About Cyber Florida

This author has not yet filled in any details.
So far Cyber Florida has created 55 blog entries.

Subscription Center

2022-04-22T10:46:03-04:00March 21, 2022|

Dynamics Test

2022-03-16T14:11:30-04:00March 16, 2022|

Cyber/IT Pathways Grant Call for Applications Now Open

The Florida Center for Cyber Security (Cyber Florida) is pleased to announce that the Call for Applications for the $20-million Cybersecurity and Information Technology Pathways Grant Program (Cyber/IT Pathways) is now open and available for download at cyberflorida.org/pathways. Funded by the Florida Department of Education, Cyber Florida has been selected to serve as the program office for the Cyber/IT Pathways program, which aims to expand access to and the capacity of cybersecurity and information technology education programs across Florida’s public education entities.

Florida Governor Ron DeSantis announced the funding at a press conference in Tampa on March 2, saying, “Expanding Florida’s commitment to creating opportunities in cybersecurity and IT is a top priority to keep our communities safe and our state secure. This funding will not only create opportunities for Floridians seeking jobs in this important field but will also improve our national defense, protect Floridians and their businesses, and maintain the integrity of our elections. By doubling available opportunities in this field, Florida continues to lead.”

The program will be administered through three regional coordinators, with approximately one-third of the funding serving the Greater Tampa Bay Area, coordinated by the University of South Florida; one-third serving the Greater Miami Area, coordinated by Florida International University; and one-third serving at-large projects around the state, coordinated by a third State University System institution to be named.

Any Florida public education entity, including public school districts; post-secondary technical career centers and charter technical career centers; Florida College System (FCS) institutions; and State University System (SUS) institutions (defined further under Florida statutes §1001.30, §1001.44, §1002.34, §1000.21(3), and §1000.21(6)) may apply for funding under this program.

The types of programs that will be considered for funding include, but are not limited to the following:

  • Elementary, middle, high school, college, and working adult student courses and curricula
  • Secondary continuing technical education (CTE) courses/programs
  • Non-credit training that includes preparation for industry certifications
  • Registered pre-apprenticeship and apprenticeship programs
  • Training programs for existing workers and ‘upskilling’ for those in other industries
  • Career/advanced technical certificates and applied technology degrees
  • Teacher education and professional development

Please visit cyberflorida.org/pathways to learn more and download the Call for Applications.

2022-03-09T10:41:14-05:00March 9, 2022|

Cyberattackers Exploit DocuSign to Steal Microsoft Outlook Logins

I. Targeted Entities

  • DocuSign Users
  • Outlook Users

II. Introduction

A new phishing campaign has targeted a major U.S. payments company. The campaign is directed at a “major, publicly-traded integrated payments solution company located in North America,” and made use of DocuSign and a compromised third party’s email domain to skirt past email security measures.[2]

III. Background Information

Around 550 members of the targeted company received the same email from the same sender, “Hannah Mcdonald,” with a simple subject line and body of the email. From a screenshot provided by Threatpost from Armorblox, the subject line reads, “Hannah shared ‘Revised Contract’ with you.” The body of the email reads, “Hello Please review below and get back to me” with a link of a document through DocuSign, a common e-signature software.[2] The preview looks like a real DocuSign landing page, with a prompt to, “Please review and sign this document,” and a confirmation that other parties had already signed the document.[2] The preview was hosted on Axure, a valid, cloud-based prototyping portal. Ironically, like the real page, the fake page contained a warning in fine print, advising the target to not share access with others. [2]

The phishing emails successfully evaded traditional email security measures partly because they came from a domain belonging to TermBrokersInsurance. Researchers say that a scan of the domain address would not have triggered an alert for fraudulent activity because the domain is valid.[2] Microsoft’s Spam Confidence Level (SCL) measures the perceived legitimacy of an email; SCL rated these emails with a score of –1. This is the lowest score possible and allows emails to bypass filtering because it “is from a safe sender, was sent to a safe recipient or is from an email source server on the IP Allow List.”[2]

Impersonating and exploiting trusted cloud services is an increasingly common tactic to evade security filters; receiving a benign link from a seemingly known and trusted user or application is not inherently malicious. From January to March of 2021, researchers found 7 million malicious emails sent from Microsoft 365 and 45 million malicious emails sent from Google’s cloud services and infrastructure.[2] Cybercriminals have also used Office 365, Azure, OneDrive, SharePoint, G-Suite, and Firebase storage to send phishing emails and to host attacks.[2]

Lauryn Cash, product marketing manager at Armorblox, mentions integrated cloud email security, which is a cloud- and AI-based method of identifying anomalous emails, as a countermeasure to support existing email security tools, and specifically mentions natural language understanding (NLU). NLU is the ability of a computer to interpret meaning from human language.[2] The Armorblox report ends by recommending that users remain vigilant about basic security hygiene; do not open emails they are not expecting, watch for targeted attacks, and use tools like password managers and multi-factor authentication.[2]

IV. MITRE ATT&CK

  • T1598.001 – Spearphishing Service
    Adversaries may send spearphishing messages via a third-party service to elicit sensitive information that can be used during targeting. All forms of spearphishing are electronically delivered social engineering targeted at a specific individual or organization
  • T1598.002 Spearphishing Attachment
    Adversaries may send spearphishing messages with a malicious attachment to     elicit sensitive information that can be used during targeting
  • T1598.003 Spearphishing Link
    Adversaries may send spearphishing messages with a link to elicit sensitive         information that can be used during targeting

V. Recommendations

  • Phishing Awareness Training
    Users should be informed and educated about new kinds of phishing scams currently being used and ones that have been used in the past. Awareness training should instruct users to avoid suspicious emails, links, websites, attachments, etc. Users should also be educated about new types of attacks and schemes to mitigate risk.
    Recommended link: https://www.us-cert.gov/ncas/tips/ST04-014
  • Set Antivirus Programs to Conduct Regular Scans
    Ensure that antivirus and antimalware programs are scanning assets using up-to-date signatures.
  • Malware Monitoring
    Continuously monitor current and new types of malware. Stay up to date on intel and advancements to prevent, defend, and mitigate these types of threats.
  • Strong Cyber Hygiene
    Enforce a strong password policy across all networks and subsystems. Remind users to be wary of any messages asking for immediate attention, links, downloads, etc. All sources should be verified.
    Recommended link: https://us-cert.cisa.gov/ncas/alerts/aa21-131a

VI. Indicators of Compromise (IOCs)

The link below has been included to assist with the download of some identified IOCs related to this Threat Advisory report. Be on the lookout for these IOCs, as well as anything that looks similar.

https://usf.box.com/s/57zfghvpvrd3a6rlswbees5k6tsobuee

VII. References

(1) Cash, Lauryn. “Please Sign on the Dotted Line: DocuSign Phishing Attack.” Armorblox, February 24, 2022. https://www.armorblox.com/blog/blox-tales-please-sign-on-the-dotted-line-docusign-phishing-attack.

(2) Nelson, Nate. “Cyberattackers Leverage DocuSign to Steal Microsoft Outlook Logins.” Threatpost English Global, February 24, 2022. https://threatpost.com/cyberattackers-docusign-steal-microsoft-outlook-logins/178613/.

Threat Advisory created by the Cyber Florida Security Operations Center.
Contributing Security Analysts: Dorian Pope, Ipsa Bhatt, Sreten Dedic, EJ Bulut, Uday Bilakhiya, Tural Hagverdiyev.

2022-03-03T16:11:23-05:00March 3, 2022|

CISA Urges Proactive Steps to Protect Critical Infrastructure

CISA has released CISA Insights: Preparing for and Mitigating Foreign Influence Operations Targeting Critical Infrastructure, which provides proactive steps organizations can take to assess and mitigate risks from information manipulation. Malicious actors may use tactics—such as misinformation, disinformation, and malinformation—to shape public opinion, undermine trust, and amplify division, which can lead to impacts to critical functions and services across multiple sectors.

Current social factors—including heightened polarization and the ongoing global pandemic—increase the risk and potency of influence operations to U.S. critical infrastructure. CISA encourages leaders at all organizations to review the CISA Insights and follow the guidance to assess risk and increase resilience.

Read the full story: https://www.cisa.gov/uscert/ncas/current-activity/2022/02/18/cisa-insights-foreign-influence-operations-targeting-critical

2022-02-26T15:54:29-05:00February 26, 2022|

Remain Vigilant as Cyber Threats Intensify

Photo of Mike MicConnell

A message from Cyber Florida Executive Director and former Director of U.S. National Intelligence Mike McConnell:

Fellow citizens: As we watch historic events unfold in Ukraine, I am reminded of Russia’s illegal actions as far back as 2017, when their cyberattack on Ukraine triggered some ‘spillover’ disruptions in cyberspace. While there may be some spillover effects in this instance, our very best assessment is that they will be limited to Ukraine and its immediate environs. Nevertheless, we must all remain vigilant during this time of heightened tension, ensuring that our personal and organizational devices and software are updated and patched, and that we’re all on the lookout for suspicious emails and other malicious attempts to exploit our Nation’s digital dependence. And in that regard, I can assure you that our military, government, and industry cybersecurity personnel are vigilant as always, poised to respond quickly and forcefully to any and all cyber incidents that may affect us. They are up to that task, and we should be thankful for them. In the meantime, our prayers and support are with the Ukrainian people.

2022-03-09T09:55:57-05:00February 26, 2022|

Senton Pojani, ARM

Senton Pojani serves as a Risk Management Consultant for Aon Risk Solutions, a division of Aon PLC (NYSE:AON). In this capacity, Senton delivers risk management consulting and guidance to a range of clients from Fortune 1000 firms, private financial sponsors, and fast-growth startups. Senton’s responsibilities include market growth leadership, client acquisition and strategy, and service team delivery to his direct clients. Senton has been recognized for many awards ranging from innovative client solutions from insurance publications to outstanding young leadership awards from both his employers and the non-profits he works with. Prior to Aon, Senton served as a Director in the Technology Practice for the third-largest risk management consulting firm in the world.

In addition to his responsibilities at Aon, Senton is very active in the non-profit community, having served on the boards of Tampa Bay Tech, The Nashville Public Library Foundation, The Hillsborough Public Education Foundation, Make-a-Wish, Association for Corporate Growth, and the Armed Forces Communications and Electronics Association.

 

Expertise:

– Technology Firms: Software, Hardware, Mobile, Internet, Networking and Media Firms

– Private Equity, M&A Transactions, Venture Capital

– Hyper Growth “Unicorn” Startups

– Management and Professional Liability (D&O, E&O, Cyber & Privacy Liability)

– Complex Casualty

– International Risk

 

Educational Background

  • Bachelors of Science: Risk Management and Insurance- Florida State University
  • Bachelors of Science: Marketing – Florida State University
  • Associates in Risk Management (ARM) – American Institute for Chartered Property and Casualty Underwriters
  • Candidate: Master of Business Administration, Kellogg School of Management, Northwestern University. Expected: 2022.
2022-01-10T20:58:20-05:00January 10, 2022|

Cybersecurity for Executives

Cyber Florida is pleased to announce the launch of Cybersecurity for Executives, a workshop series to help C-suite executives and board members better understand the cybersecurity threats facing their organizations and their role in managing those threats. The first event offered in the series will be Cybersecurity for the C-Suite, a two-day, in-person workshop intended for senior, non-technical executives such as CEOs, COOs, CFOs, and CMOs scheduled for early 2022 (dates TBD). The workshop is $3,995 per person and includes meals, training materials, and a unique interactive executive wargame exercise based on real-world cyber incidents.

Cybersecurity for the C-Suite helps non-technical leaders gain a better understanding of the role they play in supporting the cyber health of the organization and in responding to cyber incidents. Participants learn about the threats facing their organization, why it’s important to consider cybersecurity across the organization, and how to prepare a cyber incident response that maintains business operations and preserves the organization’s reputation. The workshop covers several critical topic areas, including

  • Types of Attacks
  • The Frontline: Employees & Social Engineering
  • Legal Responsibilities
  • Cyber Insurance
  • Cyber Incident Response Planning
  • Cybersecurity Risk Management
  • Incident Recovery & Resiliency
  • Governance for Cyber Preparedness

Each module is taught by a seasoned expert invited from Cyber Florida’s prolific network of public and private sector cybersecurity thought leaders. In addition to Cyber Florida Executive Director and former Director of US National Intelligence Mike McConnell, the program’s faculty roster includes John Felker, former Assistant Director of the Cybersecurity and Infrastructure Security Agency’s Integrated Operations Division; Christopher Hetner, Expert Advisor, Institute for Defense Analyses, US Department of the Treasury; Joe Swanson, Chair, Cybersecurity and Privacy Practice Group, Carlton Fields; Pam Lindemoen, Chief Information Security Officer Advisor, Cisco Systems, Inc.; Adam Isles, Principal, The Chertoff Group; and many more distinguished leaders in the field.

2022-01-04T19:07:48-05:00January 4, 2022|

Robert F. Brese

Bob Brese is a Vice President and Executive Partner with Gartner, Inc., the world’s leading research and advisory company. At Gartner, Mr. Brese manages and owns relationships with public and private sector executives, advising them on technology and technology-enabled business strategies to drive revenue and mission value along with the management of enterprise cost and risk.

Prior to joining Gartner, Mr. Brese was a senior executive (SES) at the U.S. Department of Energy (DOE), serving in a variety of leadership roles for an Agency whose national laboratories, production facilities, nuclear security, and environmental cleanup missions span open science to national security. In his final assignment as the Department’s Chief Information Officer (CIO), Mr. Brese led DOE’s $2 billion annual investment in technology and cybersecurity. Mr. Brese simultaneously served as the Department’s Senior Agency Official for Privacy and for Information Sharing and Safeguarding as well as two years as DOE’s Acting Chief Information Security Officer. A leader in the national cybersecurity community, Mr. Brese was a key contributor to the Obama Administration’s success in cyber legislation; policy; cybersecurity technology research, development, and deployment; and in the cybersecurity protection of the country’s critical infrastructure, including the development of the DOE’s Cybersecurity Capability Maturity Model (C2M2) for the Energy Sector.

In the Fall of 2012, Mr. Brese led a team of Presidential Innovation Fellows and other public and private sector innovators to leverage technology and social media to speed and enhance the government-wide disaster response in the aftermath of Hurricane Sandy. In 2014, he and the Assistant Secretary for Electricity and Energy Reliability co-sponsored the American Energy Data Challenge to spur the creation of new tools and insights for the American public related to energy generation, distribution, and use to accelerate the 21st-century energy economy.

Mr. Brese’s other Government Executive assignments included service as the DOE Deputy CIO, Acting CISO (simultaneous with DOE Deputy CIO and CIO roles), as Deputy CIO for DOE’s National Nuclear Security Administration (NNSA), and as the founding Director of NNSA’s Defense Nuclear Security Office of Performance Assurance. He also served as a nuclear submarine officer in the U.S. Navy, retiring after a 22-year career. During his military career, he served in a variety of operational and headquarters assignments, completing seven major sea deployments, and serving in every ocean and major sea. Mr. Brese also serves as a CIO Senior Advisor to Government Executives (SAGE) with the Partnership for Public Service; as adjunct faculty for the University of South Florida Muma School of Business Cybersecurity for Executives Program; as a guest lecturer at other universities; and on the Advisory Board of Interos, Inc., a supply chain risk management SaaS platform start-up which achieved Unicorn status in 2021. In his spare time, he is an avid cyclist and an Ambassador for World Bicycle Relief, a charity focused on ending transportation poverty in Africa and other underdeveloped countries.

2022-01-03T17:09:38-05:00January 3, 2022|

Dan Holland

After graduating from the U.S. Coast Guard Academy, Dan began his career as a Federal Law Enforcement Officer leading at-sea boardings around the world in pursuit of suspected drug-runners and pirates and then commanding an 87’ Cutter in San Francisco, CA. He later earned a Top-Secret clearance and served as a Program Manager for the Pacific Area Fleet before transitioning to civilian life and beginning his career in cyber risk management and security.

After five years at a Fortune 500 company where he ultimately served as Chief of Staff for the SVP responsible for over $2B in annual revenue, Dan founded Arete Solutions. Arete {ah-reh-tay} is an ancient Greek concept for “the pursuit of excellence,” and Arete Solutions is a cybersecurity consultancy and disabled veteran-owned small business that advises and supports US government and corporate clients on IT and cybersecurity risk, strategy, and execution. Dan and his expert associates surpassed $3M in revenue in the first 18 months by performing assessments, documenting and delivering plans, policy, and research, managing and staffing technical projects, and reselling hardware and software tools. Their mission is to help clients make excellent decisions.

Dan’s volunteer time is spent facilitating practical cybersecurity experiences and mentorship for K12 educators and students across Florida. He serves on the Board of the 1K+ member Central Florida AFCEA Chapter as the Cybersecurity Outreach Chair, where he is responsible for coordinating mentorships, field trips, competitions, and teacher professional development with partners across industry, government, and academia.  Dan also serves on the West Florida Area Maritime Security Advisory Committee, helping improve critical infrastructure cybersecurity practices.

2022-01-03T16:46:55-05:00January 3, 2022|
Go to Top