News

Defense Contractors: DoD Updates CMMC Timeline

The Department of Defense recently provided some clarity on the timeline for implementation of its Cybersecurity Maturity Model Certification (CMMC) program. The DoD now expects to complete documentation to submit to the Office of Management and Budget for its rulemaking process by July 2022. And, it plans to issue interim final rules by March 2023. If DoD sticks to this new timeline, the CMMC requirements could begin appearing in solicitations for government contracts as early as May 2023 (60 days after the rules are published).

DoD plans to roll out the CMMC requirements in solicitations under a “phased approach.” During phase one, when the CMMC requirement first starts appearing in solicitations, all offerors will be required to conduct a self-assessment and provide a positive affirmation of compliance. This stands in contrast to having a third-party certification, which will eventually be required for some contractors under CMMC. In phase two, solicitations will require either self-assessments or third-party certifications. Which approach is required depends on the type of information involved, and the required certification level. The timing of phase two is still to be determined.

DoD also has confirmed that the third-party CMMC certification will be good for three years once the certification is issued (while not required until phase 2, contractors may choose to secure certification early), but contractors will be required to provide an annual affirmation confirming compliance. The third-party certification is for those associated with critical programs and contracts involving information critical to national security. Self-assessments required for contractors not handling information critical to national security will need to be performed on an annual basis. The assessment will need to be accompanied by an associated affirmation by a senior company official.

Putting it Into Practice: It seems the time finally has come for DoD contractors and suppliers to prepare their information systems for a CMMC assessment, if they have not already. Now is time for DoD contractors to consider (1) comprehensive self-assessments, (2) appropriate remediation, and (3) updating any reported cybersecurity scores to ensure they reflect the current posture of the system.

Retrieved from https://www.natlawreview.com/article/updated-timeline-dod-s-cybersecurity-certification-program

Defense Contractors: DoD Updates CMMC Timeline2022-06-27T09:25:36-04:00

FIU Awarded $2 Million to Develop Artificial Intelligence Cybersecurity Tools

Florida International University’s College of Engineering and Computing researchers have received a $2 million award from the U.S. Department of Energy (DOE) to help develop technology to prevent, detect, analyze and mitigate cyberattacks against U.S. energy systems.

“Our FIU team is very experienced in cybersecurity and smart energy grids. We are proud to lead the project to advance state-of-the-art methods in cyberattack detection and to harden our power grids,” said Mohammad Ashiqur Rahman, the lead principal investigator and assistant professor and the director of the Analytics for Cyber Defense (ACyD) Lab. “Protecting the security of America’s power is crucial as we face increasing cyber threats.”

The project, entitled “Artificial Intelligence-Enabled Tools (ArtIT) for Cyber Hardening of Power Grids,” involves developing artificial intelligence techniques and analytics that identify attacks in real-time and creating intelligent controllers to enhance the bulk power system’s attack resiliency. The team will then validate and test the tools in collaboration with utility and industry partners.

FIU Awarded $2 Million to Develop Artificial Intelligence Cybersecurity Tools2022-06-15T12:54:09-04:00

UCF Professor’s Research Helps Inform Policy, Laws Surrounding Intimate Partner Cyber Abuse

There are various positive aspects to living in a time in which technology is more prevalent and accessible than ever, but there are also many shadows in the realm of the cyberspace.

This is why Erica Fissel’s goal is to illuminate the interpersonal victimization that occurs in cyberspace in hopes that her work will be used to help inform policy and help these victims.

Fissel, an assistant professor in the Department of Criminal Justice, doesn’t consider herself a particularly technology-savvy person but was fascinated with the way people behave online versus offline. From there, she began to look at what use or abuse of technology looks like in an intimate partner relationship. A member of UCF’s Violence Against Women faculty cluster, she focuses on the impact it has on women.

Although she didn’t intentionally seek to make women the focus of her research, Fissel says she quickly discovered that women are the most likely to experience such forms of interpersonal victimization. She also works with the Cybercrime Support Network to help serve those affected by the growing impacts of cybercrime.

“This area is so interesting to me because it’s so underdeveloped, and there are so many ways that people can use technology to abuse their partners that I would have never thought of,” she says.

Such technology can include smart-home systems like video doorbells, which can be used to track or monitor an intimate partner. Even reading a partner’s text messages without their permission can fall into the category of technology-based abuse under certain circumstances.

She adds that it’s important to realize that intimate partner cyber abuse is not illegal. There may be laws applicable to cyberstalking or cyber harassment, but intimate partner cyber abuse extends beyond those behaviors.

“Because of that, people don’t know what they’re experiencing is abusive or problematic,” Fissel says. “They don’t know that they should be able to get help for it. I want my work to be able to inform policies and laws. I want to help individuals experiencing these behaviors access helpful resources, realize that they’re experiencing problematic behavior and get out of those situations.”

In her Women and Crime course, Fissel often finds herself teaching survivors and others who have experienced intimate partner cyber abuse. She’s even had students realize through the class that they are either currently being victimized or have been in the past.

“It’s very heavy material for students, but what I try to do is have a very open dialogue and safe space within the class where people are able to share their ideas,” she says. “We can talk about these types of behaviors and experiences because they’re important to understand.”

Defining the Cyber Abuse Spectrum

Although statistics show that women are generally more likely to be victims of intimate partner violence, Fissel says she is seeing more parity between men and women engaging in cyber-based abuse.

One of the projects Fissel has been working on examines the normalization or societal acceptance of behaviors that could be considered cyber abuse. She and a team of researchers from other universities collaborated on the study, which was funded by a faculty enrichment grant from the University of Cincinnati’s Criminal Justice Research Center. They collected data from 1,500 adults currently in an intimate partner relationship and asked about their experiences with intimate partner cyber abuse, perpetration and victimization within the past six months.

“We did a pilot test, and 100% of people experienced intimate partner cyber abuse as we defined it in the past six months,” Fissel says. “We thought, ‘This is a much bigger problem than we thought or we’re measuring it wrong.’ We talked to people about it, and some of the behaviors that we were defining as abusive aren’t abusive in all contexts.”

For example, tracking a partner via GPS would be considered abusive if it was being done without consent. However, Fissel says, many participants later indicated they tracked each other’s locations for safety reasons.

“That’s one of the tricky things with intimate partner cyber abuse, because it’s totally relationship specific and dependent on whether the boundaries developed with your partner were agreed upon without coercion,” she says.

In addition to looking at intimate partner cyber abuse on the victimization side, Fissel also is working on it from the perpetration side. That entails trying to understand why people engage in such behaviors, which is vital to being able to prevent them from happening.

Fissel also is working on another study with Jackie Woerner, an assistant professor in UCF’s departments of sociology and psychology, that focuses on the perpetration side. The two surveyed 544 people and followed up with nearly 300 of them a month later to examine their intimate partner cyber abuse behaviors over time. Part of this research involved asking participants about the factors that motivate their behavior. Fissel says many cited personal insecurities such as lack of trust.

“There’s almost a range within intimate partner cyber abuse,” she says. “There are things like checking someone’s text messages without their permission, which I would say is probably on the lower end of the spectrum. Then you also have people who are opening bank accounts in your name and ruining your credit, or people who are sending you threatening text messages. We’re also trying to figure out where the line that society draws is, because that’s going to help with trying to determine laws, too.”

Fissel received her doctorate in criminal justice from the University of Cincinnati. Her primary research interests focus on various types of interpersonal victimization that take place online, including cyberstalking, intimate partner cyber abuse and cyberbullying. She joined UCF’s Department of Criminal Justice, part of the College of Community Innovation and Education, in 2019.

Retrieved from UCF.edu. To see the original article, visit: https://www.ucf.edu/news/ucf-professors-research-helps-inform-policy-laws-surrounding-intimate-partner-cyber-abuse/

UCF Professor’s Research Helps Inform Policy, Laws Surrounding Intimate Partner Cyber Abuse2022-05-09T14:33:22-04:00

Password Tips to Help Keep Your Information Secure

Passwords are an essential part of protecting your personal information from cybercriminals. We all know that passwords can be a source of endless frustration in the digital world, and you’ve probably asked yourself, “do I really need to set a different password for each of my accounts?” Well, the short answer is yes.

Imagine that you are the ruler of a village, and your enemies are making their way to attack. Would you employ a single guard to protect every building and person across the land? No! You would send out an army of guards, each with a specific post to protect to increase your chances of a successful defense.

Your passwords work in the same way. Each of your online accounts needs its own unique password to ensure that your personal information is protected from potential attacks. If you reuse the same password for every account, all your personal information is at risk in an instant if that password is exposed by a cybercriminal seeking to infiltrate your accounts. Using an individual unique password for each account helps ensure that even if one password is exposed, your other accounts will remain protected.

In honor of World Password Day today, consider the following suggestions to help ensure that your passwords are successfully protecting your personal and confidential data from prying eyes.

Tips for Good Password Hygiene

Passwords vs Passphrases

Passphrases are a form of a password that is composed of a sentence or a combination of words. Often, passphrases can be more secure than normal passwords because they are longer yet easier to remember, reducing the likelihood that you will reuse the same password across multiple accounts for convenience.  

In contrast to passwords, passphrases are often created by using random words or phrases that are significant to the user but would hold no meaning to any other person. An easy way to create a passphrase that is simple to remember, yet secure enough to protect your account, is to select three to four words that are relevant and significant to you.  

It’s recommended not to use common greetings that can be easily guessed by others, such as “LiveLaughLove,” and instead use a phrase or words that would mean nothing to someone other than yourself. For example, on my desk I currently have a flag, mug, coffee, and a book, so an appropriate passphrase for me could be “FlagMugCoffeeBook”.  

While it may seem counterintuitive to use a series of random words for a credential, phrases like these are more memorable and far more secure than a password, which typically seeks security through a mix of numbers, special characters, and upper and lowercase letters. 

According to an article from Impact Networking, “the benefit of passphrases is that they make it easier for a user to generate entropy and a lack of order—and thus more security—while still creating a memorable credential. Generating entropy through randomized characters can be difficult, but this also makes it more difficult to launch a cyberattack against you.” 

Password Managers

So, now that you have created strong and unique passphrases for each of your individual accounts, how are you supposed to remember them? 

This is perhaps one of the main reasons why so many people commonly reuse passwords across multiple accounts. The truth is, unless you’re a robot or have a supernatural photographic memory, it’s probably going to be impossible to remember all your passwords without keeping track of them somewhere, and that’s okay! 

Luckily for us non-robots, there are plenty of password managers out there that can help you keep track of your credentials for all your accounts in a safe and secure way. 

Malwarebytes Labs defines a password manager as “a software application designed to store and manage online credentials. It also generates passwords. Usually, these passwords are stored in an encrypted database and locked behind a master password.” 

This means that once you enter your account usernames and credentials into the secure vault, the only password you need to remember is that master password, and the password manager will do the rest for you! 

For a list of the top-rated free password managers available in 2022, visit: https://www.pcworld.com/article/394076/best-free-password-managers.html. 

Password Tips

  • Refrain from reusing passwords on multiple sites and applications.
  • Add multi-factor authentication whenever possible for an added layer of security.
  • Update your passwords regularly.
  • Don’t text or email your passwords to anyone.
  • Do not create passwords based on your personal information or details, such as birthdays, names of family members, Social Security or phone numbers, etc.
  • See if any of your passwords have been exposed by entering your email address at https://haveibeenpwned.com/
Password Tips to Help Keep Your Information Secure2022-10-27T09:57:58-04:00

Expert: North Korea’s $625M Crypto Hack Presents a New Threat

US authorities this week tied North Korean hackers to the historic $625 million Axie Infinity crypto swindle, with the massive hack signifying the emergence of a new type of national security threat, according to a blockchain expert.

On Thursday, the US Treasury Department added an Ethereum wallet address to its sanction list after the wallet facilitated transfers for more than $86 million of the stolen funds. The hacking outfits Lazarus and APT38, both linked to North Korea, were behind the theft, the FBI said in a statement, and the funds are generating revenue for Kim Jong Un’s regime. Ari Redbord, head of legal and government affairs at blockchain research firm TRM, says the attack shows that even a nation as isolated as North Korea can participate in new-age cyber-warfare.

Expert: North Korea’s $625M Crypto Hack Presents a New Threat2022-05-03T16:02:21-04:00

H-ISAC Report Identifies Top Cyber Threats Concerning Healthcare Execs

H-ISAC and Booz Allen Hamilton released a report and survey outlining the top cyber threats concerning healthcare executives in today’s sophisticated cyber threat landscape.

H-ISAC surveyed cybersecurity, IT, and non-IT executives and found no significant differences between the disciplines when the experts were asked to rank the top five greatest cybersecurity concerns facing their organizations in 2021 and 2022.

Ransomware deployment was the top-rated concern, followed by phishing and spear-phishing, third-party breaches, data breaches, and insider threats.

The report noted that over the past decade, the healthcare industry has improved interconnectivity and data accessibility. However, those technological advancements came at the cost of security in many cases.

“The healthcare industry is especially at risk due to the value of sensitive personally identifiable information (PII) housed within systems, an increase on the Internet of Medical Things (IoMT), insufficient cybersecurity protection, the need for data transparency, and ineffective employee awareness training,” the report noted.

“Often, healthcare providers rely on legacy systems; outdated computer systems that are still in use and provide less protection and increased susceptibility for an attack.”

In addition, the COVID-19 pandemic heightened risk due to an increase in remote work and the value of vaccine research and data.

Meanwhile, nation-state threat actors are increasing their attacks in severity and scope. The report pointed to Chinese and Russian nation-state threat actors as top threats in 2021 and going into 2022.

“With many nations making efforts to move beyond the pandemic, we assess that nation-state activity against healthcare will increase, especially with changes in strategic priorities around the globe,” the report continued.

“Tensions between Russia and Ukraine, as well as Chinese activity regarding Taiwan, are examples of nation-states returning to standard geopolitical strategies, which will reflect in cyberspace.”

Researchers predicted that Ransomware-as-a-Service (RaaS) will continue to be used and will become the most popular operating model for cybercriminals. In addition, threat actors will continue to look for vulnerabilities in medical devices due to the fact that most are on legacy systems.

“Due to the huge growth in cybercrime and large ransomware payouts, sophisticated and organized criminal groups will be able to invest heavily into R&D and develop new ways to conduct automated and effective scams,” the report predicted.

“The criminals will leverage machine learning, artificial intelligence and deep fakes to perpetrate efficient and effective criminal campaigns.”

Additionally, H-ISAC and Booz Allen Hamilton predicted that supply chain attacks would continue to increase considering the successful breaches of Kaseya and SolarWinds.

To mitigate threats, H-ISAC recommended that healthcare organizations implement network segmentation, endpoint security, and access controls. Healthcare executives should also adopt a layered defense approach within their organizations and utilize data backups as well as prevention and detection technologies.

As seen in HealthITSecurity: https://healthitsecurity.com/news/h-isac-report-identifies-top-cyber-threats-concerning-healthcare-execs
H-ISAC Report Identifies Top Cyber Threats Concerning Healthcare Execs2022-04-08T10:40:45-04:00

UCF Research: Stress Prompts Poor Cyber Habits

When we think of insider threats, the common image is that of a disgruntled employee who takes out their anger on their employer or their manager. Research from the University of Central Florida reminds us that this is seldom the case.

While investment in cybersecurity has risen considerably in the face of a huge increase in attacks during the pandemic, often this investment has focused on technologies to try and keep data and systems safe. While such investments are worthwhile, the most vulnerable part of any system is almost certainly going to be us humans. The authors highlight that when organizations do have cybersecurity training, there is often an implicit assumption that insider threat attacks are done with malicious intent.

Determining intent

The reality, however, is that our failure to comply with the cybersecurity processes of our employer is more likely to be driven by stress. The researchers quizzed around 330 employees who were working remotely during the Covid pandemic. The workers were asked about their adherence to the cybersecurity policies of their employer alongside things such as their stress levels.

They followed this up with in-depth interviews with a group of 36 employees to try and get a better idea of just how the shift to remote working as a result of the pandemic may have affected cybersecurity. The results show that adherence to security policies was pretty intermittent. Indeed, on a typical workday, 67% of participants said that they had bypassed official cybersecurity policies at least once, with there being a 5% chance that they would do so on any given task.

It should perhaps be self-evident that breaches on this kind of scale are unlikely to be driven by widespread discontent with one’s boss or employer, and this was indeed what the researchers found. Indeed, the top response when asked why people circumvented security protocols was that doing so better helped people to get things done, either for themselves or for a colleague. This reason accounted for around 85% of all intentional breaches of the security rules. Contrary to popular perception, an intentional desire to cause harm only accounted for 3% of the security breaches. To put that into perspective, that makes non-malicious breaches around 28 times more likely than deliberately malicious breaches.

Under stress

Importantly, the relatively benign breaches were far more likely on days when employees were suffering from stress. This strongly suggests that being placed under stress reduces our willingness to abide by rules if those rules are perceived as stopping us from doing what we need to do.

The causes of stress are oft-cited and include family demands, job insecurity, conflicts with our colleagues, and even the demands of the cybersecurity rules themselves. However, there was a clear link between the pressure people faced to do their job and the belief that cybersecurity procedures inhibit their ability to do that job as effectively as they felt they needed to. Adhering to protocols often resulted in feeling like jobs take more time or effort to complete, with employees also complaining that the protocols made them feel like they were being monitored and couldn’t be trusted.

The researchers accept, of course, that their findings were a result of self-reporting from participants, so they would only be able to report on cybersecurity breaches that they were themselves aware of. This will mean that breaches as a result of a lack of knowledge or poor practice will have almost certainly been overlooked because people only know what they know. The findings do nonetheless remind us that insider threats are seldom the result of malicious and deliberate intent but rather due to a lack of training or intense pressure to get things done as quickly as possible.

Reducing the risk

So what can managers do to improve adherence to the guidelines and, therefore, the security of their systems? A good first step is to appreciate that the overwhelming majority of security violations are intentional and benign. People simply want to get their work done as efficiently as possible, so cybersecurity training should work on that basis and inform employees how they can do this while still remaining secure.

It’s also important that people feel confident enough to speak up whenever they breach security policies, as the quicker they can do this, the quicker the challenge can be addressed, and any security risks plugged.

“How do people react when the employee makes a mistake,” Kaspersky’s Chris Hurst says. “It’s crucial that if employees make a mistake that they’re confident enough to open up about it and escalate it to people who can do something about any possible risks involved.”

It would also be prudent to ensure that staff are included in the development of security protocols. This would help to ensure that protocols aren’t developed that would inhibit people’s work and result in them striving to find workarounds that reduce the effectiveness of the protocols themselves. By better understanding how protocols affect people’s workflows, security teams will have a better chance of adherence. This is especially important as people have moved to remote working and therefore taken on different ways of working.

Of course, tackling the stress and pressure that workers are under would be no bad thing either, but perhaps the key takeaway from the research is that the way we design our jobs and the way we design our cybersecurity are intrinsically linked. With cyberattacks on the rise and affecting most organizations, it’s no longer good enough to assume that insider threats are the result of a few bad apples but rather the poor way in which jobs and security protocols are designed. Once we grasp that, we can perhaps start to make positive headway.

As seen in The Cyber Post: https://thecyberpost.com/news/security/stress-prompts-employees-to-break-cybersecurity-policies/

UCF Research: Stress Prompts Poor Cyber Habits2022-04-05T11:47:10-04:00

Top 5 Tax Scams Targeted to Taxpayers

As people across the nation prepare to file their 2021 tax returns, cybercriminals are taking advantage by delivering new scams designed to steal personal information and money from unsuspecting victims. Internal Revenue Service (IRS) scams happens when someone who pretends to work for the IRS contacts you by phone, email, postal mail, or a text message. Thousands of people have lost millions of dollars as well as their personal; information to tax scams, and it’s safe to assume that attackers will continue targeting individuals and businesses this year. Consider the following common scams and best practices to help protect yourself from falling victim to a tax-related scam this year.

Top 5 Tax Scams to Be Aware Of

1. SSN Scams


Taxpayers should be careful of new variations of tax-related scams. In the latest twist on a scam related to Social Security numbers, scammers claim to be able to suspend or cancel the victim’s SSN. Scammers may mention overdue taxes in addition to threatening to cancel the person’s SSN. If taxpayers receive a call threatening to suspend their SSN for an unpaid tax bill, they should just hang up.

Taxpayers should not give out sensitive information over the phone unless they are positive that the caller is legitimate. When in doubt –hang up. Here are some telltale signs of this scam. The IRS and its authorized private collection agencies will never:

  • Call to demand immediate payment using a specific payment method such as a prepaid debit card, iTunes gift card or wire transfer. The IRS does not use these methods for tax payments.
  • Ask a taxpayer to make a payment to a person or organization other than the U.S. Treasury.
  • Threaten to immediately bring in local police or other law-enforcement groups to have the taxpayer arrested for not paying.
  • Demand taxes be paid without giving the taxpayer the opportunity to question or appeal the amount owed.

Taxpayers who don’t owe taxes and have no reason to think they do should:

Taxpayers who owe tax or think they do should:

  • View tax account information online at IRS.gov to see the actual amount owed and review their payment options.
  • Call the number on the billing notice
  • Call the IRS at 800-829-1040.

2. Phone Scams

With the new tax season starting, the IRS reminds taxpayers to be aware that criminals continue to make aggressive calls posing as IRS agents in hopes of stealing taxpayer money or personal information.

Here are some telltale signs of a tax scam along with actions taxpayers can take if they receive a scam call.

The IRS will never:

  • Call to demand immediate payment using a specific payment method such as a prepaid debit card, gift card or wire transfer. Generally, the IRS will first mail a bill to any taxpayer who owes taxes.
  • Threaten to immediately bring in local police or other law enforcement groups to have the taxpayer arrested for not paying.
  • Demand that taxes be paid without giving taxpayers the opportunity to question or appeal the amount owed.
  • Call unexpectedly about a tax refund.

Taxpayers who receive these phone calls should:

  • Record the number and then hang up the phone immediately.
  • Report the call to the Treasury Inspector General for Tax Administration (TIGTA) using their IRS Impersonation Scam Reporting form or by calling 800-366-4484.
  • Report the number to phishing@irs.gov and be sure to put “IRS Phone Scam” in the subject line.

3. University students and staff of impersonation email scams


The IRS warned of an ongoing IRS-impersonation scam that appears to primarily target educational institutions, including students and staff who have “.edu” email addresses. The IRS has received complaints about the impersonation scam in recent weeks from people with email addresses ending in “.edu.” The phishing emails appear to target university and college students from both public and private, profit and non-profit institutions.

The suspect emails display the IRS logo and use various subject lines such as “Tax Refund Payment” or “Recalculation of your tax refund payment.” It asks people to click a link and submit a form to claim their refund.

The phishing website requests taxpayers provide their:

  • Social Security number
  • Name
  • Date of Birth
  • Prior Year Annual Gross Income (AGI)
  • Driver’s License Number
  • Electronic Filing PIN
  • And other personally identifiable information

People who receive this scam email should not click on the link in the email, but they can report it to the IRS. For security reasons, save the email using “save as” and then send that attachment to phishing@irs.gov or forward the email as an attachment to phishing@irs.gov.

Taxpayers who believe they may have provided identity thieves with this information should consider immediately obtaining an Identity Protection PIN. An IP PIN is a six-digit number that helps prevent identity thieves from filing fraudulent tax returns in the victim’s name.

Taxpayers who attempt to e-file their tax return and find it rejected because a return with their SSN already has been filed should file a Form 14039, Identity Theft Affidavit PDF, to report themselves as a possible identity theft victim. See Identity Theft Central to learn about the signs of identity theft and actions to take.

4. Tax return preparer


As people begin to file their 2021 tax returns, taxpayers are reminded to avoid unethical ghost tax return preparers.

A ghost preparer is someone who doesn’t sign tax returns they prepare. Unscrupulous ghost preparers often print the return and have the taxpayer to sign and mail it to the IRS. For e-filed returns, the ghost will prepare but refuse to digitally sign as the paid preparer.

Ghost tax return preparers may also:

  • Require payment in cash only and not provide a receipt.
  • Invent income to qualify their clients for tax credits.
  • Claim fake deductions to boost the size of the refund.
  • Direct refunds into their bank account, not the taxpayer’s account.

By law, anyone who is paid to prepare or assists in preparing federal tax returns must have a valid Preparer Tax Identification Number (PTIN). Paid preparers must sign and include their PTIN on the return. Not signing a return is a red flag that the paid preparer may be looking to make a quick profit by promising a big refund or charging fees based on the size of the refund.

It’s important for taxpayers to choose their tax return preparer wisely. The Choosing a Tax Professional page on IRS.gov has information about tax preparer credentials and qualifications. The IRS Directory of Federal Tax Return Preparers with Credentials and Select Qualifications can help identify many preparers by type of credential or qualification.

No matter who prepares their return, taxpayers should review it carefully and ask questions about anything that’s not clear before signing. They should verify their routing and bank account number on the completed tax return for any direct deposit refund. Taxpayers should watch out for ghost preparers putting their bank account information on the returns.

Taxpayers can report preparer misconduct to using IRS Form 14157, Complaint: Tax Return Preparer PDF. If a taxpayer suspects a preparer filed or changed their tax return without their consent, they should file Form 14157-A, Tax Return Preparer Fraud or Misconduct Affidavit PDF.

5. “Tax Transcript” email scam


The Internal Revenue Service and Security Summit partners recently warned the public of a surge of fraudulent emails impersonating the IRS and using tax transcripts as bait to entice users to open documents containing malicious software, also known as malware.

The scam is especially problematic for businesses whose employees might open the malware because it can spread throughout the network and take months to remove.

This well-known malware, known as Emotet, generally poses as specific banks and financial institutions to trick people into opening infected documents. However, in the past few weeks, the scam masqueraded as the IRS, pretending to be from “IRS Online.” The scam email carries an attachment labeled “Tax Account Transcript” or something similar, and the subject line uses some variation of the phrase “tax transcript.”

The IRS reminds taxpayers it does not send unsolicited emails to the public, nor would it email a sensitive document such as a tax transcript, which is a summary of a tax return. The IRS urges taxpayers not to open the email or the attachment. If using a personal computer, delete or forward the scam email to phishing@irs.gov. If you see these while using an employer’s computer, notify the company’s technology professionals.

The United States Computer Emergency Readiness Team (US-CERT) issued a warning in July about earlier versions of the Emotet in Alert (TA18-201A) Emotet Malware.

US-CERT has labeled the Emotet Malware “among the most costly and destructive malware affecting state, local, tribal, and territorial (SLTT) governments, and the private and public sectors.”

Source: Tax Scams / Consumer Alerts | Internal Revenue Service

Top 5 Tax Scams Targeted to Taxpayers2022-02-28T18:01:28-05:00

Staying Secure on Mobile Devices

Cell phones have come a long way in the past two decades. From the first PDA to flip-phones, technological progress seemed to be slow and steady until the market was disrupted in 2007. Once smart phones were on the scene, everything about mobile devices rapidly changed. Nowadays, mobile devices are at an all-time high for popularity and functionality. Unfortunately, this meteoric rise in capabilities and access has led to a corresponding increase in cybersecurity risks and threats. With a tool as broadly used as cell phones, almost the entire population is at risk.

Cybercriminals have been targeting mobile devices at an unprecedented rate. Threat actors have exploited the fact that the extensive capabilities associated with mobile devices equate to personal computers. Threats that were once relegated to enterprise workstations now plague the mobile ecosystem, causing great financial loss each year. With cybersecurity, knowledge is power. We hope that this blog can expose readers to the threats and preventative measures in mobile device usage.

In order to better understand ways to protect oneself from these risks, we need to take a look at some of the threats that face the everyday mobile device user.

Malware for Mobile Devices

Most mobile devices contain application stores with a “closed ecosystem.” This method of obtaining new software allows certification teams to verify the integrity of applications before allowing users to download. In theory, this process would prevent all but the most subtle malware from infecting non-jailbroken devices. The reality is that this process is overwhelmed by the sheer quantity of applications, updates, and re-releases on the respective application stores. This ecosystem is closed only in the sense that profits must be shared with the providing host. Malware can and will make its way onto application stores.

Unsecured Wi-Fi and Mobile Access

Wi-Fi is rarely as safe as most people believe, especially in regard to mobile devices. By constantly being “on the move”, mobile devices are faced with a unique challenge of interacting with a huge array of mobile hotspots and wireless access points. Disregarding the more advanced risks associated with poorly configured wireless access, a major threat to all mobile users is the risk of a “Man in the Middle Attack.” This attack is essentially somebody spoofing the access point that you intended to connect to and reading (and potentially editing) all unencrypted traffic that is being sent or received on your device.

Phishing Attacks

Phishing attacks have reached a critical mass for severity. At a certain point, an attack method becomes so successful and easy to execute that other, more advanced attacks begin to fall out of favor. Phishing is extra relevant to mobile devices due to the “on the go” nature of mobile device usage. Our assumption is that the average person is less careful when clicking links on mobile since they believe that their phones are immune to viruses. While a large portion of malware in emails might not affect the mobile devices, there are still countless other risks associated with phishing that apply to mobile devices.

Spyware and Mobile Botnets

Spyware is a form of malware that monitors activity on a device and reports back to a centralized location. Spyware is extremely common on less-than-reputable mobile applications due to the fact that it can go unnoticed while delivering constant data to cybercriminals. This data can then be used to do things such as form malicious advertisement campaigns, take over accounts, or perform corporate espionage. This similar type of attack can actually infect your device with software that allows attackers to perform their attacks using your mobile device resources, generally called a mobile botnet.

Stolen Devices

The most obvious “attack” of all – simply stealing a mobile device – presents a massive cybersecurity threat. Many users find PINs and Passwords inconvenient and cumbersome, allowing attackers to gain easy access to a device that they have stolen. All sorts of data and nefarious actions can be taken with stolen mobile devices.

Now that we have looked at some of the most common attacks, what can we do to protect against these threats?

Watch What You Download

When downloading applications from sanctioned sources, be sure to check reviews and version update notes. Excessive permissions are also a cause for concern – if your timer application requires access to core system files, there may be a problem. Try to download apps that are “popular,” with a high number of downloads and positive reviews. This will not help against all spyware and malware, but it should reduce the risk. Never use jailbroken devices or unofficial application sources unless you are extremely familiar with the risks and willing to do extra research and invest into security software. Mobile Anti-Virus is gaining popularity – these tools can help provide an additional layer of defense but should never be a replacement for common sense.

Use Familiar Networks

Traveling with a mobile device is a given. Be sure to triple-check all connections that you are trusting with your device – wireless access point spoofing attacks often impersonate popular connection locations such as airports or hotels. If you notice something strange about the signal quality, naming convention, or even number of available networks then it is best to ask a staff member what the proper network is for connectivity. When utilizing public Wi-Fi, never type any credentials into websites or applications that are not encrypted.

Use Passwords, PINS, and Multi-Factor Authentication

We understand the fact that passwords, PINs, and MFA can be a nuisance. But the amount of time spent recovering from a successful attack or stolen device can greatly outweigh the entire sum of extra time spent entering a PIN on your device. Keeping devices locked can greatly reduce the risks associated with a stolen device. Equally important is keeping your accounts secured with Multi-Factor Authentication. Your phone will generally be your “second factor,” so keep it safe.

Keep Your Phone Up to Date

Patches, patches, patches. Keeping a device patch can generally feel like an endless battle with slow downloads and inconvenient restarts. However, the reason patches are deployed is generally to fix bugs that can lead to massive security risks. Keeping a device updated reduces the chances of falling victim to an attack by a staggering amount. Check your app stores and system settings for updates on a regular basis to stay ahead of the attackers.

Learn How to Detect Phishing

Awareness is the best prevention. Phishing will likely be the most drastic threat faced by most mobile device users. When a company or personal email receives a phishing attack, there are a few signs that you can look for in order to reduce your chances of falling victim. Check that you are familiar with the contact and sender – if the address doesn’t look right, it probably isn’t right. Look for typos or grammar mistakes within the emails as these are very common in phishing. Most importantly – never click a link or reply to an email without taking the time to verify the details surrounding the email. Security awareness training is available through a huge variety of sources – look into phishing awareness to help prevent yourself from falling victim to this extremely common attack.

Mobile devices are powerful tools that have enabled drastically improved productivity within organizations. With proper usage and dedicated cybersecurity awareness, these devices can be a safe and efficient tool. Practice proper cybersecurity hygiene and avoid taking shortcuts when utilizing your phone.


We are pleased to share this guest post from Scarlett Cybersecurity, a Florida-based leading cybersecurity provider whose mission is to simplify cybersecurity for organizations of all sizes. To learn more about Scarlett Cybersecurity, visit www.scarlettcybersecurity.com.

Staying Secure on Mobile Devices2022-10-27T11:06:04-04:00

Preparing for a Ransomware Attack – 10 Tips

Criminals have always targeted financial chokepoints. In the past, this was in the form of storage facilities and transports of valuable items. Nowadays, reliance on technology and data for business operations has created a “single point of failure” for most organizations. Information System outages can completely inhibit even the most basic operations.

Ransomware is a targeted form of malware that aims to “lock” data and systems within an environment in order to extort a payment. This attack method has grown into a criminal industry of its own, complete with support staff, payment portals, and malware engineers. By targeting organizations of all sizes and industries, ransomware has become a persistent and existential operational threat. Unfortunately, there is no known method to 100% prevent ransomware from affecting an organization. The best thing an organization can do to reduce the impact of ransomware is the implementation of a comprehensive cybersecurity plan, ranging from prevention to response.

1. Preventative Cybersecurity Controls

Perhaps the most well-known cybersecurity practice on this list is also one of the most important. By preventing ransomware from running on systems, there is very little need for recovery. No single control will be completely effective against all strains of ransomware, and standard Anti-Virus is fighting an uphill battle to remain relevant as cybercriminal tactics expand.

Example Tools and Services:

  • Anti-Virus Software
  • Endpoint Detection and Response Solutions
  • Application Whitelisting Solutions

2. Detecting Ransomware

Detection of ransomware can be critical in the early stages of spreading. Often, ransomware is delivered via phishing emails or other malicious files that contain “first level” drops which callout to a home-server for the final malware package. Detection during these early phases can prevent a complete network encryption. Solutions that rely on detecting ransomware early usually require urgent manual remediation before the threat actors expand their hold.

Example Tools and Services:

  • Security information and event management (SIEM)
  • Security Operations Center (SOC)
  • Endpoint Detection and Response Solutions
  • Dark Web Scanning and Assessments (Detect Leaked Data and Passwords)

3. Incident Response Planning

Incident response planning is usually underemphasized in a system security plan. Protecting the network can only get an organization so far. An attacker only has to get lucky once. Whenever the worst does occur, best practice dictates that a plan should be in place. Every organization is not expected to have the skills, team, and resources to deal with a cybersecurity incident. However, having a pre-defined contact (outsourced) and budget to deal with these events should be at the top of any disaster planning agenda.

Example Tools and Services:

  • Internal Incident Response Team
  • Outsourced Incident Response “on retainer”
  • Established Incident Response Guidance

4. Disaster Recovery and Disaster Recovery Services

Disaster recovery services are different than simple backups. Disaster recovery planning and services are the “next level” of backup, emphasizing rapid business operation recovery in the event of a disaster such as ransomware. These services often utilize specialized tools that enable remote hosting and rapid temporary infrastructure deployment in order to immediately resume business operations while the incident response takes place.

Example Tools and Services:

  • Internal Disaster Recovery Planning with backup infrastructure
  • Disaster Recovery as a Service (Outsourced)

5. Centralized Management of Assets

Centrally managing assets is a key aspect to complete cybersecurity and IT posture. By monitoring asset health (drive status, CPU usage, account activity, etc.), IT staff can detect anomalies indicative of a threat. Remote management capabilities enable incident responders to rapidly audit devices and control endpoints where needed. Without central management of devices, ransomware is much more difficult to deal with on an emergency timeline.

Example Tools and Services:

  • Remote Monitoring and Management Tool
  • Outsourced IT and Cybersecurity Management
  • Specialized Endpoint Security Solutions with Central Management

6. Defense-in-Depth Security Planning

Comprehensive security planning relies on a principle known as Defense-in-depth. By segmenting networks and implementing robust and redundant controls around each sensitive asset in a variety of categories, organizations can ensure that systems are protected by a diverse suite of controls. Ransomware would then need to breach several layers of defenses in order to successfully propagate.

Example Tools and Services:

  • Internal Risk Map and System Security Plan
  • Outsourced Cybersecurity Services
  • Detailed Network Map with Projected Threat Vectors

7. Threat Intelligence Feeds

Knowing the current threats facing an industry can be a significant advantage when evaluating risk. Certain ransomware groups target specific industries such as finance, construction, government, education, healthcare, etc. By staying informed on the tactics, techniques, and procedures (TTP) utilized within groups targeting an industry, relevant controls can be utilized and configured to prevent these attacks.

Example Tools and Services:

  • Custom Threat Intelligence Feed
  • Outsourced Threat Intelligence
  • Internal or Outsourced Managed Cybersecurity

8. Cybersecurity and IT Audits

Audits are key to detecting gaps within a cybersecurity posture. Whether these audits are performed by an external or internal party, their importance cannot be overemphasized. A comprehensive picture of an organization’s network can reveal glaring holes in policy or controls, enabling an effective plan of action to be created.

Example Tools and Services:

  • Annual Third-Party Cybersecurity Audit
  • Vulnerability Scans and Penetration Tests

9. Monitored and Aggressive Patching

Aggressive patching of critical security flaws in applications and operating systems is one of the most effective steps that can be taken to reduce the risk of a ransomware attack. Very often, ransomware exploits a recently discovered vulnerability in a system to spread rapidly within a network. By monitoring the patch status of devices and pushing patches on an aggressive timeline, the worming behavior of ransomware can be stopped cold.

Example Tools and Services:

  • Remote Monitoring and Management Solutions
  • Managed Cybersecurity and Patching Services
  • Automated Windows Patching and Compliance

10. Cyber Insurance

If an organization were to follow all of the recommendations above and still get affected by an irreversible ransomware attack, cyber insurance would be they key to avoiding financial ruin. These insurance agencies provide coverage based on assessed risk and will help recover from the financial effects of a successful attack.

Due Diligence

Through all these recommendations, one overall question should rise to the front of any organization’s leadership: Are we doing everything we can to prepare for ransomware? Attacks are happening on an unprecedented scale, specifically affecting critical government infrastructure and small businesses. It is no longer optional – take the necessary steps now to prepare for a ransomware attack before it is too late.


We are pleased to share this guest post from Scarlett Cybersecurity, a Florida-based leading cybersecurity provider whose mission is to simplify cybersecurity for organizations of all sizes. To learn more about Scarlett Cybersecurity, visit www.scarlettcybersecurity.com.

Preparing for a Ransomware Attack – 10 Tips2024-07-26T16:01:45-04:00

CONTACT US

Cyber Florida at USF
4202 E. Fowler Avenue, ISA7020
Tampa, FL 33620

Office meetings by appointment only

PRIVACY POLICY

Copyright 2024 The Florida Center for Cybersecurity at the University of South Florida. Information on this website is made available for general educational purposes only and should not be used in lieu of obtaining competent legal advice from a licensed attorney or cybersecurity professional with sufficient expertise necessary to address your specific needs. Use of this website does not create any special or fiduciary relationship between you and the Florida Center for Cybersecurity or the University of South Florida.