabot-is-now-spreading-across-the-globe.

(2) Nelson, Nate. “Teabot Trojan Haunts Google Play Store, Again.” Threatpost English Global, March 2, 2022. https://threatpost.com/teabot-trojan-haunts-google-play-store/178738/.

Threat Advisory created by the Cyber Florida Security Operations Center.
Contributing Security Analysts: Dorian Pope, Ipsa Bhatt, Sreten Dedic, EJ Bulut, Uday Bilakhiya, Tural Hagverdiyev.

2022-03-09T15:01:16-05:00March 9, 2022|

Cyber/IT Pathways Grant Call for Applications Now Open

The Florida Center for Cyber Security (Cyber Florida) is pleased to announce that the Call for Applications for the $20-million Cybersecurity and Information Technology Pathways Grant Program (Cyber/IT Pathways) is now open and available for download at cyberflorida.org/pathways. Funded by the Florida Department of Education, Cyber Florida has been selected to serve as the program office for the Cyber/IT Pathways program, which aims to expand access to and the capacity of cybersecurity and information technology education programs across Florida’s public education entities.

Florida Governor Ron DeSantis announced the funding at a press conference in Tampa on March 2, saying, “Expanding Florida’s commitment to creating opportunities in cybersecurity and IT is a top priority to keep our communities safe and our state secure. This funding will not only create opportunities for Floridians seeking jobs in this important field but will also improve our national defense, protect Floridians and their businesses, and maintain the integrity of our elections. By doubling available opportunities in this field, Florida continues to lead.”

The program will be administered through three regional coordinators, with approximately one-third of the funding serving the Greater Tampa Bay Area, coordinated by the University of South Florida; one-third serving the Greater Miami Area, coordinated by Florida International University; and one-third serving at-large projects around the state, coordinated by a third State University System institution to be named.

Any Florida public education entity, including public school districts; post-secondary technical career centers and charter technical career centers; Florida College System (FCS) institutions; and State University System (SUS) institutions (defined further under Florida statutes §1001.30, §1001.44, §1002.34, §1000.21(3), and §1000.21(6)) may apply for funding under this program.

The types of programs that will be considered for funding include, but are not limited to the following:

  • Elementary, middle, high school, college, and working adult student courses and curricula
  • Secondary continuing technical education (CTE) courses/programs
  • Non-credit training that includes preparation for industry certifications
  • Registered pre-apprenticeship and apprenticeship programs
  • Training programs for existing workers and ‘upskilling’ for those in other industries
  • Career/advanced technical certificates and applied technology degrees
  • Teacher education and professional development

Please visit cyberflorida.org/pathways to learn more and download the Call for Applications.

2023-04-05T17:29:10-04:00March 9, 2022|

Winning the War for Cyber – and Cyber Talent

The U.S. is in a ‘war’ for cyber talent, and in our opinion, we are in danger of losing it.

We are not talking about the benign sort of competition for that talent that occurs between companies and government agencies in the overheated U.S. labor market, although that’s not unimportant. Rather, we are talking about the development and deployment of U.S. cybersecurity professionals to protect our country’s national security interests, especially vis-à-vis those of geopolitical rivals like Russia and China, Iran and North Korea, and their extralegal proxies.

Simply put, our adversaries are producing and leveraging more cyber talent than we are, and that talent translates into more cyber capability, especially the national security kind…at least potentially. And while we can close some of that gap from a qualitative standpoint—we have some of the world’s smartest people protecting us—and have done so to date, that may not be enough. As the U.S. and its allies become more and more digitally dependent—and more and more digitally vulnerable as a consequence—we should all be worried about ensuring that our country has the cybersecurity talent and concomitant capability and structure to protect us. And that means having enough skilled cyber professionals, in both private and public sectors, to stand watch over the U.S. government’s data, systems, and networks, including but not limited to those that are classified.

But in the case of cybersecurity, it’s even more complicated than that…it also means having the cyber talent and capability and structure to protect all of the Nation’s critical information and communications technology infrastructure, most of which is owned and operated by our private sector. That is the underlying focus of a congressionally mandated report just issued by the National Academy of Public Administration, and we have some thoughts about its recommendations.

Developing the nation’s cybersecurity workforce

Simply put, it is our view—as well as the NAPA Report’s—that the U.S. is not developing and deploying enough of the skilled cyber professionals we need to protect and pursue our national interests broadly defined, and the report recommends that among other things, the new National Cybersecurity Director—former National Security Agency (NSA) Deputy Director Chris Inglis is the first to have that illustrious title—should oversee a national effort to achieve that lofty goal from his perch in the Executive Office of the President.

While that is certainly a good start, we are not sure that this ultimately goes far enough. In our view, trying to lead and more importantly, sustain such an effort from the EOP, as politically charged and resource constrained as it usually is, will almost certainly result in suboptimization, and we strongly suggest that cybersecurity leadership from the White House be augmented by a more expansive—and in our view, ultimately a more sustainable—approach, one born out of our experience in setting up and leading the Office of the Director of National Intelligence.

ODNI was tasked with overseeing a similar effort by the Congress in the Intelligence Reform and Terrorism Prevention Act of 2004, in hopes of preventing another 9-11. And it did so with a politically compromised structure that was neither central bureaucracy nor a “czar” based in the White House. The fact is that it worked, at least after a fashion (primarily because of the unsung efforts of its dedicated staff), but in so doing, it may just have created a new organizational model, one that in our view, a cyber czar in the White House desperately needs.

Why is this important? Because as the NAPA Report points out, the nation’s cybersecurity—and the development of a second-to-none U.S. cybersecurity workforce that serves its interests—is perhaps the ultimate in team sports, requiring the cooperation and collaboration of a whole host of federal, state, local, non-profit, and private sector actors. As a consequence, its structure, and the direction, authority, and control over such things as budgets and personnel, really matters. Indeed, it may be the difference between the success and failure of the National Cybersecurity Director, at a time when few things are more important to the security of our digitally dependent Nation.

Why not the National Cyber Director?

As noted, the NAPA Report would put the National Cybersecurity Director in charge of developing a national cybersecurity strategy that is grounded in a strong, capable cybersecurity workforce. What does that mean, exactly? In our view—and we have some experience in the matter—it means coordinating the efforts of a host of actors across the private sector, academia and state and local government that have historically resisted federal control. Even federal agencies can be resistant to centralized authority, protecting their own bureaucratic interests even in the face of a “whole of government” imperative like cybersecurity.

In our view, tasking a White House czar to herd cybersecurity policy, strategy, and operations is a true mission impossible. There are too many examples of this—the diminutive Office of National Drug Control Policy is perhaps the most obvious—to count. The sad fact is that even when it may be in the national interest, few will salute (or succumb) to White House direction, particularly if it means subsuming their own parochial interests to that direction.

Bottom line: That stick doesn’t work for the cybersecurity enterprise.

In our cynical view, the carrot won’t work either. In this case, the carrot is money—the promise of federal funds as an incentive to do the NCD’s cybersecurity bidding, in coordination with the Office of Management and Budget. While all of the various independent and semi-independent actors involved in that effort will gladly take federal funding, that funding comes from a variety of sources. At least seven federal agencies have grant programs in this area, not to mention funding from state and local governments, school districts and schools, public and private donations, colleges and universities, etc., and while they all seek to incentivize cybersecurity generally (and cybersecurity education specifically), the devil’s in their details, and the NCD’s small staff can hardly be expected to herd all of those cats.

What about a Department of Cybersecurity?

If “authority, direction, and control” over the development of the nation’s cybersecurity workforce and broader cybersecurity operations cannot effectively come from a small office in the EOP, why not apply the Department of Homeland Security model and put all of the relevant agencies under one bureaucratic roof?

It should be obvious that this other extreme is just as problematic. Indeed, one need only look at the challenges that have faced DHS since its mega-merger inception to question the efficacy of this approach. That is not a criticism of DHS, just a fact. It is therefore fair to ask whether the nation’s cybersecurity can benefit from a mega-merger of existing capabilities and programs.

We think not. Cybersecurity depends not only on achieving “horizontal” unity of effort among the federal agencies that have a piece of the cybersecurity mission, but also building and unifying a “vertical” coalition as well, among all the public and private institutions and organizations that have some influence over cybersecurity.

All of those entities have something to do with the development of a U.S. cybersecurity strategy and a workforce to execute it, and they are all independent—not only legally but also in mindset—and the political and pedagogical complexities in achieving that unity of effort amongst them, whether by persuasion or by direction, are simply mind-numbing.

Our Proposal: the ‘Goldilocks’ solution

So, if a White House czar on one hand, and a centralized Department of Cybersecurity on the other won’t work, what do we suggest? In our view, challenges like cybersecurity, and the development and deployment of a national cybersecurity workforce as a subset of that challenge, simply do not lend themselves to a hierarchical, command and control model emanating from Washington, DC.

We saw that play out first-hand with the Congress’s creation of the Office of the Director National Intelligence, which shied away from establishing a Department of Intelligence that mirrored its contemporary DHS cousin, in favor of something that was more federated in nature. That structure was established largely by default, to try to integrate the intelligence community without disturbing the jealously guarded statutory authority and control that cabinet secretaries—especially the secretary of defense—have over their intelligence agencies.

Congress attempted to do both with ODNI, and one can argue that that compromise had (and has) its faults. But the dedicated leadership and staff in ODNI managed to make that structure work, if not optimally, then at least better than top-down bureaucracies like DHS. Indeed, we used to compare notes with our DHS colleagues, who lamented the practical limitations of simply telling the Department’s components what to do, only to have them do what they wanted.

We recommend a similar model for cybersecurity and the development of a supporting national workforce. Such a structure acknowledges the whole of nation nature of the cybersecurity mission (including the development of a national cybersecurity workforce); realizes that collaboration, rather than hierarchical direction, is the key to achieving any sort of unity of effort in that regard; and institutionalizes that effort in a single organizational hub that is insulated from the political football that is the EOP.

That model must be sized to do its strategic job: not with the thousands of “headquarters-knows-best” staff that come with a mega-department merger; but more than just a handful of experts in the EOP who can only issue platitudes and principles.

In other words, for better or worse, an ODNI-like structure that can integrate the horizontal and vertical efforts of all of those public and private entities that have a role to play in that regard, big enough to be able to provide the strategic guidance and oversight necessary to achieve that end, but not so big as to be tempted to try to direct or control all the entities involved in safeguarding cybersecurity.

2022-03-07T18:17:30-05:00March 7, 2022|

Governor Visits USF to Announce a $20 Million Grant for Cybersecurity Education

March 3, 2022 – Gov. Ron DeSantis hosted a news conference on the USF Tampa campus to announce a $20 million grant from the Florida Department of Education to Cyber Florida at USF to strengthen the state’s ability to fill high-demand careers in cybersecurity and information technology (IT).

Joined by several USF and local high school students, the governor explained that Cyber Florida will work with regional partners to start training students in as young as in middle school – helping build the skill set required to meet the cybersecurity needs of public sector agencies, businesses, and industries.

“USF has been recognized as a leader in IT and in cyber. They even partnered with United States Special Operations Command, headquartered at MacDill Air Force Base, to help develop new technologies and programs that can improve our national defense,” DeSantis told the audience at the Sam & Martha Gibbons Alumni Center.

Multiple cybersecurity firms have attributed their recent decisions to relocate or create jobs in the Tampa Bay region in part due to USF’s talent pipeline and the university’s collaboration with the military.

“We all know how important cybersecurity is and I think when you look around the world right now and everything that’s taken place, there’s a recognition that this is the new area of warfare and there’s nothing more important for our country and our state than for people to be safe and secure,” said Will Weatherford, chair of the USF Board of Trustees. “One of the things we can do is to make sure we have strong cybersecurity.”

“We are at risk at a strategic level, and we must do the things to get our students interested, enrolled and skilled in cybersecurity,” said Mike McConnell, executive director of Cyber Florida.

Cyber Florida, officially known as the Florida Center for Cybersecurity, was established by the Florida Legislature in 2014. In addition to enhancing the state’s cybersecurity workforce, it facilitates job creation with an emphasis on the defense, finance, health care, transportation and utility sectors. There are nearly 22,000 unfilled cybersecurity-related jobs in Florida.

DeSantis says the new funding will be used to train new teachers and purchase training equipment to help middle school, high school and college students obtain credentials in cybersecurity. He hopes to see more than 300,000 students will be trained in IT and cybersecurity by 2024 – more than double the number of students enrolled in similar programming today.

In addition to USF, Cyber Florida will work with Florida International University to bolster cybersecurity training in K-12 schools in the Miami area.

2022-03-03T18:21:38-05:00March 3, 2022|

Cyberattackers Exploit DocuSign to Steal Microsoft Outlook Logins

I. Targeted Entities

  • DocuSign Users
  • Outlook Users

II. Introduction

A new phishing campaign has targeted a major U.S. payments company. The campaign is directed at a “major, publicly-traded integrated payments solution company located in North America,” and made use of DocuSign and a compromised third party’s email domain to skirt past email security measures.[2]

III. Background Information

Around 550 members of the targeted company received the same email from the same sender, “Hannah Mcdonald,” with a simple subject line and body of the email. From a screenshot provided by Threatpost from Armorblox, the subject line reads, “Hannah shared ‘Revised Contract’ with you.” The body of the email reads, “Hello Please review below and get back to me” with a link of a document through DocuSign, a common e-signature software.[2] The preview looks like a real DocuSign landing page, with a prompt to, “Please review and sign this document,” and a confirmation that other parties had already signed the document.[2] The preview was hosted on Axure, a valid, cloud-based prototyping portal. Ironically, like the real page, the fake page contained a warning in fine print, advising the target to not share access with others. [2]

The phishing emails successfully evaded traditional email security measures partly because they came from a domain belonging to TermBrokersInsurance. Researchers say that a scan of the domain address would not have triggered an alert for fraudulent activity because the domain is valid.[2] Microsoft’s Spam Confidence Level (SCL) measures the perceived legitimacy of an email; SCL rated these emails with a score of –1. This is the lowest score possible and allows emails to bypass filtering because it “is from a safe sender, was sent to a safe recipient or is from an email source server on the IP Allow List.”[2]

Impersonating and exploiting trusted cloud services is an increasingly common tactic to evade security filters; receiving a benign link from a seemingly known and trusted user or application is not inherently malicious. From January to March of 2021, researchers found 7 million malicious emails sent from Microsoft 365 and 45 million malicious emails sent from Google’s cloud services and infrastructure.[2] Cybercriminals have also used Office 365, Azure, OneDrive, SharePoint, G-Suite, and Firebase storage to send phishing emails and to host attacks.[2]

Lauryn Cash, product marketing manager at Armorblox, mentions integrated cloud email security, which is a cloud- and AI-based method of identifying anomalous emails, as a countermeasure to support existing email security tools, and specifically mentions natural language understanding (NLU). NLU is the ability of a computer to interpret meaning from human language.[2] The Armorblox report ends by recommending that users remain vigilant about basic security hygiene; do not open emails they are not expecting, watch for targeted attacks, and use tools like password managers and multi-factor authentication.[2]

IV. MITRE ATT&CK

  • T1598.001 – Spearphishing Service
    Adversaries may send spearphishing messages via a third-party service to elicit sensitive information that can be used during targeting. All forms of spearphishing are electronically delivered social engineering targeted at a specific individual or organization
  • T1598.002 Spearphishing Attachment
    Adversaries may send spearphishing messages with a malicious attachment to     elicit sensitive information that can be used during targeting
  • T1598.003 Spearphishing Link
    Adversaries may send spearphishing messages with a link to elicit sensitive         information that can be used during targeting

V. Recommendations

  • Phishing Awareness Training
    Users should be informed and educated about new kinds of phishing scams currently being used and ones that have been used in the past. Awareness training should instruct users to avoid suspicious emails, links, websites, attachments, etc. Users should also be educated about new types of attacks and schemes to mitigate risk.
    Recommended link: https://www.us-cert.gov/ncas/tips/ST04-014
  • Set Antivirus Programs to Conduct Regular Scans
    Ensure that antivirus and antimalware programs are scanning assets using up-to-date signatures.
  • Malware Monitoring
    Continuously monitor current and new types of malware. Stay up to date on intel and advancements to prevent, defend, and mitigate these types of threats.
  • Strong Cyber Hygiene
    Enforce a strong password policy across all networks and subsystems. Remind users to be wary of any messages asking for immediate attention, links, downloads, etc. All sources should be verified.
    Recommended link: https://us-cert.cisa.gov/ncas/alerts/aa21-131a

VI. Indicators of Compromise (IOCs)

The link below has been included to assist with the download of some identified IOCs related to this Threat Advisory report. Be on the lookout for these IOCs, as well as anything that looks similar.

https://usf.box.com/s/57zfghvpvrd3a6rlswbees5k6tsobuee

VII. References

(1) Cash, Lauryn. “Please Sign on the Dotted Line: DocuSign Phishing Attack.” Armorblox, February 24, 2022. https://www.armorblox.com/blog/blox-tales-please-sign-on-the-dotted-line-docusign-phishing-attack.

(2) Nelson, Nate. “Cyberattackers Leverage DocuSign to Steal Microsoft Outlook Logins.” Threatpost English Global, February 24, 2022. https://threatpost.com/cyberattackers-docusign-steal-microsoft-outlook-logins/178613/.

Threat Advisory created by the Cyber Florida Security Operations Center.
Contributing Security Analysts: Dorian Pope, Ipsa Bhatt, Sreten Dedic, EJ Bulut, Uday Bilakhiya, Tural Hagverdiyev.

2022-03-03T16:11:23-05:00March 3, 2022|