Former U.S. Director of National Intelligence and Navy Vice Adm. Mike McConnell advocated today for stronger protection of digital data transfers and for universities to play a key role in filling cyber security jobs.

McConnell was among the keynote speakers at the 2018 SEC Academic Conference hosted by Auburn University. The conference, which is ongoing through Tuesday, is focused on the topic of “Cyber Security: A Shared Responsibility” and brings together representatives from the SEC’s 14 member universities along with industry experts in the area of cyber security.

McConnell is encouraging the use of ubiquitous encryption as a solution for stronger data protection.

“As we go to the cloud…ubiquitous encryption of some sort would be used so that if anybody accessed that data, you can’t read it. If you’re moving [the data] from point A to point B, it scrambles so you can’t read it,” he said.

McConnell understands that stronger data security can come at a cost for others, including law enforcement who may need to access data within a device during a criminal investigation.

“What I’m arguing is the greater need for the country is a higher level of [data] security. If that’s the greater need, then some things of lesser need have to be sacrificed. So when I say ubiquitous encryption, that’s what I’m attempting to describe. It is protecting the data that is the very lifeblood of the country,” McConnell said.

McConnell also addressed how academia can help in securing the nation from cyber attacks.

“We have about 300,000 job openings across the United States for which there are no cyber security-skilled people to fill those jobs,” he said. “Universities are debating academically ‘What is cyber security?’ and ‘How do you credit the degrees?’ and ‘How do you get consensus on what it is and what it should do?’”

He urged universities to move more quickly on coming to a consensus so they can get certified and accredited to start producing students who can fill those jobs.

Glenn Gaffney, executive vice president at In-Q-Tel, also spoke to the role higher education institutions can play in cyber security during his keynote address at the conference.

“It is at the university level where we don’t have to take a top-down approach,” Gaffney said, adding that universities can work together, through research and student involvement, to create proactive solutions to cyber security. “This is where the next generation of leaders will be developed. It’s here that these dialogues must begin. This is the opportunity.”

Ray Rothrock, CEO and chairman of RedSeal Inc., was the day’s third speaker, presenting on the topic of “Infrastructure: IoT, Enterprise, Cyber Physical.” Rothrock also held a signing for his new book, “Digital Resilience: Is Your Company Ready for the Next Cyber Threat?”

Attendees at the conference are exploring computer and communication technology; the economic and physical systems that are controlled by technology; and the policies and laws that govern and protect information stored, transmitted and processed with technology.

Students at each SEC member university participated in a Cyber Challenge and presented posters displaying their work in the area of cyber security.

The hack that forced Baltimore’s 911 dispatch system to be temporarily shut down over the weekend was a ransomware attack, city officials said Wednesday.

Such attacks — another of which occurred in Atlanta last week — take over parts of private or municipal computer networks and then demand payment, or ransom, for their release.

Frank Johnson, chief information officer in the Mayor’s Office of Information Technology, said he was not aware of any specific ransom request made by the hackers of Baltimore’s network, but federal authorities are investigating.

“The systems and the software and the files are all being investigated by the FBI right now,” Johnson said.

No personal data of city residents was compromised, he added.

Dave Fitz, an FBI spokesman, could not be reached Wednesday. On Tuesday, Fitz said the agency was aware of the breach and providing assistance to the city, but otherwise declined to comment.

The attack infiltrated a server that runs the city’s computer-aided dispatch, or CAD, system for 911 and 311 calls. The system automatically populates 911 callers’ locations on maps and dispatches the closest emergency responders there more seamlessly than is possible with manual dispatching. It also relays information to first responders in some cases and logs information for data retention and records.

The breach shut down the CAD system from Sunday morning until Monday morning, forcing the city to revert to manual dispatching during that time. While the city’s 911 calls are normally recorded online on Open Baltimore, the city dispatch logs stopped recording them at 9:54 a.m. Sunday and didn’t resume recording them again until 7:42 a.m. Monday.

Johnson said the attack was made possible after a city information technology team troubleshooting a separate communications issue with the server inadvertently changed a firewall and left a port, or a channel to the Internet, open for about 24 hours, and hackers who were likely running automated scans of networks looking for such vulnerabilities found it and gained access.

“I don’t know what else to call it but a self-inflicted wound,” Johnson said. “The bad guys did not get in on their own without the help of someone inadvertently leaving the door open.”

Once the “limited breach” was identified, city information technology crews “were able to successfully isolate the threat and ensure that no harm was done to other servers or systems” on the city’s network, Johnson said. And once “all systems were properly vetted, CAD was brought back online.”

Johnson said the city “continues to work with its federal partners to determine the source of the intrusion.”

The Baltimore hack comes amid increasing hacking of municipal systems across the country, and follows one in Atlanta last week that paralyzed that city’s online bill-payment system, with hackers demanding a $51,000 payment in bitcoin to unlock it. That attack occurred Thursday, and Atlanta employees only turned their computers back on Tuesday.

Johnson said his office works diligently to prevent cyberattacks and is looking to invest more in safeguarding its networks.

Baltimore also faced cyberattacks during the unrest in 2015, when its website was taken offline. Johnson said he was unaware of any other successful attacks on the city’s networks. He said the city would be obligated to disclose any attacks that compromised residents’ personal information, health information or crime data.

Johnson said he feels the city recovered well from the breach once it was identified, but that he did not want to go into detail about what was done lest he expose the city to more attacks.

The city has a $2.5 million contract with TriTech Software Systems to maintain its CAD software and provide “technical support services to ensure the functional integrity” of the city’s CAD system.

Scott MacDonald, TriTech’s vice president of public safety strategy, said the company worked with city IT personnel to shut down the CAD software after the attack. The breach was not related to the company’s software, MacDonald said.

“When we were alerted of it, it was reported that the server had some sort of compromise,” he said. “Our techs connected and worked with the IT staff there, and the CAD system was taken down manually, in combination between our staff and theirs, while the servers could be troubleshooted by the city.”

The Department of Administrative Services (DAS) announced that the State of Connecticut suffered a ransomware attack on Friday, February 23. Although most computers were protected with adequate antivirus software, approximately 160 machines in 12 agencies were not.

DAS spokesperson Jeffrey Beckham said that, through a collaboration with agency IT and other partners, the virus was contained by the evening of Sunday, February 25. There were no reports of encrypted files or data loss, and the DAS does not believe state business will be affected by the breach.

NRA targeted by DDoS cyber criminals
Three US National Rifle Association (NRA) websites were the latest victims of memcached-based distributed denial-of-service (DDoS) attacks, as reported by Qihoo 360’s Network Security Research Lab (Netlab). nra.org, nracarryguard.com, and nrafoundation.org join other large-platform targets, including Amazon and Google. This also follows the biggest DDoS attack to date, which targeted GitHub in February 2018.

As early as February 25, Twitter users were posting about the NRA DDoS takedown. It’s likely that these attacks are politically motivated, as the pro-gun organization has been criticised following the Parkland school shooting on February 14, in which 17 people were killed. It is not uncommon for criminal hackers to launch DDoS attacks on controversial organizations and figures – past victims include the Ku Klux Klan, ISIS, and Donald Trump.

Read More….

Five months before the 9/11 attacks, US Secretary of Defense Donald Rumsfeld sent a memo to one of his advisers with an ominous message.

“Cyberwar,” read the subject line.

“Please take a look at this article,” Rumsfeld wrote, “and tell me what you think I ought to do about it. Thanks.”

Attached was a 38-page paper, published seven months prior, analyzing the consequences of society’s increasing dependence on the internet.

It was April 30, 2001. Optimistic investors and frenzied tech entrepreneurs were still on a high from the dot-com boom. The World Wide Web was spreading fast.

Once America’s enemies got around to fully embracing the internet, the report predicted, it would be weaponized and turned against the homeland.

The internet would be to modern warfare what the airplane was to strategic bombers during World War I.

The paper’s three authors — two PhD graduates and the founder of a cyber defense research center — imagined the damage a hostile foreign power could inflict on the US. They warned of enemies infecting computers with malicious code, and launching mass denial of service attacks that could bring down networks critical to the functioning of the American economy.

Read More….

On Wednesday morning the workday in Colorado Department of Transportation (CDOT) was disturbed. The institution went back to good old days when computers were not existing due to SamSam ransomware virus attack.

On February 22, the file-encrypting virus hit CDOT’s computers, encrypted files and demanded to pay the ransom in Bitcoins. More than 2,000 computers were shut down to stop and investigate the attack.

According to the CDOT spokeswoman, the version of SamSam ransomware hit only Windows OS computers even though they were secured by McAfee antivirus. However, CDOT and security software providers are working on virus elimination.

Fortunately, Colorado Department of Transportation has all data backed up. Therefore, they are not going to pay the ransom and crooks attempts to blackmail the institution did not succeed.

Meanwhile, employees are forbidden from accessing the Internet until the problem is solved. Ransomware did not affect any critical services, such as cameras, alerts on traffics or variable message boards.

Authors of SamSam ransomware already received money from victims in 2018
SamSam ransomware is known for a while. Numerous versions of malware hit hospitals and other institutions last year. Colorado Department of Transportation is not the first organization that was in the target eye of the ransomware creators this year too.

Read More….