Guest Speaker: NeoCyber Institute

The NeoCyber Institute is a global organization working to spread awareness of cybersecurity by connecting students and professionals with training and resources. They host workshops for students offering instruction for capture-the-flag style cyber-competitions, run a YouTube channel to educate the public about cybersecurity, and are developing Incident Response Plan training seminars for small organizations. Such programs support NeoCyber’s central goals: to protect critical infrastructure, open doors to a cyber career, and educate students.

Cyber Bytes: A Closer Look at the SolarWinds Hack

Companies often use 3rd party software and services as part of their own businesses, SolarWinds is a very big provider meaning they have a lot of tools. One of their very big collections of tools is Orion, a collection of tools to help manage their stuff, such as network performance or log files. One of the tools had been injected with malware. How did that software get tricked to bring in the malware? Well, the culprit is software updates. The updates “appear” to be legitimate, which makes this attack a trojan horse. The malware allows the infected system to get remote access, which we can call Remote Access Trojan (or RAT), which leads to backdoor access to the infected system, which provides access to files, user data, application, and company secrets. Worst of all this can go undetected for months. The updates server was first compromised in March of 2020, this was at first thought of the supply chain attack, because the supply chain is the carrier that was used to distribute the malware. When something major like this happens, it is referred to as an Advanced Persistent Threat (APT).

How did the hackers get access to the update servers?

They found out the credentials to modify the content on those backup servers.

How to prevent this in the future:

1. Use a password manager
2. Use two-factor authentication/multi factor 
3. Do not use the same passwords on multiple sites 
4. Do not open email links / attachments whenever possible
5. Don’t install apps from unauthorized vendors

For more information about SolarWinds, check out the following articles:

• Dissecting the SolarWinds Hack With a Cybersecurity Evangelist (Forbes)
• Security News This Week: Russia’s SolarWinds Hack is a Historic Mess (Wired)
• SolarWinds Hack Followed Years of Warnings of Weak Cybersecurity (Bloomberg)
• SolarWinds hires former CISA director Chris Krebs to consult on hack aftermath (CNET)
• Sealed U.S. Court Records Exposed in SolarWinds Breach

Technology Corner – Phishing:

Phishing is a type of social engineering attack, intended to steal user data, such as login credentials, passwords, or credit card numbers. Phishing attacks occur when an attacker, pretending to be someone who is trusted, ticks the victim into opening an email or some sort of message. 

Phishing emails and text messages may say:

1. They have noticed some suspicious activity or log-in attempts
2. Claim there is a problem with your account
3. Say you must confirm personal information
4. Include a fake invoice 
5. Want you to click on a link to make a payment
6. Say you’re eligible to register for a government refund
7. Offer a coupon for free stuff

How to protect yourself from Phishing Attacks

1. Protect your computer by using security software
2. Protect your mobile phone by setting software to update automatically
3. Protect your accounts using multi factor authentication
4. Protect your data by backing it up

For more information about Phishing:

• Phishing Scams: Avoid the Bait (FTC)
• Test Your Phishing Knowledge (FTC)

Cyber Opportunities

Women In CyberSecurity (WiCyS)

About

WiCyS is a non-profit organization dedicated to building a strong gender-diverse cybersecurity workforce by bringing cybersecurity women from academic, research, and industry and providing opportunities to share knowledge, network, and mentoring as a way to recruit, retain, and advance women in the cybersecurity field. The majority of the WiCyS membership made up of students, industry,  faculty, and government and military.

Scholarships

They have a limited capacity so to attend the conferences students have to apply to attend their conferences and have to be a current student member of WiCyS. Deadline is March 1st at 12pm (CST). All students have to apply for registration assistance. For more information, visit https://www.wicys.org/scholarships-grants-and-fellowship-awards 

Student Research Posters

The Poster contest is open till March 1st, 2021. It is an opportunity for students to showcase their research and work to the WiCyS audience attending the WiCyS conference. The student winners in the undergraduate and graduate category both receive a travel support for a security conference of their choice. The runner ups receive tech prizes. Lastly, the first listed student gets an automatic scholarship.

Save the Date: Next WiCyS Conference – September 8 – 10

The 8th Annual Women in Cybersecurity conference is scheduled to be held in Aurora, Colorado. Visit the following site to learn more about it: https://www.wicys.org/wicys-2021

CyberStart America – Free Program

CyberStart America is a free national program for high school students to learn more about cybersecurity and enhance their cybersecurity skills, and also compete for college scholarships. This site offers awesome resources like online challenges that allow you to experience real-world cyber tasks, learn about topics ranging from code breaking to ethical hacking and password cracking, and qualify or scholarships in a 2 day challenge called the National Cyber Scholarship Competition.

Some of the awesome prizes available through the National Cyber Scholarship Competition include the following:

• $2 million of college scholarships
• Access to cybersecurity training course
• Recognition badges that can be used on college and job applications

To learn more about this cool organization and its cybersecurity opportunities, visit: https://www.cyberstartamerica.org/

Visit the WiCyS website at:  https://www.wicys.org/