Cyber Florida

About Cyber Florida

This author has not yet filled in any details.
So far Cyber Florida has created 56 blog entries.

Cyber Florida Staff Director Dr. Ron Sanders Retires

July 18, 2022—TAMPA, FL: After helping to oversee a period of rapid change and dramatic growth at the Florida Center for Cybersecurity (also known as Cyber Florida), Staff Director Ron Sanders, DPA, has announced his retirement. Dr. Sanders first served as a member of the Board of Advisors upon the center’s founding in 2013. In 2020, he was brought on as staff director under former Executive Director Mike McConnell, VADM, USN, Ret., who has also recently retired. During his tenure as staff director, Dr. Sanders championed several new initiatives that garnered national recognition for the center and helped secure significant new funding for a series of efforts to improve the state’s overall cybersecurity posture.

“I am grateful to Dr. Sanders for his many notable contributions to this organization,” said the center’s new executive director, General (Retired) Frank McKenzie. He continued, “His leadership was instrumental in elevating Cyber Florida to national prominence, and together, he and VADM McConnell built an impressive legacy. I’m proud to carry on the remarkable momentum they created and wish Dr. Sanders well in retirement.”

Dr. Sanders’ career includes nearly three decades of decorated civil service. Among his many accomplishments, he helped lead the historic post-Cold War transformation of the U.S. Defense Department and the post-9/11 stand-up of the Department of Homeland Security and the Office of National Intelligence. He managed the recruiting, development, and deployment of thousands of new intelligence officers to fight the Global War on Terror and the restructuring of the IRS. He helped establish the United Arab Emirates’ cybersecurity and space agencies and China’s National School of Administration. He was also a presidential appointee, serving as chair of the U.S. Federal Salary Council from 2017 to 2020.

Dr. Sanders is the recipient of three Presidential Rank Awards (from DOD, IRS, and the U.S. Office of Personnel Management), two Teddy Roosevelt Distinguished Public Service Awards, and the National Intelligence Distinguished Service Medal. He is the author of four books and has served on the faculty of several distinguished institutions, including George Washington University, The Brookings Institution, and the University of South Florida.

During his tenure with Cyber Florida, he led the transformation of the University of South Florida’s online M.S. in Cybersecurity into four independent cyber-focused master’s degree programs to better align with employer needs. He advocated for the launch of the center’s highly successful Operation K12 program, and his passion for public service led him to create the Cyber Citizenship Education initiative, designed to teach K-12 students to navigate online misinformation and disinformation, among other accomplishments.

ABOUT CYBER FLORIDA

The Florida Center for Cybersecurity, also known as Cyber Florida, was established by the Florida Legislature in 2014 to help position Florida as a national leader in cybersecurity through education, research, and outreach. Hosted by the University of South Florida, Cyber Florida leads a spectrum of initiatives to inspire and educate future and current professionals, support industry-advancing research, and help people and organizations better understand cyber threats and what they can do to stay safer in cyberspace.

###

2022-07-18T09:43:13-04:00July 18, 2022|

Cyber Florida Says Goodbye to Executive Director, Welcomes New Leadership

After a highly distinguished career in public service spanning more than five decades, the Honorable J. Michael “Mike” McConnell, VADM, USN, Ret., has retired as executive director of the Florida Center for Cybersecurity at the University of South Florida (USF), also known as “Cyber Florida” as of June 30, 2022. General Frank McKenzie, USMC, Ret., has been appointed by USF President Rhea Law to be Cyber Florida’s new executive director. General McKenzie will also be leading USF’s new Global and National Security Institute [link to USF news article].

McConnell first served as chair of the board of advisors upon the center’s launch in 2013. He assumed the role of executive director in February 2020 at the behest of then-USF President Steven C. Currall. During his two-and-a-half-year tenure, McConnell elevated Cyber Florida from a regional center to a truly statewide entity, helping to guide policy at the state level and expanding the center’s reach beyond the State University System of Florida to include the Florida College System and the state’s public school districts, the state’s defense extensive defense industry, and several federal agencies. Under his guidance, the center also forged strong relationships with Florida’s military community, robust defense industry, and several federal agencies, including helping to bring in several million dollars in grants from the National Security Agency.

“We sincerely thank Vice Admiral McConnell for his decorated career of service to our country and his many important contributions to the success of Cyber Florida.  We wish him the best in a well-deserved retirement,” USF President Rhea Law said. “With the foundation Vice Admiral McConnell helped establish, I look forward to seeing Cyber Florida continue to strengthen the cybersecurity industry across our state and the nation in the future.”

General Frank McKenzie, who recently retired from the U.S. Marine Corps as commander of U.S. Central Command, has taken over as Cyber Florida’s new executive director as well as leading USF’s new Global and National Security Institute.

“Vice Admiral McConnell has set Cyber Florida on a solid trajectory to position Florida as a national industry leader and model state for cybersecurity, and I intend to carry on that mission leveraging the strong momentum he and his team have created,” said McKenzie.

2022-07-11T17:29:44-04:00July 11, 2022|

Subscription Center

2022-04-22T10:46:03-04:00March 21, 2022|

Dynamics Test

2022-03-16T14:11:30-04:00March 16, 2022|

Cyber/IT Pathways Grant Call for Applications Now Open

The Florida Center for Cyber Security (Cyber Florida) is pleased to announce that the Call for Applications for the $20-million Cybersecurity and Information Technology Pathways Grant Program (Cyber/IT Pathways) is now open and available for download at cyberflorida.org/pathways. Funded by the Florida Department of Education, Cyber Florida has been selected to serve as the program office for the Cyber/IT Pathways program, which aims to expand access to and the capacity of cybersecurity and information technology education programs across Florida’s public education entities.

Florida Governor Ron DeSantis announced the funding at a press conference in Tampa on March 2, saying, “Expanding Florida’s commitment to creating opportunities in cybersecurity and IT is a top priority to keep our communities safe and our state secure. This funding will not only create opportunities for Floridians seeking jobs in this important field but will also improve our national defense, protect Floridians and their businesses, and maintain the integrity of our elections. By doubling available opportunities in this field, Florida continues to lead.”

The program will be administered through three regional coordinators, with approximately one-third of the funding serving the Greater Tampa Bay Area, coordinated by the University of South Florida; one-third serving the Greater Miami Area, coordinated by Florida International University; and one-third serving at-large projects around the state, coordinated by a third State University System institution to be named.

Any Florida public education entity, including public school districts; post-secondary technical career centers and charter technical career centers; Florida College System (FCS) institutions; and State University System (SUS) institutions (defined further under Florida statutes §1001.30, §1001.44, §1002.34, §1000.21(3), and §1000.21(6)) may apply for funding under this program.

The types of programs that will be considered for funding include, but are not limited to the following:

  • Elementary, middle, high school, college, and working adult student courses and curricula
  • Secondary continuing technical education (CTE) courses/programs
  • Non-credit training that includes preparation for industry certifications
  • Registered pre-apprenticeship and apprenticeship programs
  • Training programs for existing workers and ‘upskilling’ for those in other industries
  • Career/advanced technical certificates and applied technology degrees
  • Teacher education and professional development

Please visit cyberflorida.org/pathways to learn more and download the Call for Applications.

2022-03-09T10:41:14-05:00March 9, 2022|

Cyberattackers Exploit DocuSign to Steal Microsoft Outlook Logins

I. Targeted Entities

  • DocuSign Users
  • Outlook Users

II. Introduction

A new phishing campaign has targeted a major U.S. payments company. The campaign is directed at a “major, publicly-traded integrated payments solution company located in North America,” and made use of DocuSign and a compromised third party’s email domain to skirt past email security measures.[2]

III. Background Information

Around 550 members of the targeted company received the same email from the same sender, “Hannah Mcdonald,” with a simple subject line and body of the email. From a screenshot provided by Threatpost from Armorblox, the subject line reads, “Hannah shared ‘Revised Contract’ with you.” The body of the email reads, “Hello Please review below and get back to me” with a link of a document through DocuSign, a common e-signature software.[2] The preview looks like a real DocuSign landing page, with a prompt to, “Please review and sign this document,” and a confirmation that other parties had already signed the document.[2] The preview was hosted on Axure, a valid, cloud-based prototyping portal. Ironically, like the real page, the fake page contained a warning in fine print, advising the target to not share access with others. [2]

The phishing emails successfully evaded traditional email security measures partly because they came from a domain belonging to TermBrokersInsurance. Researchers say that a scan of the domain address would not have triggered an alert for fraudulent activity because the domain is valid.[2] Microsoft’s Spam Confidence Level (SCL) measures the perceived legitimacy of an email; SCL rated these emails with a score of –1. This is the lowest score possible and allows emails to bypass filtering because it “is from a safe sender, was sent to a safe recipient or is from an email source server on the IP Allow List.”[2]

Impersonating and exploiting trusted cloud services is an increasingly common tactic to evade security filters; receiving a benign link from a seemingly known and trusted user or application is not inherently malicious. From January to March of 2021, researchers found 7 million malicious emails sent from Microsoft 365 and 45 million malicious emails sent from Google’s cloud services and infrastructure.[2] Cybercriminals have also used Office 365, Azure, OneDrive, SharePoint, G-Suite, and Firebase storage to send phishing emails and to host attacks.[2]

Lauryn Cash, product marketing manager at Armorblox, mentions integrated cloud email security, which is a cloud- and AI-based method of identifying anomalous emails, as a countermeasure to support existing email security tools, and specifically mentions natural language understanding (NLU). NLU is the ability of a computer to interpret meaning from human language.[2] The Armorblox report ends by recommending that users remain vigilant about basic security hygiene; do not open emails they are not expecting, watch for targeted attacks, and use tools like password managers and multi-factor authentication.[2]

IV. MITRE ATT&CK

  • T1598.001 – Spearphishing Service
    Adversaries may send spearphishing messages via a third-party service to elicit sensitive information that can be used during targeting. All forms of spearphishing are electronically delivered social engineering targeted at a specific individual or organization
  • T1598.002 Spearphishing Attachment
    Adversaries may send spearphishing messages with a malicious attachment to     elicit sensitive information that can be used during targeting
  • T1598.003 Spearphishing Link
    Adversaries may send spearphishing messages with a link to elicit sensitive         information that can be used during targeting

V. Recommendations

  • Phishing Awareness Training
    Users should be informed and educated about new kinds of phishing scams currently being used and ones that have been used in the past. Awareness training should instruct users to avoid suspicious emails, links, websites, attachments, etc. Users should also be educated about new types of attacks and schemes to mitigate risk.
    Recommended link: https://www.us-cert.gov/ncas/tips/ST04-014
  • Set Antivirus Programs to Conduct Regular Scans
    Ensure that antivirus and antimalware programs are scanning assets using up-to-date signatures.
  • Malware Monitoring
    Continuously monitor current and new types of malware. Stay up to date on intel and advancements to prevent, defend, and mitigate these types of threats.
  • Strong Cyber Hygiene
    Enforce a strong password policy across all networks and subsystems. Remind users to be wary of any messages asking for immediate attention, links, downloads, etc. All sources should be verified.
    Recommended link: https://us-cert.cisa.gov/ncas/alerts/aa21-131a

VI. Indicators of Compromise (IOCs)

The link below has been included to assist with the download of some identified IOCs related to this Threat Advisory report. Be on the lookout for these IOCs, as well as anything that looks similar.

https://usf.box.com/s/57zfghvpvrd3a6rlswbees5k6tsobuee

VII. References

(1) Cash, Lauryn. “Please Sign on the Dotted Line: DocuSign Phishing Attack.” Armorblox, February 24, 2022. https://www.armorblox.com/blog/blox-tales-please-sign-on-the-dotted-line-docusign-phishing-attack.

(2) Nelson, Nate. “Cyberattackers Leverage DocuSign to Steal Microsoft Outlook Logins.” Threatpost English Global, February 24, 2022. https://threatpost.com/cyberattackers-docusign-steal-microsoft-outlook-logins/178613/.

Threat Advisory created by the Cyber Florida Security Operations Center.
Contributing Security Analysts: Dorian Pope, Ipsa Bhatt, Sreten Dedic, EJ Bulut, Uday Bilakhiya, Tural Hagverdiyev.

2022-03-03T16:11:23-05:00March 3, 2022|

CISA Urges Proactive Steps to Protect Critical Infrastructure

CISA has released CISA Insights: Preparing for and Mitigating Foreign Influence Operations Targeting Critical Infrastructure, which provides proactive steps organizations can take to assess and mitigate risks from information manipulation. Malicious actors may use tactics—such as misinformation, disinformation, and malinformation—to shape public opinion, undermine trust, and amplify division, which can lead to impacts to critical functions and services across multiple sectors.

Current social factors—including heightened polarization and the ongoing global pandemic—increase the risk and potency of influence operations to U.S. critical infrastructure. CISA encourages leaders at all organizations to review the CISA Insights and follow the guidance to assess risk and increase resilience.

Read the full story: https://www.cisa.gov/uscert/ncas/current-activity/2022/02/18/cisa-insights-foreign-influence-operations-targeting-critical

2022-02-26T15:54:29-05:00February 26, 2022|

Remain Vigilant as Cyber Threats Intensify

Photo of Mike MicConnell

A message from Cyber Florida Executive Director and former Director of U.S. National Intelligence Mike McConnell:

Fellow citizens: As we watch historic events unfold in Ukraine, I am reminded of Russia’s illegal actions as far back as 2017, when their cyberattack on Ukraine triggered some ‘spillover’ disruptions in cyberspace. While there may be some spillover effects in this instance, our very best assessment is that they will be limited to Ukraine and its immediate environs. Nevertheless, we must all remain vigilant during this time of heightened tension, ensuring that our personal and organizational devices and software are updated and patched, and that we’re all on the lookout for suspicious emails and other malicious attempts to exploit our Nation’s digital dependence. And in that regard, I can assure you that our military, government, and industry cybersecurity personnel are vigilant as always, poised to respond quickly and forcefully to any and all cyber incidents that may affect us. They are up to that task, and we should be thankful for them. In the meantime, our prayers and support are with the Ukrainian people.

2022-03-09T09:55:57-05:00February 26, 2022|

Senton Pojani, ARM

Senton Pojani serves as a Risk Management Consultant for Aon Risk Solutions, a division of Aon PLC (NYSE:AON). In this capacity, Senton delivers risk management consulting and guidance to a range of clients from Fortune 1000 firms, private financial sponsors, and fast-growth startups. Senton’s responsibilities include market growth leadership, client acquisition and strategy, and service team delivery to his direct clients. Senton has been recognized for many awards ranging from innovative client solutions from insurance publications to outstanding young leadership awards from both his employers and the non-profits he works with. Prior to Aon, Senton served as a Director in the Technology Practice for the third-largest risk management consulting firm in the world.

In addition to his responsibilities at Aon, Senton is very active in the non-profit community, having served on the boards of Tampa Bay Tech, The Nashville Public Library Foundation, The Hillsborough Public Education Foundation, Make-a-Wish, Association for Corporate Growth, and the Armed Forces Communications and Electronics Association.

 

Expertise:

– Technology Firms: Software, Hardware, Mobile, Internet, Networking and Media Firms

– Private Equity, M&A Transactions, Venture Capital

– Hyper Growth “Unicorn” Startups

– Management and Professional Liability (D&O, E&O, Cyber & Privacy Liability)

– Complex Casualty

– International Risk

 

Educational Background

  • Bachelors of Science: Risk Management and Insurance- Florida State University
  • Bachelors of Science: Marketing – Florida State University
  • Associates in Risk Management (ARM) – American Institute for Chartered Property and Casualty Underwriters
  • Candidate: Master of Business Administration, Kellogg School of Management, Northwestern University. Expected: 2022.
2022-01-10T20:58:20-05:00January 10, 2022|

Cybersecurity for Executives

Cyber Florida is pleased to announce the launch of Cybersecurity for Executives, a workshop series to help C-suite executives and board members better understand the cybersecurity threats facing their organizations and their role in managing those threats. The first event offered in the series will be Cybersecurity for the C-Suite, a two-day, in-person workshop intended for senior, non-technical executives such as CEOs, COOs, CFOs, and CMOs scheduled for early 2022 (dates TBD). The workshop is $3,995 per person and includes meals, training materials, and a unique interactive executive wargame exercise based on real-world cyber incidents.

Cybersecurity for the C-Suite helps non-technical leaders gain a better understanding of the role they play in supporting the cyber health of the organization and in responding to cyber incidents. Participants learn about the threats facing their organization, why it’s important to consider cybersecurity across the organization, and how to prepare a cyber incident response that maintains business operations and preserves the organization’s reputation. The workshop covers several critical topic areas, including

  • Types of Attacks
  • The Frontline: Employees & Social Engineering
  • Legal Responsibilities
  • Cyber Insurance
  • Cyber Incident Response Planning
  • Cybersecurity Risk Management
  • Incident Recovery & Resiliency
  • Governance for Cyber Preparedness

Each module is taught by a seasoned expert invited from Cyber Florida’s prolific network of public and private sector cybersecurity thought leaders. In addition to Cyber Florida Executive Director and former Director of US National Intelligence Mike McConnell, the program’s faculty roster includes John Felker, former Assistant Director of the Cybersecurity and Infrastructure Security Agency’s Integrated Operations Division; Christopher Hetner, Expert Advisor, Institute for Defense Analyses, US Department of the Treasury; Joe Swanson, Chair, Cybersecurity and Privacy Practice Group, Carlton Fields; Pam Lindemoen, Chief Information Security Officer Advisor, Cisco Systems, Inc.; Adam Isles, Principal, The Chertoff Group; and many more distinguished leaders in the field.

2022-01-04T19:07:48-05:00January 4, 2022|
Go to Top