The 6th annual National Cybersecurity Virtual Career Fair, sponsored by the National Cybersecurity Training and Education (NCyTE) Center and the CAE in Cybersecurity Community, is right around the corner! This career fair brings together students, and alumni from over 380 institutions across the nation to connect with employers offering apprenticeships, internships, and full-time employment.
College whitehatters: don’t miss out on the International Cyber League (ICL) Collegiate Cup competition! This competition is unique because unlike conventional competitions, ICL Collegiate Cup does not focus on hacking, basic network security or IT skills, but on cyber defense and incident response skills. For the first time, students will know if they are truly job ready and will be challenged in hyper-realistic attack scenarios that will require the full set of skills they will need on the job. Registration closes October 8, 2022!
With so many cyber security competitions being offered for students, why is ICL unique and how does it serve the needs of students and higher education institutions?
The next-gen information security expert is no longer a technical expert, focused on configuring tools or blocking malicious IP’s, today’s cyber defenders require a first responder skill set. They are expected to possess a broad set of skills that includes cybersecurity controls, recent threat vectors, the MITRE ATT&CK Framework, cloud security, malware analysis, incident response, threat hunting, regulation, and compliance. They need soft skills like teamwork, communication, and critical thinking. But education programs have not changed and are still focused on network security, IT skills and ethical hacking, suitable for the cyber expert of yesterday. Once hired, these graduates spend months learning on the job before they are operational.
The ICL: Collegiate Cup was created to immerse students in real-world attacks, just like the ones they will experience on the job.
Unlike conventional competitions, ICL Collegiate Cup does not focus on hacking, basic network security or IT skills, but on cyber defense and incident response skills. For the first time, students will know if they are truly job ready, and will be challenged in hyper-realistic attack scenarios that will require the full set of skills they will need on the job, including: technical skills, teamwork skills, even using commercial security tools like a SIEM, firewall, and endpoint security tools.
Teams who will succeed at ICL can confidently say they are prepared for a career in cyber defense.
The ICL competition will consist of 2 rounds, taking place on Cyberbit’s hyper-realistic cyber range.
In the first round, each team member will complete a 1-hour challenge (“cyber lab”) as an individual. Top teams will move on to the final round, consisting of a three-hour, live-fire team challenge that simulates an end-to-end cyber-attack. Students will demonstrate their ability to detect, investigate and respond to a cyber-attack using the tools of the trade, as well as their ability to work as a team, communicate, work under pressure, and demonstrate critical thinking.
The tournament is open for students from anywhere around the world who are enrolled in a bachelor’s or associate cyber security program at an institution of higher learning at least through November 30th, 2022. The winners will proudly wear the title of “Higher Education’s Best Cyber Defense Team”.
|
|
Attackers are bypassing two-factor authentication (2FA) and using other evasion tactics in a campaign that is trying to take over Coinbase accounts to defraud users of their cryptocurrency.
Researchers at PIXM Software say that the threat actors are using emails that spoof Coinbase to trick users into logging into their accounts so that the attackers can gain access to the accounts and steal funds.[2] The researchers say that the cybercriminals will distribute these stolen funds through a network of “burner” accounts, in an automated way, via hundreds or thousands of transactions. The cybercriminals do this in an effort to shroud the original wallet from their destination wallet.[2]
The attackers employ a range of tactics to avoid detection. One such tactic is what researchers call “short-lived domains.” These domains are only up for extremely short periods of time (less than two hours), which is a deviation from typical phishing practices.[1] Another tactic used is context awareness. Context awareness allows cybercriminals to know either the IP, CIDR Range, or geolocation from which they anticipate their target to be connecting. The attackers can then create something similar to an Access Control List (ACL) on the phishing page to restrict connections to only be allowed from the IP, CIDR Range, or region of their intended target.[1]
The Coinbase attacks begin with criminals targeting users with a malicious email that spoofs Coinbase so that victims think that they are receiving a legitimate message. The email uses a variety of reasons to persuade the user into logging into their account. For example, the account might be locked due to suspicious activity or a transaction needs to be confirmed. Like a typical phishing campaign, if the user is persuaded to follow the link in the phony message, they are taken to a fake login page and they are prompted to enter their credentials. If the user enters their credentials, the cybercriminal receives them in real-time and uses them to log in to the legitimate Coinbase website. Because the attacker logged into the legitimate Coinbase website, the victim is sent a 2FA code from Coinbase. Thinking that they are logging into the legitimate Coinbase website, the victim enters the 2FA code they received. However, like the login credentials, the cybercriminal receives the 2FA code and gains control of the victim’s account.[1]
Once the criminal has access to the account, they divert the victim’s funds to the aforementioned network of accounts in order to evade detection or suspicion. According to researchers, the funds are often embezzled through unregulated and illegal online cryptocurrency services, like cryptocurrency casinos, betting applications, and illegal online marketplaces.[1] At this point, the victim is told that their account is locked or restricted, and is prompted to talk to customer service to rectify their problem. This prompt is the second phase of the attack, where the cybercriminal poses as a Coinbase employee trying to help the victim regain access to their account, but in reality, is stalling so that the fund transfer can be completed before the victim becomes suspicious. Once the transfer is complete, the cybercriminal will abruptly close the session and then shut down the phishing page, leaving the victim without their funds.[1]
This threat advisory has no indicators of compromise, but users should ensure that they are only interacting with legitimate communications from Coinbase and other services.
(1) Montalbano, Elizabeth. “Phishers Swim Around 2FA in Coinbase Account Heists.” Threatpost English Global, August 8, 2022. https://threatpost.com/phishers-2fa-coinbase/180356/.
(2) PIXM Software, ed. “Coinbase Attacks Bypass 2FA.” Pixm Anti-Phishing, August 8, 2022. https://pixmsecurity.com/blog/phish/coinbase-attacks-bypass-2fa/.
Threat Advisory created by The Cyber Florida Security Operations Center. Contributing Security Analysts: Dorian Pope, Sreten Dedic, EJ Bulut.
RING (Regions Investing in the Next Generation) is an online high school cybersecurity course that offers interesting and engaging content specifically for students and schools without an existing cybersecurity program. RING aims to mentor students down their career path, instilling ethics and pride in their profession along the way. RING is more than a collection of labs and presentations–it’s forging the tools that will shape the next generation of cybersecurity experts.
RING is funded through NSA CAE-C K12 Pathway grants. The list of involved institutions are:
Are you an Instructor that is interested in learning more about this program and would like to be involved?
Follow this link to fill out an interest form for Teachers and academia.
Are you a current or prospective student wanting to learn more about what this program has to offer?
Follow this link to fill out an interest form for Students, Parents, and Guardians.
There’s no question that student loan debt is a major problem for many people in the U.S. In fact, researchers estimate that there are currently more than 44 million Americans with student loan debt, and the average U.S. household that has student loan debt owes just over $57,000. With so much debt, it’s no wonder that there are people out there who are looking for ways to get rid of it. And that’s where student loan forgiveness scams come in.
There are a lot of companies and individuals out there who claim they can help you get your student loans forgiven. But the truth is, most of these offers are too good to be true. And if you’re not careful, you could end up getting scammed.
There are a few different types of student loan forgiveness scams out there. Here are three of the most common:
The company promises loan forgiveness for a fee. This is probably the most common type of scam. But the truth is, you don’t need to pay anyone to get your loans forgiven. The government has a number of programs that can help you get rid of your debt, and you can apply for them for free.
The company promises to lower your monthly payments. This is something you can do for free. There are a number of government programs that can help you lower your payments, and you don’t need to pay anyone to access them.
The company promises to consolidate your loans. This can be a good thing or a bad thing, depending on the interest rate you’re currently paying. If you’re consolidating your loans at a lower interest rate, it can save you money. But if you’re consolidating your loans at a higher interest rate, it could end up costing you more in the long run.
If you think you may have been a victim of a student loan forgiveness scam, it is important to take action right away to protect yourself and your finances. Here are some steps to take if you are scammed:
Reporting student loan forgiveness scams is crucial to helping others avoid being scammed. As a society, the more people that report online scams and fraud, the more national reporting data that is collected, and the better chance law enforcement has to catch the criminals and decrease cybercrime.
Whether you provided financial or personal information to scammers or not, report the incident to the following authorities:
There are a number of government programs that help with loan forgiveness. And you can access these programs for free. So there’s no need to pay anyone for help. The U.S. Department of Education (ED) offers free and legitimate student loan forgiveness programs. Contact your official loan servicer to find out if you qualify.
If you’re considering student loan forgiveness, make sure you do your research and be careful of scams. There are a lot of companies and individuals out there who will try to take advantage of you. But if you’re aware of the signs of a scam, you can protect yourself.
To learn more about other scams affecting students, visit our education/scholarship scams page.
Article retrieved from Fight Cybercrime. View the original article: https://fightcybercrime.org/blog/student-loan-forgiveness-scams-are-on-the-rise/
Phishing attacks exploiting the Microsoft and Facebook brands, among others, have increased between 2021 and 2022.
According to researchers at Vade, Microsoft, Facebook, and the French bank Crédit Agricole are the top abused brands.[1] The report also says that phishing attacks exploiting the Microsoft brand increased 266% in the first quarter of 2022 compared to 2021. Phony Facebook messages are up 177% in the second quarter of 2022, also compared to 2021.[1]
The research done by Vade analyzed unique instances of phishing URLs used by threat actors carrying out phishing attacks and not the number of phishing emails associated with the URLs. Their report listed the 25 most commonly phished companies, along with the most targeted industries and days of the week for phishing emails.[1] Other brands at the top of the list include Crédit Agricole, WhatsApp, and French telecommunications company Orange. PayPal, Google, and Apple also made the list.[1]
The report by Vade found that through the first half of 2022, 34% of all unique phishing attacks, that were tracked by the researchers at Vade, impersonated financial services brands. The next most popular sector was cloud service providers, with Microsoft, Google, and Adobe being prime targets. The social media sector was also popular with Facebook, WhatsApp, and Instagram at the top of the list of brands exploited in the attacks.[1] The researchers also found that the most popular days for sending phishing emails were Monday through Wednesday. The weekend did not see a lot of phishing emails sent with only 20% of the phishing emails being sent during the weekend.[1]
This threat advisory has no indicators of compromise, but it is recommended that readers be aware of the links and attachments that they are sent to ensure their safety.
(1) Nelson, Nate. “Phishing Attacks Skyrocket with Microsoft and Facebook as Most Abused Brands.” Threatpost English Global, July 26, 2022. https://threatpost.com/popular-bait-in-phishing-attacks/180281/.
(2) Petitto, Natalie. “Phishers’ Favorites Top 25, H1 2022: Microsoft Is the Most Impersonated Brand in Phishing Attacks.” Vade, July 26, 2022. https://www.vadesecure.com/en/blog/phishers-favorites-top-25-h1-2022.
Threat Advisory created by The Cyber Florida Security Operations Center. Contributing Security Analysts: Dorian Pope, Sreten Dedic, EJ Bulut, and Tural Hagverdiyev
Calling all cyber educators, cyber students and/or colleagues to join Parsons for the AFCEA TechNet International Military and Collegiate Capture the Flag (CTF) at the Georgia Cyber Center or virtually on August 16th from 10am EST – 2pm EST.
The International Military and Collegiate Level CTF will be a jeopardy-style event. Military and college teams from across the world will compete highlighting their skills, resiliency, and achievements. Topics covered for this event will include Binary Exploitation, Reverse Engineering, Web Exploitation, Cryptography, Forensics, and Security.
Want another opportunity to participate? Sign up for the TechNet Augusta Research Poster Show on August 17, 2022 from 5pm EST – 6:30pm EST. Students can attend (registration is free) as participants in the Cyber Research Poster Show by presenting a research poster or conducting a CYBER demonstration. Interested students and their mentors should fill out the poster show registration form and return it to the USARMY Ft Gordon CYBER COE Academic Outreach Team at: usarmy.gordon.cyber-coe.mbx.g357-outreach@army.mil
