Cyber Oregon https://cyberoregon.com Keeping Oregon Safe Online Fri, 14 Jun 2019 18:47:46 +0000 en-US hourly 1 https://wordpress.org/?v=5.2.2 Training Tomorrow’s Cybersecurity Experts is Top Priority https://cyberoregon.com/2019/06/17/training-tomorrows-cybersecurity-experts-is-top-priority/ Mon, 17 Jun 2019 15:00:47 +0000 https://cyberoregon.com/?p=5566 Developing a strong workforce of skilled cybersecurity professionals is a top priority for the Oregon Cybersecurity Advisory Council (OCAC) to help protect the digital lives of all Oregonians. NW Cyber Camp, a hands-on immersive cybersecurity summer camp co-founded four years ago by OCAC Vice Chair Charlie Kawasaki, is a great program focused on training tomorrow’s…

The post Training Tomorrow’s Cybersecurity Experts is Top Priority appeared first on Cyber Oregon.

]]>
Developing a strong workforce of skilled cybersecurity professionals is a top priority for the Oregon Cybersecurity Advisory Council (OCAC) to help protect the digital lives of all Oregonians.

NW Cyber Camp, a hands-on immersive cybersecurity summer camp co-founded four years ago by OCAC Vice Chair Charlie Kawasaki, is a great program focused on training tomorrow’s cybersecurity experts. During the camp, high school students throughout Oregon will be introduced to cybersecurity and encourage to pursue one of today’s fastest growing careers given the significant increase in cyber attacks and data breaches across the country.  

Currently, Oregon has 2,911 cybersecurity job openings, according to CyberSeek.  “Given the extreme need for more cybersecurity professionals in the workforce, it’s imperative that we start training the next generation of cybersecurity experts by providing the kind of hands-on, immersive learning experiences that will get students excited about technology,” said Steve Parker, president of EnergySec, the new organizer of the camp.

NW Cyber Camp 2019, to be held July 15 through July 19, will provide valuable cybersecurity training to students and teach them how to defend computer systems and networks from cyber attacks, breaches, and malware. A new Advanced Cybersecurity Camp will be held July 22 through July 26 for students who want to continue their cybersecurity training after attending NW Cyber Camp. For more information about the camps and to apply, please visit: https://www.nwcyber.camp/

NW Cyber Camp 2019 Details

  • Co-Ed, Center for Advanced Learning, 1484 NW Civic Drive., Gresham, OR 97030
  • Co-Ed, Mentor Graphics, 8005 Boeckman Road, Wilsonville, OR 97070
  • Co-Ed, Oregon State University, Corvallis, OR 97330
  • Girls Camp, Oregon State University – Portland location, 621 SW 5th Ave, Portland, OR 97204
  • Advanced Camp, Co-Ed, Center for Advanced Learning, 1484 NW Civic Drive., Gresham, OR 97030

NW Cyber Camp and its supporters, including title sponsor PacStar, are making an impact on our youth. NW Cyber Camp, will feature leading industry professionals and cybersecurity educators who will share cybersecurity techniques to help students gain confidence, learn valuable skills, and prepare them for a future career in technology. Industry experts from Aruba, Facebook, Galois, Iovation, McAfee,  PacStar, PKI Solutions, Splunk, and other companies will be speaking at the camp. The girls-only camp session will feature women instructors and guest speakers. Register now at https://www.nwcyber.camp/register/

$21,250 in Scholarships Offered to Students for Public Key Infrastructure Training

PKI Solutions Inc., a sponsor of NW Cyber Camp again this year, will award five scholarships for an online in-depth Public Key Infrastructure (PKI) training course (each course valued at $4,250), to students selected from this year’s NW Cyber Camp. The scholarships will pay for motivated students to attend an intensive Microsoft PKI online training course, provided by Mark B. Cooper, known as “The PKI Guy,” a leading expert in this field. The course has a strong emphasis on security, best practices, and hands-on skills labs. “These awards will allow motivated students to learn more about PKI and the best ways to make computer systems more secure,” said Mark B. Cooper, president and founder of PKI Solutions. “It’s an exciting time for these student as they are on the cusp of determining their possible future careers. Cybersecurity is one of the hottest and most in-demand career paths right now.”

NW Cyber Camp 2019 is made possible by several leading companies including Title Sponsor PacStar. Platinum Plus Sponsors include Aruba, Facebook, HPE, and McAfee. Platinum Sponsors include FireEye, Galois, IBM, Iovation, ISACA, Mentor Graphics, PKI Solutions, and Umpqua Bank. Gold Sponsors are Fidelis Cybersecurity, and Splunk. In-kind sponsors include EnergySec, HP, Oregon State University, and the Technology Association of Oregon.

The post Training Tomorrow’s Cybersecurity Experts is Top Priority appeared first on Cyber Oregon.

]]>
Cyber News Roundup: Foreign VPNs and Botnets…the Latest Threats https://cyberoregon.com/2019/06/07/cyber-news-roundup-foreign-vpns-and-botnetsthe-latest-threats-2/ Fri, 07 Jun 2019 23:28:10 +0000 https://cyberoregon.com/?p=5535 Editor’s Note: This is your weekly cyber news roundup with the latest cybersecurity news and tips from the Cyber Oregon team to help you and your organization stay safe online and protect your digital assets. We examine cybersecurity news and developments from across the Northwest and the Nation that are important to all Oregonians including…

The post Cyber News Roundup: Foreign VPNs and Botnets…the Latest Threats appeared first on Cyber Oregon.

]]>
Editor’s Note: This is your weekly cyber news roundup with the latest cybersecurity news and tips from the Cyber Oregon team to help you and your organization stay safe online and protect your digital assets. We examine cybersecurity news and developments from across the Northwest and the Nation that are important to all Oregonians including individuals, businesses, non-profit organizations, government entities, and educational institutions. Sign up to receive weekly updates here.

This week in local cyber news, Cyber Oregon sponsor Palo Alto Networks acquired Portland-based Twistlock for $410 million, according to an article in Portland Business Journal. Malia Spencer writes that Palo Alto Networks will add Twistlock’s technology, which is focused on securing IT infrastructure tools such as containers and serverless functions, to its Prisma cloud security product. 

Be leery of foreign VPNs, urges Senator Wyden

In other news, you may have heard of virtual private networks (VPNs), which allow you to create a secure connection to another network over the internet. Yet, a new cybersecurity concern about VPNs has surfaced from the Department of Homeland Security (DHS), cautioning that foreign VPNs are a threat to data security and national security. The head of the DHS’s cybersecurity division says that VPNs, particularly ones made in authoritarian countries, are a big concern outlined in a letter responding to Senator Ron Wyden, who had expressed concern about VPN security. 

According to the Cyberscoop article, “Open-source reporting indicates nation-state actors have demonstrated intent and capability to leverage VPN services and vulnerable users for malicious purposes,” says Chris Krebs, director of DHS’s Cybersecurity and Infrastructure Security Agency (CISA). “Even with the implementation of technical solutions, if a U.S. government employee downloaded a foreign VPN application originating from an adversary nation, foreign exploitation of that data would be somewhat or highly likely. This exploitation could lead to loss of data integrity and confidentiality of communications transmitted over the application.” 

Says Wyden, “DHS has confirmed my fears: that using Chinese or Russian VPN services is essentially just taking your private data, wrapping it in a bow and then sending it directly to foreign spies in Beijing or Moscow. U.S government employees should not be using these apps, and I hope that DHS will take steps to prohibit their use on government-issued smartphones.”

The Emotet botnet is behind malicious URLs

You know what a VPN is, but what about a botnet? According to Norton, a botnet is a string of connected computers coordinated together to perform a task. Botnets can maintain a chatroom or taking control of your computer. There are illegal and malicious botnets that can gain access to your computer through some piece of malicious coding. The latest botnet attack is the Emotet botnet, which drove 61% of malicious payloads in the first half of this year. In a Proofpoint report, covered in the TechRepublic article, cybercriminals are increasingly trading malicious attachments for malicious URLs as an attack vector. The report found that malicious URLs in emails outnumbered malicious attachments by five to one – because of the Emotet botnet. “It is critical that organizations implement a people-centric security approach that defends and educates its most targeted users and provides protection against socially-engineered attacks across email, social media, and the web,” says Sherrod DeGrippo, senior director of Threat Research and Detection for Proofpoint.

Proofpoint offers these tips to keep your organization secure:

1. Assume users will click

Social engineering is one of the most popular ways for cybercriminals to launch email attacks, the report noted. Train employees and seek out solutions that can identify these types of threats, which seek to exploit the human factor. 

2. Build a robust email fraud defense

Business email compromise (BEC) attacks are on the rise, and are often difficult to detect. Make sure any solutions you use have classification capabilities and blocking policies. 

3. Protect your brand reputation and customers

Make sure you are fighting attacks over all mediums, including social media, email, and mobile—particularly those that attempt to harm your brand. 

4. Train users to spot and report malicious email

Regular user training and simulated attacks can teach employees to identify attacks, and can help organizations identify who might be the most vulnerable, the report noted.

Centralizing cybersecurity, time for a federal cybersecurity agency?

Should we have a federal cybersecurity agency? An article in CSO Online outlines all the reasons why this makes sense. Sam Bocetta writes how the U.S. is vulnerable to cyberattack because the government lacks central leadership on defense mechanisms and strategies. Currently, there are cybersecurity divisions within various agencies, including the Federal Bureau of Investigation, the Department of Defense, the Department of Homeland Security, and various intelligence groups such as the CIA and the NSA. Bocetta says that as governments try to tackle the breadth of cybersecurity, the question becomes how best to manage threats and organize defenses. 

“Cybersecurity has become a center of focus across the globe for both governments, private companies, and individual citizens.” Bocetta believes that spreading out the cybersecurity responsibility is not an efficient strategy, especially because it is hard to keep groups organized and focused on emerging threats. 

Cyber Oregon partner blog of interest

The post Cyber News Roundup: Foreign VPNs and Botnets…the Latest Threats appeared first on Cyber Oregon.

]]>
Wi-Fi Passwords Hacked at Local Coffee Shop; Cybersecurity Expert Offers Tips https://cyberoregon.com/2019/05/23/wi-fi-passwords-hacked-at-local-coffee-shop-cybersecurity-expert-offers-tips/ Thu, 23 May 2019 23:32:34 +0000 https://cyberoregon.com/?p=5538 Seventy percent of hacking incidents occur when users connect to unsecured Wi-Fi networks such as restaurants, airports, and coffee shops, according to Norton’s Wi-Fi Risk Report. While a free Wi-Fi connection in a public space seems fine for users on the go, people can make themselves an easy target for hackers and put their information…

The post Wi-Fi Passwords Hacked at Local Coffee Shop; Cybersecurity Expert Offers Tips appeared first on Cyber Oregon.

]]>
Seventy percent of hacking incidents occur when users connect to unsecured Wi-Fi networks such as restaurants, airports, and coffee shops, according to Norton’s Wi-Fi Risk Report. While a free Wi-Fi connection in a public space seems fine for users on the go, people can make themselves an easy target for hackers and put their information at risk.

Free or public Wi-Fis are hotspots (pun intended) for hackers and data snoopers who want to steal your private data, passwords, or financial information. Such was the case recently in Portland, at Floyd’s Coffee Shop, a staple in Old Town Chinatown, which recently had its Wi-Fi network hacked. Fox 12 Oregon’s KPTV covered this news story and interviewed local cybersecurity expert Mark Cooper, president and founder of PKI Solutions, to offer tips for companies and users. PKI Solutions, a cybersecurity firm based in Portland and supporter of Cyber Oregon, provides public key infrastructure (PKI) consultancy and training.

Source: Fox 12 Oregon’s KPTV

Floyd’s Coffee Shop learned that the hacker changed passwords, including ones for their surveillance cameras, and gained access to users who were logged onto the shop’s Wi-Fi network at the time. Since this incident, Floyd’s has taken additional security measures to protect the business and the privacy of its customers, according to the news report.

“One of the easiest things that a coffee shop in this case could probably do is to actually have two different Wi-Fi networks,” Cooper said. “And one of those scenarios is what we would call a guest Wi-Fi, and that connection would only have access to the Internet, wouldn’t have the ability to get access to cameras or the point of sales system.”

When you rely too much on the Wi-Fi security at coffee shops, you fall into the traps that hackers have laid out for you. According to PureVPN, here are some of the many things that hackers can learn about you:

  • All the historical data from your device
  • The name of all the places you last visited
  • About your personality or traits through the social apps you use 
  • The documents you send or upload to the cloud

Cooper recommends these security tips for customers to protect themselves and their data:

  • Really think about what you’re doing online in a public setting
  • Make sure the website you’re on in a public setting is encrypted. You can tell if it has a lock symbol in the URL.
  • Start using a virtual private network (VPN). This will launch an encrypted network that prevents anyone from seeing your activity even while you’re logged in on public Wi-Fi.
  • Turn off automatic Wi-Fi connection so that your device doesn’t join any network without your permission.
  • Look into two-factor authentication to access your accounts. See Stay Safer Online with Two-Factor Authentication for more information.  

As a result of this incident, Floyd’s is taking action. It is separating its Wi-Fi networks now, and established a time limit for how long customers can use it. The shop is also looking into a service that monitors Internet activity.

To watch the Fox 12 Oregon report: https://www.kptv.com/news/wifi-passwords-hacked-at-local-coffee-shop-security-compromised/article_88e645ae-7c49-11e9-9aae-5386cbe68e0b.html

For more information about cybersecurity resources for small businesses, please visit https://cyberoregon.com/small-business/#resources

The post Wi-Fi Passwords Hacked at Local Coffee Shop; Cybersecurity Expert Offers Tips appeared first on Cyber Oregon.

]]>
Cyber News Roundup: Five Billion Cybersecurity Threats a Month, WhatsApp, Windows Hack, Intel Vulnerabilities https://cyberoregon.com/2019/05/17/five-billion-cybersecurity-threats-a-month-whatsapp-windows-hack-intel-vulnerabilities/ Fri, 17 May 2019 15:00:00 +0000 https://cyberoregon.com/?p=5440 Is it possible for hackers to remotely hack into your mobile phone and steal your personal information just by calling your phone number? Unfortunately, the answer to that alarming question is yes for the 1.5 billion users who use the WhatsApp messaging application. Wired reports that the notorious Israeli spy firm NSO Group developed a…

The post Cyber News Roundup: Five Billion Cybersecurity Threats a Month, WhatsApp, Windows Hack, Intel Vulnerabilities appeared first on Cyber Oregon.

]]>
Editor’s Note: This is your cyber news roundup with the latest cybersecurity news and tips from the Cyber Oregon team to help you and your organization stay safe online and protect your digital assets. We examine cybersecurity news and developments from across the Northwest and the Nation that are important to all Oregonians including individuals, businesses, non-profit organizations, government entities, and educational institutions. Sign up to receive ongoing updates here.

Is it possible for hackers to remotely hack into your mobile phone and steal your personal information just by calling your phone number? Unfortunately, the answer to that alarming question is yes for the 1.5 billion users who use the WhatsApp messaging application. Wired reports that the notorious Israeli spy firm NSO Group developed a WhatsApp exploit that could inject malware onto targeted phones – and steal data from them – simply by calling them. 

According to a BBC article, WhatsApp hack: Is any app or computer truly secure, messages sent using WhatsApp are end-to-encrypted, meaning they are scrambled when they leave the sender’s device. However, messages can be read before they are encrypted or after they are decrypted. Spyware dropped on the phone by an attacker could read the messages.

Wired’s Lily Hay Newman writes that these zero-day bugs, in which attackers find a vulnerability before the company can patch it, happen on every platform. It’s part and parcel of software development. “Still, a hack that requires nothing but an incoming phone call seems uniquely challenging — if not impossible — to defend against,” she writes. This latest hack is another indicator that encryption and other such security measures offer protection and makes it much harder for attackers to read messages, but “cybersecurity is often a game of cat and mouse,” according to the BBC article. It states that any app could contain a security vulnerability that leaves a phone open to attackers.

This begs the question: is any device ever safe? It’s important for users to take action and install software updates for applications and operating systems, as they often contain software patches and fixes. Here are other preventative steps:

  • Install app and operating system security updates
  • Use a different password for every app or service
  • Where possible, enable two-step authentication to stop attackers logging in to accounts
  • Be careful about what apps you download
  • Do not click links in emails or messages you are not expecting

Speaking of patches, this week Microsoft warned of a Windows bug that could lead to another WannaCry-size attack. The company has taken steps of patching Windows 2003 and XP.7, Server 2008, and 2008 R2. In Dan Goodin’s article in ArsTechnica, he writes that Microsoft warns that the Internet could see another exploit with the magnitude of the WannaCry attack that shut down computers all over the world two years ago unless people patch a high-severity vulnerability. The software maker took the steps of backporting the just-released patch for Windows 2003 and XP, which haven’t been supported in four and five years, respectively.

“This vulnerability is pre-authentication and requires no user interaction,” Simon Pope, director of incident response at the Microsoft Security Response Center writes. “In other words, the vulnerability is ‘wormable,’ meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017. While we have observed no exploitation of this vulnerability, it is highly likely that malicious actors will write an exploit for this vulnerability and incorporate it into their malware.”

Rounding out this week’s vulnerability news, Intel shared details and information about a new group of vulnerabilities collectively called Microarchitectural Data Sampling. Zack Whittaker, in his TechCrunch article, writes that this secret-spilling flaw affects almost every Intel chip since 2011. These vulnerabilities, if exploited, can be used to steal sensitive information directly from the processor.

What could happen is hackers could exploit design flaws rather than injecting malicious code. Says Whittaker, “As more findings come to light, the data-stealing attacks have the potential to become easier to exploit and more streamlined.” Intel has released microcode to patch vulnerable processors. This article recaps the latest patches: https://techcrunch.com/2019/05/14/intel-chip-flaws-patches-released/

Five billion cybersecurity threats to devices each month

In other news, Microsoft has launched a new Microsoft Threat Protection website, where it is showcasing its Automated Incident response capabilities for SecOps teams, Azure Sentinel, and its human-powered Microsoft Threat Experts service. Microsoft reports that it detected five billion cybersecurity threats on devices a month.

According to a ZDNet article by Liam Tung, Microsoft is trying to connect the dots between various signals to develop threat alerts and provide organizations with a clearer picture of attacks that are underway, such as a phishing attack that could be targeting devices, email accounts or which could come via the web. Over the course of 2018, Microsoft analyzed 300,000 phishing campaigns and eight million business email compromise attempts, according to data from Office 365 security analysts.  

Microsoft can see billions of threats and assess 6.5 trillion signals daily. Source: Microsoft

How to stay ahead of the cybersecurity game

Susan Rebner, CEO of Cyleron, makes these recommendations for organizations to make cybersecurity and risk management a priority throughout the organization. In her Forbes article, she writes that cybersecurity is not just an IT issue — it extends to the entirety of the organization:

  • Regularly communicate with your customers on your cybersecurity plans and how they will protect their data. Being fully transparent allows you to build trust.
  • Do more than just the minimum antivirus software. Use multiple layers of protection. Go above and beyond to protect your customer data.
  • Prioritize the data that needs protection and protect your organization’s crown jewels, such as customer payment details or private information. Understand where your greatest assets are located and take action to protect those assets in particular.
  • Ensure that vulnerability testing is a common practice in your organization, not just penetration testing. Don’t wait to deal with threats until they occur; anticipate threats. Test, test, test and then test again.
  • Educate your employees on cybersecurity best practices to create awareness and build a multilayer defense.

Additional cybersecurity resources available

Two new whitepapers are available to download from the Cyber Oregon website: https://cyberoregon.com/resources/#cyberpro

Center for Cybersecurity Policy and Law: To address concerns about security gaps across a growing number of connected devices, the Center for Cybersecurity Policy and Law has published a white paper designed to help hardware vendors minimize risks for end users.

The BSA Framework for Secure Software: BSA/The Software Alliance has developed The BSA Framework for Secure Software to provide a consolidated framework that brings together best practices in a detailed, holistic manner that can guide software security regardless of the development environment or the purpose of the software.

Cyber Oregon partner blog of interest

The post Cyber News Roundup: Five Billion Cybersecurity Threats a Month, WhatsApp, Windows Hack, Intel Vulnerabilities appeared first on Cyber Oregon.

]]>
Oregon Cybersecurity Advisory Council Drives Mission to Improve Digital Security for all Oregonians https://cyberoregon.com/2019/05/07/oregon-cybersecurity-advisory-council-drives-mission-to-improve-digital-security-for-all-oregonians/ Tue, 07 May 2019 20:27:39 +0000 https://cyberoregon.com/?p=5381 The Oregon Cybersecurity Advisory Council (OCAC) has been busy. If I had to put one word on the past 18 months, I would say, “relationships.” From our initial meeting in September of 2017 though today, the OCAC has met with cybersecurity companies, industry experts, higher education institutions, and high school students interested in cybersecurity. Our…

The post Oregon Cybersecurity Advisory Council Drives Mission to Improve Digital Security for all Oregonians appeared first on Cyber Oregon.

]]>
The Oregon Cybersecurity Advisory Council (OCAC) has been busy. If I had to put one word on the past 18 months, I would say, “relationships.” From our initial meeting in September of 2017 though today, the OCAC has met with cybersecurity companies, industry experts, higher education institutions, and high school students interested in cybersecurity.

Our foundational meetings in late 2017 led to the establishment of our mission and vision statements:

Our mission: To build tangible solutions to protect the digital lives of all Oregonians.

Our Vision: We believe cybersecurity is a shared responsibility and must be accessible to all.

The OCAC is not simply about cybersecurity for big business. We are for small business, nonprofits, educational institutions, and the individual Oregonian. Each one conducts business as well as their lives online. We believe every Oregonian’s information is valuable and should be protected. Every Oregonian should be informed and educated about how to protect their digital information online.

The Cybersecurity Advisory Council was established through Senate Bill 90 (SB 90) and signed into law in the summer of 2017 by Governor Kate Brown. The OCAC members were appointed by the Oregon State Chief Information Security Officer (OSCIO) and began meeting in September of 2017. The OCAC was established with five primary purposes.

  1. Serve as the statewide advisory body to the State Chief Information Officer on cybersecurity.
  2. Provide a statewide forum for discussing and resolving cybersecurity issues.
  3. Provide information and recommend best practices concerning cybersecurity and resilience measures to public and private entities.
  4. Coordinate cybersecurity information sharing and promote shared and real-time situational awareness between the public and private sectors in this state.
  5. Encourage the development of the cybersecurity work­force through measures including, but not limited to, competitions aimed at building workforce skills, dissemi­nating best practices, facilitating cybersecurity research and encouraging industry investment and partnership with post-secondary institutions of education and other career readiness programs.

Additionally, the acting OSCIO in September of 2017, requested that the OCAC develop an establishment plan for the Cybersecurity Center of Excellence (CCoE) as mandated by SB 90.

The CCoE Establishment Plan was built from a foundational Oregon Cybersecurity Needs Assessment conducted by the Portland State University Center for Public Service which voiced the needs and concerns of many Oregonians from small business owners in rural Oregon to IT professionals in highly regulated industry in Portland. The survey and small focus groups were developed to understand the needs of a variety of groups in Oregon from across a variety of areas within the state. In March, the OCAC presented the CCoE establishment plan to the Joint Legislative Committee on Information Management and Technology.

The OCAC has embraced all five of the mandates by SB90 and has begun to build on these requirements. While the OCAC spent most of the year building relationships and establishing a foundation to work from, we did accomplish many tasks and delivered a CCoE Establishment Plan on time. As you review the OCAC Annual Report, you will find three pages of names, organizations, and privately held companies who have contributed in many ways to the vision and direction of the OCAC.

So, where do we go from here? That is a big question, and a very important one as the OCAC begins to grow and build up on our foundation. First, OCAC will continue to grow in our relationship with the OSCIO and our support in being an advisory body to the State of Oregon. The council is not simply nine voting members, but a compilation of many non-voting members and many more extended workgroup members with a variety of skills as cybersecurity practitioners.

Second, we believe that workforce development is THE key to the future. The research from the Needs Assessment performed by the PSU CPS team indicates a significant workforce shortage in experts and workers in the cybersecurity field. This is not simply an issue in Oregon but a nationwide issue. Partnering with K-12 education, secondary education, and retraining programs is a critical component to developing a strong cybersecurity workforce for the future. This is accomplished through programs such as NW Cyber Camp and partnering with secondary educational institutions such as OSU and Mt. Hood Community College and their cybersecurity education programs.

Finally, we believe that continuing to develop a Cybersecurity Center of Excellence in the state of Oregon is beneficial for ALL Oregonians. Providing a central place for small business and individual Oregonians move towards is highly beneficial for all. CyberOregon.com is a great resource, but what if we also had a central location for the needs of those who did not know where to turn for hands-on help with cybersecurity issues? Our goal is never to compete with private industry, but to provide hub where private industry can work with public service to meet the needs of those most vulnerable in Oregon.

If you find yourself interested in how you can support the council, I encourage you to reach out. There are three ways you can be involved:

  1. Sponsorships: You can become a sponsor of the Oregon Cybersecurity Advisory Council (OCAC), CyberOregon, and the Cyber Oregon Summits.
  2. Join the Conversation: You can attend the Cyber Oregon Summits and other cybersecurity events in the state.  
  3. Legislative: You can contact your state representative and senators to voice your interest in seeing the CCoE plan develop and move forward with additional legislative funding and action on cybersecurity for the state of Oregon.

The post Oregon Cybersecurity Advisory Council Drives Mission to Improve Digital Security for all Oregonians appeared first on Cyber Oregon.

]]>
Cyber News Roundup: Power, Passwords, PII…What Trips Us Up in Cybersecurity https://cyberoregon.com/2019/05/03/cyber-news-roundup-power-passwords-piiwhat-trips-us-up-in-cybersecurity/ Fri, 03 May 2019 15:00:30 +0000 https://cyberoregon.com/?p=5357 One of the biggest concerns for the energy sector is a grand scale cyberattack shutting down our power grids and our cities. Power networks, considered critical infrastructure by the U.S. Government, have long been a target for hackers, but successful attacks are rare, according to Zack Whittaker in his TechCrunch article. The Department of Energy…

The post Cyber News Roundup: Power, Passwords, PII…What Trips Us Up in Cybersecurity appeared first on Cyber Oregon.

]]>
Editor’s Note: This is your cyber news roundup with the latest cybersecurity news and tips from the Cyber Oregon team to help you and your organization stay safe online and protect your digital assets. We examine cybersecurity news and developments from across the Northwest and the Nation that are important to all Oregonians including individuals, businesses, non-profit organizations, government entities, and educational institutions. Sign up to receive ongoing updates here.

One of the biggest concerns for the energy sector is a grand scale cyberattack shutting down our power grids and our cities. Power networks, considered critical infrastructure by the U.S. Government, have long been a target for hackers, but successful attacks are rare, according to Zack Whittaker in his TechCrunch article. The Department of Energy confirmed that a cyber event took place in March, involving an energy company that provides service to Los Angeles, California, Salt Lake County in Utah, and Converse County in Wyoming. A denial-of-service (DDoS) attack was launched, which involves overwhelming computer systems with information in a bid to take them down.

While this incident did not impact power generation or outages, it brings to light the fact that the energy sector continues to be a big target for attacks. According to a CNBC article, “The fact that such an easily preventable attack succeeded against a system serving such a large electrical distribution area is cause for concern, especially because energy is one of the U.S. government’s most important ‘critical infrastructure’ sectors, making these utilities subject to the strongest protections.”

Are we doing enough to secure PII?

Another security fundamental in question is if companies are doing enough to secure personally identifiable information (PII). According to an interview with Frank Abagnale, the renowned security expert behind Catch Me If You Can, “There’s no doubt in my mind that the username and password is an outdated technology that has long since served its purpose. User credentials remain the single biggest factor for security breaches, and our approach to deal with this has been to add more layers of complexity (one-time passcodes, knowledge-based questions) that have most users frustrated and resentful.” In its blog, IBM recommends the following password best practices for enterprises:

  • Ensure all passwords contain at least 12 characters.
  • Randomly generate all passwords (a password manager can be a big help here).
  • Require all passwords to be secret and unique between sites and applications.
  • Update passwords on a regular basis.
  • Consider an external password audit to uncover and strengthen weak passwords.

Passwords: Yea or Nay?

May 2, 2019 marked World Password day. According to his Forbes article, author Tony Bradley writes, “The prevailing logic when it comes to password security is that everyone needs to have passwords that are complex—long jumbles of random characters that don’t even attempt to emulate an actual word—and that every password for every account must be unique. That is a very high bar to ask people to meet.” Shahrokh Shahidzadeh, CEO at Acceptto, points out that there’s a good chance your passwords are already compromised and users should operate under that assumption. “Acknowledging that all credentials have already been compromised, even those that have not yet been created, combined with the weakness of existing user identity and access controls in place, will drive a transformative shift in cybersecurity,” says Shahidzadeh. Regarding alternatives to passwords, Mark B. Cooper, president and founder of PKI Solutions states, “We are set to see an explosion of two-factor authentication technologies. Devices from Tesla (Drive PIN) to banking systems are incorporating two-factor solutions that are streamlined for their users and customers.”

In an interview with Microsoft’s top cybersecurity executive, Brett Arsenault, CNBC’s Kate Fazzini writes that email-based and password-based hacking underlie everything from the simplest frauds to the most complex, multi-faceted hacking campaigns. “We all sort of declared years ago that identity would be our new perimeter. People are very focused on taking advantage of identity, it’s become a classic: hackers don’t break in, they log in. I see that as a huge, huge thing for us to work on,” states Arsenault.

Microsoft is one of the few companies looking to eliminate passwords entirely. Instead of passwords, Microsoft employees use a variety of other options, including Windows Hello and the Authenticator app, which provide other alternatives for logging in, like facial recognition and fingerprints.

Human error is still a top cybersecurity concern

Less headline grabbing, but equally troublesome for potential cyberattacks and data breaches are humans, and human error. Writes Alison DeNisco Rayonne in her TechRepublic article, human error remains the top cybersecurity concern for both C-suite executives and policymakers according to the newest report from Oracle. The report states that professionals must invest more in employees — via training and hiring — than in security-advancing technologies, such as new software, infrastructure, artificial intelligence (AI), and machine learning (ML), even though these technologies have the ability to significantly minimize or eliminate human error entirely.

Cyber Oregon partner blog of interest

The post Cyber News Roundup: Power, Passwords, PII…What Trips Us Up in Cybersecurity appeared first on Cyber Oregon.

]]>
Firmware Needs to Be Part of Your Incident Response Playbook https://cyberoregon.com/2019/04/15/firmware-needs-to-be-part-of-your-incident-response-playbook/ Mon, 15 Apr 2019 17:58:48 +0000 https://cyberoregon.com/?p=5300 Security operations and incident response is typically where an organization’s best cybersecurity intentions meet hard realities. Teams have limited time and talent to deal with an overwhelming number of alerts, and the complexity of modern threats means each one can require significant attention. Incident Response (IR) teams need to be right and they need to…

The post Firmware Needs to Be Part of Your Incident Response Playbook appeared first on Cyber Oregon.

]]>
Security operations and incident response is typically where an organization’s best cybersecurity intentions meet hard realities. Teams have limited time and talent to deal with an overwhelming number of alerts, and the complexity of modern threats means each one can require significant attention. Incident Response (IR) teams need to be right and they need to be fast.

As a result, organizations develop highly efficient playbooks that guide their IR process and tools. And in most cases, the need for speed means that if an infection is confirmed or even suspected, the immediate response is to reimage the affected machine. Analysts don’t always have the time to do a deep manual analysis of each threat. Often it may not matter to the analyst whether the system is infected with Emotet or Trickbot, or any other malware family. The response is the same—wipe the system, reinstall the golden image, and send it back out for use. However, as malware in the wild increasingly targets firmware for persistence, it is critical that IR and threat hunting efforts extend to the firmware as well.

When Reimaging Is Not Enough

The problem for IR teams is that reimaging a system doesn’t completely clean the slate. The system firmware as well as firmware within hardware components such as drives, network adapters, etc all survive independently of the operating system. So if an attacker can compromise any of these components as part of the attack, then it can easily persist across a full reimaging of the system.

Unfortunately, targeting the firmware is precisely what malware has begun to do in the wild. The recently discovered LoJax malware is a perfect example. Once it completes its initial infection, the malware installs a UEFI rootkit with the express purpose of persisting on the machine. Even if the operating system is completely replaced, the firmware rootkit can reinfect the host OS as soon as it is booted. And LoJax isn’t the only example. We have seen how attackers can exploit firmware remotely and even take control of or disable servers by remotely attacking the BMC firmware.

And of course this multi-stage approach seen in LoJax is nothing new for malware. More generic malware routinely analyzes victims and can drop additional second stage malware that is more targeted. For example, the well-known Dridex banking malware was observed dropping Carbanak, which was used to persist and pivot within financial institutions in order to steal money. Security teams should expect for more targeted campaigns to emulate this model and follow LoJax’s lead to target the firmware.

But managing this risk creates a time and talent problem for IR and SecOps teams. Most organizations lack the in-house talent to look for firmware rootkits and implants. And even in the best case, it is time-consuming and tricky work. If the IR process is going to keep pace, firmware security needs to be fast and automated.

Eclypsium in the IR Process

Eclypsium provides a simple, highly-repeatable addition to any team’s IR process. Intelligence teams can easily scan devices for signs of suspicious firmware activity that can be used both for attack mitigation and attribution. IR teams and analysts can quickly scan every device within the scope of an incident to verify that firmware hasn’t been modified either at the system or component level.

Specifically, Eclypsium can be used to detect firmware rootkits, implants, or backdoors as part of eradication phase of IR. This provides an easy way to ensure that device firmware is clean prior to being put back into use. The video below shows an example of how this works based on the earlier example of the LoJax malware. Additionally, when an implant is discovered, it provides forensics teams with the ability to analyze the specific malicious code to develop new IOCs.

The solution can also automatically discover outdated firmware, vulnerabilities, or missing device protections that could make the device susceptible to a firmware-level attack in the future, and then help manage any updates.

It is important to note that this process can be performed over the network for any devices that may have been identified in the scope of the attack. This remote scanning of laptops, servers, and even network devices makes it easy to ensure the integrity of every device that was a part of the incident progression.

This gives SecOps teams a way to make the technically challenging task of firmware security a simple checkbox in their IR playbooks. Before a device is put back into service, it needs to be scanned for firmware threats. In addition to installing a fully patched golden image of the OS, the device needs to be checked to ensure the firmware is up to date as well. Any devices in the progression of an attack should be scanned for integrity. Malicious implants should be analyzed by forensics teams. This way teams can not only keep pace with their daily workload, but also be certain that their systems are truly clean.

The post Firmware Needs to Be Part of Your Incident Response Playbook appeared first on Cyber Oregon.

]]>
12 Ways to Get a Handle on Secrets Management https://cyberoregon.com/2019/03/27/12-ways-to-get-a-handle-on-secrets-management/ Wed, 27 Mar 2019 15:00:40 +0000 https://cyberoregon.com/?p=5253 Organizations in all industries have secrets that need to be protected. The modern identity landscape is filled with secrets — passwords, encryption keys, cryptocurrency wallets, SQL connection strings, storage account keys, API tokens — yet organizations are challenged with storing, managing, and protecting them. Let’s define “secrets” as some knowledge or a piece of data…

The post 12 Ways to Get a Handle on Secrets Management appeared first on Cyber Oregon.

]]>
Organizations in all industries have secrets that need to be protected. The modern identity landscape is filled with secrets — passwords, encryption keys, cryptocurrency wallets, SQL connection strings, storage account keys, API tokens — yet organizations are challenged with storing, managing, and protecting them.

Let’s define “secrets” as some knowledge or a piece of data that should be hidden from others – such as unapproved employees, unrelated business units, competitors or adversaries. Secrets are often used to protect, move and expose data that only protected processes like a website then displays to a user. The data “behind” the web server needs to be protected from access by any other process. If secrets aren’t managed correctly, they can expose sensitive information that could wreak havoc on an organization, its network, and its data. Currently, 87% of executives lack confidence in their organization’s level of cybersecurity, according to EY. Knowing where secrets are kept is the first step, which is easier said than done. They are likely fragmented and scattered everywhere across the organization and beyond: on premises, in the cloud, on servers, on devices, on clients, and even in code. A centralized approach to secrets management is vital for companies to protect their data and assets, while a poorly managed security approach could lead to breach, noncompliance, or outage.

12 Ways to Get a Handle on Secrets Management

  1. Learn where your company’s secrets are kept and inventory them. This is easier said than done, since secrets are often scattered everywhere: on premise, on servers, devices, and clients, in the cloud, and even in code. Develop a checklist to discover which systems are using keys and collect information on their secret requirements and integration points.
  2. Set your goals for security robustness. The more robust your security, the more complex the implementation. You will need to have guidelines and practices in place for your extended security team to include user access policies, automated systems updates, and secure code deployment. There are two approaches. One: create security requirements based on existing system capabilities. This will be the lowest security model, but easiest to enforce. Two: create a security requirement to be phased in over a period of years (perhaps five years). Those requirements then become the baseline for evaluating new systems, renewals, upgrades and long-term planning until the goal is implemented and enforced.
  3. Centralize your approach. Place secrets in a private repository with restricted access. Leverage vaulting systems (CyberArk or Password Managers) with access management. Leverage systems such as PKI to utilize keys requiring lower management of keys.
  4. Separate data from the secrets. You can use location to your advantage and keep the secrets on premise, and data in the cloud.
  5. Define your implementation. Evaluate administration vs. technology solutions. Determine if you will use policy and custom processes or will leverage an existing vendor solution to achieve your goal
  6. Control access. Consider security around any centralized repository. Manage control of access, authorizations, permissions, and privileges.
  7. Remove the human factor, if possible. Limit employees’ access to the secrets, leverage escrow services when passwords are involved, and consider alternate identity solutions in lieu of passwords.
  8. Check permissions: users, machines, applications. Determine where secrets are being created and stored and enforce restrictions that prevent unapproved creation and storage in unmanaged places.
  9. Log use and look for patterns. Anomaly detection will help you better understand and assess data and user behavior.
  10. Rotate encryption and identity keys. Define lifetimes and rotation strategies so encryption keys are removed from use before their cryptographic lifetimes are exceeded.  
  11. Have an incident response plan ready. With threats and errors occurring with increased regularity, an incident response plan will reduce your risks (and stress) if you are faced with a security incident, requiring urgent incident response.
  12. Plan ahead for data breach to reduce the impact. Having your breach response plan always updated will help, should there be any type of account or network compromise.

Once secrets are located by performing an assessment and inventory, it’s crucial to separate data from the secrets. For example, make sure the encryption keys that protect the data are separate from the secrets in a central, private repository with restricted access — such as a key management server with limited access to the public and by your employees. One recommendation is to use location to your advantage: secrets on-premises, data in the cloud. Be sure to keep data encrypted using keys and ensure keys are encrypted at rest.

Levels of Security

Depending on your resources, there are different levels of security to consider when protecting your organization’s secrets:

  • Limited access: Secrets are stored in a repository/server with limited access to the public. Examples include password vaults, hardware security modules, and private Git repositories.
  • Encrypted secrets: Before being stored, the secrets are encrypted. Security through obscurity is not acceptable.
  • Management: An application that allows high-level control of the secrets. Examples include symmetric key management systems and password escrow services (CyberArk, for example).

Administration vs. Technology Solutions

The human element will always be the weakest link in any security protocol. Consider this: 80% of data breaches are caused by silly mistakes made by those responsible for managing secrets, according to Rashmi Jha, senior program manager at Microsoft. Here are some recommendations and principles for tightening up your security:

  1. Leverage escrow services when passwords are involved.
  2. Consider alternate identity solutions in lieu of passwords.
  3. Key management solutions are only part of the equation.
  4. Audit, compliance, and remediation are critical.
  5. Consider security around any centralized repository.

The Pitfalls of Poor Secrets Management

What happens if organizations have poor secrets management? It can lead to account and network compromise, information leaks, outages, compliance issues, data breach, loss of reputation — and even business shutting down. Secrets management is an ongoing effort and it’s important to follow the “trust but verify” approach.

PKI Solutions will soon be offering its in-demand PKI training courses online. These self-paced courses are a deep dive into PKI. PKIs are the core of the IT backbone for enterprises, supporting network authentication, data encryption, code signing and secure email. The online courses will cover all of the same topics and lessons as the highly popular, in-person courses that the company has provided for many years. The course will feature video, audio, and slide-based content, taught by Mark B. Cooper, president and founder of PKI Solutions and known as The PKI Guy. He has been working with PKIs for two decades and has led hundreds of PKI trainings around the world. For more information and to sign up now for online courses, please visit https://pkisolutions.com/online-courses/.

This edited article was published on Dark Reading. View article.

The post 12 Ways to Get a Handle on Secrets Management appeared first on Cyber Oregon.

]]>
Cyber News Roundup: China Hacking Keeps Us Up At Night https://cyberoregon.com/2019/03/22/cyber-news-roundup-china-hacking-keeps-us-up-at-night/ Fri, 22 Mar 2019 15:46:46 +0000 https://cyberoregon.com/?p=5245 The United States Department of Homeland Security Secretary Kirstjen Nielsen is extremely concerned about cyber threats, “The rate at which threats and risks are emerging is outpacing our ability to identify, assess and address them.” Threats to our systems and information are everywhere — from insiders to the factory floor to China. At the recent…

The post Cyber News Roundup: China Hacking Keeps Us Up At Night appeared first on Cyber Oregon.

]]>
Editor’s Note: This is your cyber news roundup with the latest cybersecurity news and tips from the Cyber Oregon team to help you and your organization stay safe online and protect your digital assets. We examine cybersecurity news and developments from across the Northwest and the Nation that are important to all Oregonians including individuals, businesses, non-profit organizations, government entities, and educational institutions. Sign up to receive ongoing updates here.

The United States Department of Homeland Security Secretary Kirstjen Nielsen is extremely concerned about cyber threats, “The rate at which threats and risks are emerging is outpacing our ability to identify, assess and address them.”

Threats to our systems and information are everywhere — from insiders to the factory floor to China. At the recent RSA Conference 2019 in San Francisco, U.S. officials emphasized that China is our biggest cybersecurity threat. Just when we thought it was Russia, it’s something else. According to The Washington Post article by Joseph Marks, “it’s China hacking that keeps us up at night.” Collectively, the unified message from the National Security Agency, FBI and United States Department of Homeland Security (DHS) officials is they are laser-focused on the digital security threat that China poses to the United States.

Chris Krebs, director of the DHS’s Cybersecurity and Infrastructure Security Agency (CISA) voiced his concern, “China’s trying to manipulate the system to its ultimate long-term advantage.” Combating Chinese digital espionage will be one of four major focus areas for CISA during the next 18 months, according to the article.

Two Cyber Oregon sponsors were quoted in this article, CrowdStrike and Palo Alto Networks.  Shawn Henry, president of Crowdstrike, agrees that China is the greatest threat to U.S. financial cybersecurity but warns that a cyberattack from Russia – which has a track record of destroying systems and data rather than just stealing them – could produce far broader damage. “The theft of data will have a significant economic impact. A destructive attack can have a significant threat to life.”

Ryan Gillis, vice president for cybersecurity strategy at Palo Alto Networks, contends that the messaging campaign about Chinese hacking may have an impact on Chinese leaders. “China does want to be a leader in the international community, so that pressure and the unity of the message is an important thing right now.”

Factories are at risk

If it’s not hackers in China, it’s hackers eyeing the factory floor. The latest risks to factories and manufacturers of consumer goods — including cars, refrigerators, and washing machines — are the Internet-connected sensors, monitors, and other devices that operate manufacturing operations. This equipment is posing new cybersecurity risks, according to an article in Roll Call.

According to the article, these devices typically monitor and gather information on the performance of machines, allowing operators to control a large factory floor or infrastructure spread out over an extended area such as a pipeline network or a utility grid. Devices include programmable logic controllers, remote terminal units and human-machine interface equipment that have been in use for nearly half a century “The thing that has changed over the last 20 years is Internet connectivity, with the devices being connected first to an organization’s internal network and then to the internet,” says Sean Peasley, a partner at Deloitte who specializes in Internet of Things and cybersecurity.

Collaboration is key

With threats hitting in all directions,  Nielsen, secretary of the DHS, urged private companies to do more to help the federal government identify new cyber threats. In The Hill article, Nielsen says the administration is unable to do it alone and encouraged companies to collaborate. “We need our great minds to really help us spot the patterns and know what’s coming at us,” she continued. Nielsen reiterated the need to have partnerships between private companies who are dealing with new cyberattacks and DHS.

Help is on the way

Help is on the way…or is it? The latest research from industry association ISACA indicates that finding and hiring qualified cybersecurity pros is taking a long time. Nearly one third of organizations say filling a position takes up to six months. According to the Dark Reading article, as the demand for cybersecurity professionals continues to rise, organizations are looking at unconventional ways to staff up and train their workforce.

“There’s a drought of technical people, and it’s been compounding over the years,” says Frank Downs, director of ISACA’s cybersecurity practice. “There aren’t enough cybersecurity pros, period.” Ralph Sita, co-founder and CEO of online training firm Cybrary, says cybersecurity education and training doesn’t necessarily need to follow the traditional academic trajectory.

There are 313,735 cybersecurity job openings across the United States, with 2,911 opening in Oregon alone, according to CyberSeek.

“Cybersecurity is one of today’s hottest technical fields,” according to Charlie Kawasaki, co-founder of NW Cyber Camp, vice chair of the Oregon Cybersecurity Advisory Council (OCAC) and chief technical officer of PacStar. “The latest research indicates that it takes an average of three to six months to fill a cybersecurity job. We are working on the pipeline problem – we are working to get more people interested in cybersecurity at an earlier age, and more people trained.” NW Cyber Camp inspires and empowers high school students to learn about cybersecurity, opening up the possibility of a career in the field.

Cyber Oregon partner blog of interest

The post Cyber News Roundup: China Hacking Keeps Us Up At Night appeared first on Cyber Oregon.

]]>
NW Cyber Camp launches fourth year https://cyberoregon.com/2019/03/20/nw-cyber-camp-launches-fourth-year/ Wed, 20 Mar 2019 14:00:57 +0000 https://cyberoregon.com/?p=5216 NW Cyber Camp inspires and empowers high school students to learn about cybersecurity, opening up the possibility of a career in the field. Since 2016, NW Cyber Camp has reached hundreds of high school students, offering hands-on cybersecurity skills, including defending computer systems from hackers and implementing defensive cybersecurity practices. This year marks the fourth…

The post NW Cyber Camp launches fourth year appeared first on Cyber Oregon.

]]>
NW Cyber Camp inspires and empowers high school students to learn about cybersecurity, opening up the possibility of a career in the field. Since 2016, NW Cyber Camp has reached hundreds of high school students, offering hands-on cybersecurity skills, including defending computer systems from hackers and implementing defensive cybersecurity practices. This year marks the fourth year of the program, taking place July 15-July 19, 2019, with five camps across Oregon, including a girls’ camp plus a new advanced camp this year:

  • Girls’ Camp, 621 SW 5th Ave, Portland, OR (Meier & Frank building)
  • Co-Ed, Center for Advanced Learning, 1484 NW Civic Drive, Gresham, OR
  • Co-Ed, Mentor Graphics, 8005 Boeckman Rd, Wilsonville, OR
  • Co-Ed, Oregon State University, Corvallis OR
  • New Advanced Camp, July 22-July 26, 2019: Center for Advanced Learning, 1484 NW Civic Drive, Gresham, OR

For more information and to register: www.NWCyber.camp.

NW Cyber Camp

NW Cyber Camp addressing skills pipeline problem

“Cybersecurity is one of today’s hottest technical fields. Oregon alone has 2,911 unfilled job openings in cybersecurity,” according to Charlie Kawasaki, co-founder of NW Cyber Camp, vice chair of the Oregon Cybersecurity Advisory Council (OCAC) and chief technical officer of PacStar. “The latest research indicates that it takes an average of three to six months to fill a cybersecurity job. We are working on the pipeline problem – we are working to get more people interested in cybersecurity at an earlier age, and more people trained.”

The original co-founders of NW Cyber Camp (formerly known as PDX Cyber Camp) include Charlie and his daughter, Amelia Kawasaki, and Zander Work, who created the camp in 2016 to inspire youth towards careers in cybersecurity. While she was in high school, Amelia was one of the cybersecurity camp’s instructors and heavily involved in the girls’ camp, featuring leading female guest speakers and instructors for a tailored program for young women interested in STEM careers. The cybersecurity experience and skills that she gained at the camps led her to software engineering and data science internships with Formaltech and Cylance. Amelia is currently pursuing a degree in Data Science at the University of California, San Diego. Zander was also a camp organizer and instructor; and is currently pursuing a degree in Computer Science at Oregon State University. He is the president of the award-winning OSU Security Club.

Amelia Kawasaki (in yellow) one of the co-founders and instructors of NW Cyber Camp

Sponsors of NW Cyber Camp 2019 include PacStar (title sponsor), Facebook, Mentor Graphics, McAfee, HP, Galois, and Splunk.

The post NW Cyber Camp launches fourth year appeared first on Cyber Oregon.

]]>