Author: rescue@crimefire.in

Here are three of the worst breaches, attacker tactics and techniques of 2022, and the security controls that can provide effective, enterprise security protection for them.
Ransomware as a service is a type of attack in which the ransomware software and infrastructure are leased out to the attackers. These ransomware services can be purchased on the dark web from other threat actors and ransomware gangs. Common purchasing plans include buying the entire tool, using the existing infrastructure while paying per infection, or letting other attackers perform the service while sharing revenue with them.
In this attack, the threat actor consists of one of the most prevalent ransomware groups, specializing in access via third parties, while the targeted company is a medium-sized retailer with dozens of sites in the United States.
The threat actors used ransomware as a service to breach the victim’s network. They were able to exploit third-party credentials to gain initial access, progress laterally, and ransom the company, all within mere minutes.
The swiftness of this attack was unusual. In most RaaS cases, attackers usually stay in the networks for weeks and months before demanding ransom. What is particularly interesting about this attack is that the company was ransomed in minutes, with no need for discovery or weeks of lateral movement.
A log investigation revealed that the attackers targeted servers that did not exist in this system. As it turns out, the victim was initially breached and ransomed 13 months before this second ransomware attack. Subsequently, the first attacker group monetized the first attack not only through the ransom they obtained, but also by selling the company’s network information to the second ransomware group.
In the 13 months between the two attacks, the victim changed its network and removed servers, but the new attackers were not aware of these architectural modifications. The scripts they developed were designed for the previous network map. This also explains how they were able to attack so quickly – they had plenty of information about the network. The main lesson here is that ransomware attacks can be repeated by different groups, especially if the victim pays well.
“RaaS attacks such as this one are a good example of how full visibility allows for early alerting. A global, converged, cloud-native SASE platform that supports all edges, like Cato Networks provides complete network visibility into network events that are invisible to other providers or may go under the radar as benign events. And, being able to fully contextualize the events allows for early detection and remediation.
Attacks on critical infrastructure are becoming more common and more dangerous. Breaches of water supply plants, sewage systems and other such infrastructures could put millions of residents at risk of a human crisis. These infrastructures are also becoming more vulnerable, and attack surface management tools for OSINT like Shodan and Censys allow security teams to find such vulnerabilities with ease.
In 2021, two hackers were suspected of targeting radiation alert networks. Their attack relied on two insiders that worked for a third party. These insiders disabled the radiation alert systems, significantly debilitating their ability to monitor radiation attacks. The attackers were then able to delete critical software and disable radiation gauges (which is part of the infrastructure itself).
“Unfortunately, scanning for vulnerable systems in critical infrastructure is easier than ever. While many such organizations have multiple layers of security, they are still using point solutions to try and defend their infrastructure rather than one system that can look holistically at the full attack lifecycle. Breaches are never just a phishing problem, or a credentials problem, or a vulnerable system problem – they are always a combination of multiple compromises performed by the threat actor,” said Etay Maor, Sr. Director of Security Strategy at Cato Networks.
The third attack is also a ransomware attack. This time, it consisted of three steps:
1. Infiltration – The attacker was able to gain access to the network through a phishing attack. The victim clicked on a link that generated a connection to an external site, which resulted in the download of the payload.
2. Network activity – In the second phase, the attacker progressed laterally in the network for two weeks. During this time, it collected admin passwords and used in-memory fileless malware. Then on New Year’s Eve, it performed the encryption. This date was chosen since it was (rightfully) assumed the security team would be off on vacation.
3. Exfiltration – Finally, the attackers uploaded the data out of the network.
In addition to these three main steps, additional sub-techniques were employed during the attack and the victim’s point security solutions were not able to block this attack.
“A multiple choke point approach, one that looks horizontally (so to speak) at the attack rather than as a set of vertical, disjointed issues, is the way to enhance detection, mitigation and prevention of such threats. Opposed to popular belief, the attacker needs to be right many times and the defenders only need to be right just once. The underlying technologies to implement a multiple choke point approach are full network visibility via a cloud-native backbone, and a single pass security stack that’s based on ZTNA.” said Etay Maor, Sr. Director of Security Strategy at Cato Networks.
It is common for security professionals to succumb to the “single point of failure fallacy”. However, cyber-attacks are sophisticated events that rarely involve just one tactic or technique which is the cause of the breach. Therefore, an all-encompassing outlook is required to successfully mitigate cyber-attacks. Security point solutions are a solution for single points of failure. These tools can identify risks, but they will not connect the dots, which could and has led to a breach.
According to ongoing security research conducted by Cato Networks Security Team, they have identified two additional vulnerabilities and exploit attempts that they recommend including in your upcoming security plans:
While Log4j made its debut as early as December of 2021, the noise its making hasn’t died down. Log4j is still being used by attackers to exploit systems, as not all organizations have been able to patch their Log4j vulnerabilities or detect Log4j attacks, in what is known as “virtual patching”. They recommend prioritizing Log4j mitigation.
Security solutions like firewalls and VPNs have become access points for attackers. Patching them has become increasingly difficult, especially in the era of architecture cloudification and remote work. It is recommended to pay close attention to these components as they are increasingly vulnerable.
To reduce the attack surface, security professionals need visibility into their networks. Visibility relies on three pillars:
Once an organization has complete visibility to the activity on their network they can contextualize the data, decide whether the activity witnessed should be allowed, denied, monitored, restricted (or any other action) and then have the ability to enforce this decision. All these elements must be applied to every entity, be it a user, device, cloud app etc. All the time everywhere. That is what SASE is all about.
Sign up for free and start receiving your daily dose of cybersecurity news, insights and tips.

source

Employer demand for cybersecurity professionals continues to strain talent availability, according to new data from CyberSeek.

For the 12-month period ending in September 2022, employers listed 769,736 openings for cybersecurity positions or jobs requiring cybersecurity skills. Employer demand for cybersecurity workers grew 2.4 times faster than the overall rate across the U.S. economy. Nine of the 10 top months for cybersecurity job postings in the past 10 years have occurred in 2022.
Despite a slight pullback in hiring activity in the most recent months from the record volumes of earlier this year, total cybersecurity job postings for Q3 2022 tracked 30% higher than the same period in 2021 and 68% higher than 2020. The supply-demand ratio held steady at 65, indicating approximately 65 cybersecurity workers in the labor market – the vast majority already employed, for every 100 cybersecurity job postings.
Data shows that requirements for cybersecurity skills for specific occupations have increased dramatically in the last 12 months. The cybersecurity profession continues to expand into specialized fields, such as penetration tester and threat analyst. There is a similar expansion of cybersecurity skills requirements in adjacent positions such as auditor (+336%), software developer (+87%), cloud architect (+83%) and technical support engineer (+48%).
“The CyberSeek data reaffirms the critical importance of feeder roles and thinking more creatively about on-ramps and career pathways,” said Ron Culler, VP cyber learning officer, CompTIA. “It is clear from the CyberSeek data that cybersecurity’s importance and impact reaches all levels of the tech workforce. We see this trend continuing and are committed to ensuring that cybersecurity professionals are prepared for the current and future challenges this will bring.”
“Demand for cybersecurity talent has been accelerating for years, and employers are showing no signs of taking their foot off the gas,” said Will Markow, VP of applied research at Lightcast. “That’s why it is more important than ever to build robust talent pipelines to ensure a safer digital world. We can’t accept leaving holes in our cybersecurity defenses simply because we don’t have enough trained workers to plug them.”

source

The scale of cyberattacks that organizations face today means autonomous systems are becoming a critical component of cybersecurity. This forces us to question the ideal relationship between human security teams and artificial intelligence (AI): What level of trust should be granted to an AI program, and at what point do security teams intervene in its decision-making?
With autonomous systems in cybersecurity, human operators are raising the bar of their decision-making. Instead of making an increasingly unmanageable number of “microdecisions” themselves, they now establish the constraints and guiderails that AI machines should adhere to when making millions of granular microdecisions at scale. As a result, humans no longer manage at a micro level but at a macro level: Their day-to-day tasks become higher-level and more strategic, and they are brought in only for the most essential requests for input or action.
But what will the relationship between humans and AI look like? Below, we dissect four scenarios outlined by the Harvard Business Review that set forth possibilities for varied interaction between humans and machines, and explore what this will look like in the cyber realm.
In this scenario, the human is, in effect, doing the decision-making and the machine is providing only recommendations of actions, as well as the context and supporting evidence behind those decisions to reduce time-to-meaning and time-to-action for that human operator.
Under this configuration, the human security team has complete autonomy over how the machine does and does not act.
For this approach to be effective in the long-term, sufficient human resources are required. Often this would far exceed what is realistic for an organization. Yet for organizations coming to grips with the technology, this stage represents an important steppingstone in building trust in the AI autonomous response engine.
Most decisions are made autonomously in this model, and the human only handles exceptions, where the AI requests some judgment or input from the human before it can make the decision.
Humans control the logic to determine which exceptions are flagged for review, and with increasingly diverse and bespoke digital systems, different levels of autonomy can be set for different needs and use cases.
This means that the majority of events will be actioned autonomously and immediately by the AI-powered autonomous response but the organization stays “in the loop” for special cases, with flexibility over when and where those special cases arise. They can intervene, as necessary, but will want to remain cautious in overriding or declining the AI’s recommended action without careful review.
In this case, the machine takes all actions, and the human operator can review the outcomes of those actions to understand the context around these actions. In the case of an emerging security incident, this arrangement allows AI to contain an attack, while indicating to a human operator that a device or account needs support, and this is where they are brought in to remediate the incident. Additional forensic work may be required, and if the compromise was in multiple places, the AI may escalate or broaden its response.
For many, this represents the optimal security arrangement. Given the complexity of data and scale of decisions that need to be made, it is simply not practical to have the human in the loop (HitL) for every event and every potential vulnerability.
With this arrangement, humans retain full control over when, where, and to what level the system acts, but when events do occur, these millions of microdecisions are left to the machine.
In this model, the machine makes every decision, and the process of improvement is also an automated closed loop. This results in a self-healing, self-improving feedback loop where each component of the AI feeds into and improves the next, elevating the optimal security state.
This represents the ultimate hands-off approach to security. It is unlikely human security operators will ever want autonomous systems to be a “black box” – operating entirely independently, without the ability for security teams to even have an overview of the actions it’s taking, or why. Even if a human is confident that they will never have to intervene with the system, they will still always want oversight. Consequently, as autonomous systems improve over time, an emphasis on transparency will be important. This has led to a recent drive in explainable artificial intelligence (XAI) that uses natural language processing to explain to a human operator, in basic everyday language, why the machine has taken the action it has.
These four models all have their own unique use cases, so no matter what a company’s security maturity is, the CISO and the security team can feel confident leveraging a system’s recommendations, knowing it makes these recommendations and decisions based on microanalysis that goes far beyond the scale any single individual or team can expect of a human in the hours they have available. In this way, organizations of any type and size, with any use case or business need, will be able to leverage AI decision-making in a way that suits them, while autonomously detecting and responding to cyberattacks and preventing the disruption they cause.

About the Author
As VP of Product at Darktrace, Dan Fein has helped customers quickly achieve a complete and granular understanding of Darktrace’s product suite. Dan has a particular focus on Darktrace email, ensuring that it is effectively deployed in complex digital environments, and works closely with the development, marketing, sales, and technical teams. Dan holds a bachelor’s degree in computer science from New York University.

Copyright © 2023 Informa PLC Informa UK Limited is a company registered in England and Wales with company number 1072954 whose registered office is 5 Howick Place, London, SW1P 1WG.

source

Official websites use .mil
Secure .mil websites use HTTPS

Typically, when people hear that someone works in cyber, they think of someone in a dark room, wearing a hoodie, hacking into a computer system. While this is a great visual for movies, this is not indicative of what working in cyber is in real life. 
There are hundreds of jobs that revolve around cyber. So many so, that currently there are about 700,000 cyber job openings in the United States alone – and that number continues to grow every day! 
This Cyber Security Awareness Month, we at CISA want to help you to #SeeYourselfInCyber. These jobs are not just for those that are “good with computers." They are a great fit for those from every background! To learn more about different cyber careers, check out CISA's Cybersecurity Career Cards. 

Training doesn't always take place in a classroom. That's why we like to think outside of the box and offer both traditional and non-traditional training opportunities to keep our nation's cyber workforce at the top of its game. These trainings include competitions, webinars, and hands-on labs. Check out CISA's Cybersecurity Career Resources to enhance your cyber career now: 
This Cybersecurity Awareness Month, take some time to explore all the amazing opportunities a cybersecurity career can offer and ask yourself, “How do I see myself in cyber?" 

source

Michigan Attorney General Dana Nessel speaks during a Democratic Attorneys General Association virtual press conference on Jan. 19, 2023.Screenshot | Zoom
Michigan residents are urged to be aware of potential scams and cybersecurity risks related to internet gaming sites after a recent cyber-attack hit popular sites like DraftKings, FanDuel, and BetMGM.
On Wednesday, Feb. 8, Attorney General Dana Nessel used the upcoming Super Bowl to remind users to stay alert with their finances, and what to do if they suspect their personal data has been stolen.
“This data breach is another reminder to always monitor your bank accounts, credit reports, and credit card statements,” Nessel said in a prepared statement. “Bad actors are always looking for new ways to rob you of your identity and your savings, and the Super Bowl is no exception.”
DraftKings has disclosed that more than 67,000 customers had their personal information exposed. The data included names, addresses, phone numbers, email addresses, profile photos and the last four digits of customer’s payment card. Information not believed to be affected include social security numbers, driver’s license information or financial account numbers.
Related: Former Flint police chief avoids trial, pleads no contest in illegal gambling case
FanDuel Sportsbook also notified customers that the breach exposed their names and email addresses, but no further information.
BetMGM stated the breach resulted in the release of some names, postal addresses, emails, telephone numbers, birthdays, hashed Social Security numbers, account IDs, and transaction data. They said their passwords and account funds were not accessed.
Residents whose information was accessed should be notified by the affected company. Nessel’s office recommends saving all notices and following their recommended steps.
Users should also consider changing all exposed passwords, as well as login information for other sites that use the same password. Setting up a two-step or multi-factor authentication requirement is another good strategy for additional protection.
They should also monitor their financial accounts and credit reports for unusual activity.
“The ease of online betting may cause consumers to forget they are gambling with real money,” said Nessel. “Protect yourself and your livelihood by protecting your personal information, only betting on licensed platforms, and setting limits for how much you spend.”
Residents can report illegal or suspicious gambling activity to the Michigan Gaming Control Board by calling 888-314-2682 and leaving an anonymous tip.
If you or someone you know has a gambling problem, contact the Michigan Problem Gambling Helpline at 1-800-270-7117. The helpline is confidential and offers trained counselors available 24-7 to provide immediate help, including screening services and referrals to treatment or support groups.
Read more on MLive:
Didn’t read Whitmer’s budget? Here’s 7 things you might have missed.
What is ‘He Gets Us?’ Michigan agency behind $20M Super Bowl ad for Jesus
Whitmer’s budget proposes funding increases in every aspect of Michigan education
If you purchase a product or register for an account through one of the links on our site, we may receive compensation.
Use of and/or registration on any portion of this site constitutes acceptance of our User Agreement, Privacy Policy and Cookie Statement, and Your Privacy Choices and Rights (each updated 1/26/2023).
Cookie Settings/Do Not Sell My Personal Information
© 2023 Advance Local Media LLC. All rights reserved (About Us).
The material on this site may not be reproduced, distributed, transmitted, cached or otherwise used, except with the prior written permission of Advance Local.
Community Rules apply to all content you upload or otherwise submit to this site.
YouTube’s privacy policy is available here and YouTube’s terms of service is available here.
Ad Choices

source

An official website of the United States government
Here’s how you know
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search
Note: This Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and various ransomware threat actors. These #StopRansomware advisories detail historically and recently observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. Visit stopransomware.gov to see all #StopRansomware advisories and to learn about other ransomware threats and no-cost resources.
The United States National Security Agency (NSA), the U.S. Federal Bureau of Investigation (FBI), the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the U.S. Department of Health and Human Services (HHS), the Republic of Korea (ROK) National Intelligence Service (NIS), and the ROK Defense Security Agency (DSA) (hereafter referred to as the “authoring agencies”) are issuing this joint Cybersecurity Advisory (CSA) to highlight ongoing ransomware activity against Healthcare and Public Health Sector organizations and other critical infrastructure sector entities.
This CSA provides an overview of Democratic People’s Republic of Korea (DPRK) state-sponsored ransomware and updates the July 6, 2022, joint CSA North Korean State-Sponsored Cyber Actors Use Maui Ransomware to Target the Healthcare and Public Health Sector. This advisory highlights TTPs and IOCs DPRK cyber actors used to gain access to and conduct ransomware attacks against Healthcare and Public Health (HPH) Sector organizations and other critical infrastructure sector entities, as well as DPRK cyber actors’ use of cryptocurrency to demand ransoms.
The authoring agencies assess that an unspecified amount of revenue from these cryptocurrency operations supports DPRK national-level priorities and objectives, including cyber operations targeting the United States and South Korea governments—specific targets include Department of Defense Information Networks and Defense Industrial Base member networks. The IOCs in this product should be useful to sectors previously targeted by DPRK cyber operations (e.g., U.S. government, Department of Defense, and Defense Industrial Base). The authoring agencies highly discourage paying ransoms as doing so does not guarantee files and records will be recovered and may pose sanctions risks.
For additional information on state-sponsored DPRK malicious cyber activity, see CISA’s North Korea Cyber Threat Overview and Advisories webpage.
Download the PDF version of this report: pdf, 661 kb.
For a downloadable copy of IOCs, see
TECHNICAL DETAILS
Note: This advisory uses the MITRE ATT&CK for Enterprise framework, version 12. See MITRE ATT&CK for Enterprise for all referenced tactics and techniques.
This CSA is supplementary to previous reports on malicious cyber actor activities involving DPRK ransomware campaigns—namely Maui and H0lyGh0st ransomware. The authoring agencies are issuing this advisory to highlight additional observed TTPs DPRK cyber actors are using to conduct ransomware attacks targeting South Korean and U.S. healthcare systems.
The TTPs associated with DPRK ransomware attacks include those traditionally observed in ransomware operations. Additionally, these TTPs span phases from acquiring and purchasing infrastructure to concealing DPRK affiliation:
Actors also likely spread malicious code through Trojanized files for “X-Popup,” an open source messenger commonly used by employees of small and medium hospitals in South Korea [T1195].
The actors spread malware by leveraging two domains: xpopup.pe[.]kr and xpopup.com. xpopup.pe[.]kr is registered to IP address 115.68.95[.]128 and xpopup[.]com is registered to IP address 119.205.197[.]111. Related file names and hashes are listed in table 1.
Note: These mitigations align with the Cross-Sector Cybersecurity Performance Goals (CPGs) developed by CISA and the U.S. National Institute of Standards and Technology (NIST). The CPGs provide a minimum set of practices and protections that CISA and NIST recommend all organizations implement. CISA and NIST based the CPGs on existing cybersecurity frameworks and guidance to protect against the most common and impactful threats, tactics, techniques, and procedures. For more information on the CPGs, including additional recommended baseline protections, see cisa.gov/cpg.
The authoring agencies urge HPH organizations to:
In addition, the authoring agencies urge all organizations, including HPH Sector organizations, to apply the following recommendations to prepare for and mitigate ransomware incidents:
If a ransomware incident occurs at your organization:
Stairwell provided a YARA rule to identify Maui ransomware, and a Proof of Concept public RSA key extractor at the following link:
https://www.stairwell.com/news/threat-research-report-maui-ransomware/
The FBI is seeking any information that can be shared, to include boundary logs showing communication to and from foreign IP addresses, bitcoin wallet information, the decryptor file, and/or benign samples of encrypted files. As stated above, the authoring agencies discourage paying ransoms. Payment does not guarantee files will be recovered and may embolden adversaries to target additional organizations, encourage other criminal actors to engage in the distribution of ransomware, and/or fund illicit activities. However, the agencies understand that when victims are faced with an inability to function, all options are evaluated to protect shareholders, employees, and customers.
Regardless of whether you or your organization decide to pay a ransom, the authoring agencies urge you to promptly report ransomware incidents using the contact information above.
NSA, FBI, CISA, and HHS would like to thank ROK NIS and DSA for their contributions to this CSA.
The information and opinions contained in this document are provided “as is” and without any warranties or guarantees. Reference herein to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not constitute or imply its endorsement, recommendation, or favoring by the United States Government, and this guidance shall not be used for advertising or product endorsement purposes.
Microsoft Threat Intelligence Center is a registered trademark of Microsoft Corporation. Apache®, Sonicwall, and Apache Log4j are trademarks of Apache Software Foundation. TerraMaster Operating System is a registered trademark of Octagon Systems.
This document was developed in furtherance of the authors’ cybersecurity missions, including their responsibilities to identify and disseminate threats, and to develop and issue cybersecurity specifications and mitigations. This information may be shared broadly to reach all appropriate stakeholders.
System administrators should refer to the SonicWall Security Advisories in the reference section to determine affected applications/systems and appropriate fix actions.
Support for 9.0.0 firmware ended on 10/31/2021. Customers still using that firmware are requested to upgrade to the latest 10.2.x versions.
The IOC section includes hashes and IP addresses for the Maui and H0lyGh0st ransomware variants—as well as custom malware implants assumedly developed by DPRK cyber actors, such as remote access trojans (RATs), loaders, and other tools—that enable subsequent deployment of ransomware. For additional Maui IOCs, see joint CSA North Korean State-Sponsored Cyber Actors Use Maui Ransomware to Target the Healthcare and Public Health Sector.
Table 2 lists MD5 and SHA256 hashes associated with malware implants, RATs, and other tools used by DPRK cyber actors, including tools that drop Maui ransomware files.
Table 3 lists MD5 and SHA256 hashes are associated with Maui Ransomware files.
Table 4 lists MD5 and SHA256 hashes associated with H0lyGh0st Ransomware files.
Df0c7bb88e3c67d849d78d13cee30671b39b300e0cda5550280350775d5762d8
* from Microsoft blog post on h0lygh0st
NSA Client Requirements / General Cybersecurity Inquiries: CybersecurityReports@nsa.gov
Defense Industrial Base Inquiries and Cybersecurity Services: DIB_Defense@cyber.nsa.gov
To report incidents and anomalous activity related to information found in this Joint Cybersecurity Advisory, contact CISA’s 24/7 Operations Center at Report@cisa.gov or (888) 282-0870 or your local FBI field office at www.fbi.gov/contact-us/field. When available, please include the following information regarding the incident: date, time, and location of the incident; type of activity; number of people affected; type of equipment used for the activity; the name of the submitting company or organization; and a designated point of contact.
Media Inquiries / Press Desk:

source

The Home of the Security Bloggers Network
Home » Security Bloggers Network » How to Transition From IT to Cyber Security
Moving from a general IT role into cyber security; a challenging thought? Perhaps not. 
You may think you might have to go back to University to get a degree in cyber security, or only take an entry-level role, but this isn’t necessarily the case. With the current skills gap in cyber security at an all-time high, employers look to other types of candidate to fill roles. 
There are plenty of things you can do to set yourself apart from the crowd, and take that leap from general IT into a cyber security career. 
Let’s take a look at how you can set yourself up for success… 
Education/Qualifications 
You worked hard to get where you are in your IT career, so going back to school might not seem too appealing. Depending on your level of experience and life circumstances, you probably won’t have to. Only 33% of the cyber work force in the UK have a specialist degree in cyber security, whereas 30% have a general Computer Science/IT degree, so you probably won’t need to start saving up to buy books off a new reading list anytime soon. In fact, 27% of cyber security workers come from non-cyber security related backgrounds, so having experience in IT stands you in good stead.  
What might be more beneficial is looking at gaining some cyber security certifications. We’ve got an extensive list of the best certifications to hold here. Take a look at what type of certification would suit you at your current skill level. You’re not going to be jumping into the CISSP straight away, but there are plenty of options available, which are less costly and time consuming than going back to university. 
It’s also worth looking at short courses, as some institutions offer cyber security boot camps, which could help boost you on your path from general IT into cyber security.  
Make sure you start researching which branch of cyber security you’d like to pursue. Here’s a handy tool from the UKCSC about the various career paths available within cyber security. Take a look at the skills you need for your chosen niche. These might be risk assessment and management, cryptography, security operations, information assurance, authentication, Linux, information systems, digital forensics, coding languages, and more.  Being able to demonstrate your knowledge in the desired areas will help you bag that cyber security role. 
Transferable Skills 
Having an IT background means you have plenty of technical and ‘soft’ skills that will translate well into a cyber security role. Some of these may include: an understanding of the industry, network systems and database management, knowledge of commonly used terminology and data privacy, an understanding of cyber security across various tech platforms and devices, coding skills, problem-solving, presentation skills, attention to detail, teamwork, communication, a desire to learn, logical and analytical thinking, interpersonal skills…the list goes on. 
You’re probably able to tick more of those boxes than you imagined. What you need to do now is demonstrate these in your current role, and document examples of when you have used these skills. Create as much evidence as possible of how you possess transferable skills, and this will set you apart from other candidates. You don’t want to leave a mid-level or senior IT role for an entry-level cyber security role, so the more you can build a case for yourself, the better. It’s of note that with any change in career, you likely won’t take a sidestep in pay and responsibility, but if you can reduce the drop in level of role, you can minimise the impact on your career and personal life. 
Hands-on experience 
You’ve got plenty of hands-on experience in IT and tech, so why not just reroute this a little? Use your current role as a spring board, and get in touch with the security and privacy departments at your organisation. If you start to take on some junior-level tasks for them, you’ll gather some great new skills and hands-on cyber security experience. If you catch their eye, it might also be a great internal route into a new cyber security role. 
You could also try volunteering, or creating a project at home. This is still good evidence to add to your portfolio. 
Research and explore the industry 
At this stage, you need to be a sponge. Stay up to date on relevant cyber security news and publications. Attend webinars, listen to podcasts, and try to join the cyber workforce community. Ever been to a hackathon? Now might be the time to start. You should be able to hold an intelligible conversation about the latest security innovations if you’re going to impress your interviewer when going for a cyber security role. If you can do this, you’ll demonstrate your passion for the industry, and boost your profile above those who haven’t bothered to put the work in. 
Another useful tool for you to use is CyberSeek – a resource for gaining information on careers in cyber security, how to start or advance your career in cyber security, and regional demand for cyber professionals in your community. Knowledge is power! 
Make yourself as attractive a candidate as possible, and the challenging feat of transitioning from general IT to cyber security won’t be such an uphill struggle anymore. 
Want some career advice? Looking for a cyber security role? Ready to take the leap? Get in touch with one of our Cyber Security Recruitment Specialists today to see how we can help. 
*** This is a Security Bloggers Network syndicated blog from Focus on Security authored by Rachel Stoward. Read the original post at: https://focus-on-security.org/how-to-transition-from-it-into-cyber-security/
More Webinars

source

Cybersecurity professionals are in such high demand that they can land six-figure salaries after graduation and advance to roles that pay nearly $1 million. And the field is rapidly expanding: The number of unfilled cybersecurity jobs grew 350% between 2013 and 2021, according to Cybersecurity Ventures, which covers the global cyber economy. While it’s not mandatory to have a bachelor’s, master’s, or Ph.D. degree to work in cybersecurity, it can certainly help—and there’s a way to obtain a degree for free—thanks to the federal government.
Through the CyberCorps: Scholarship for Service Program, the federal government pays for a person’s education in exchange for committing to work for the federal government or a state, local, tribal, or territorial government in cybersecurity—so long as it’s an equal length of time as their schooling took.
“You will get all tuition paid without [us] asking how much it is,” says Victor Piotrowski, CyberCorps’ lead program director at the National Science Foundation (NSF). “There is no limit. We pay all tuition, all fees. Then we provide you with a cash stipend.”
Additionally, the program offers living stipends of $25,000 per year for undergraduate students and $34,000 for graduate students. Participants can also receive $6,000 for professional development. If that sounds enticing, read on to learn how the CyberCorps program works.
Founded in the waning days of the Bill Clinton administration by presidential directive, CyberCorps was created to address the growing need for cybersecurity professionals working in the federal government. And as the world has become increasingly digital, cybersecurity demands have only expanded. One-third of federal cybersecurity roles are currently unfilled, according to Piotrowski.
CyberCorps is a partnership between the NSF, the Department of Personnel Management and the Department of Homeland Security. Each year, colleges and universities across the country apply to take part in the program. Out of the dozens of schools that apply each year, only about eight to 10 are awarded between $3 million and $5 million to establish a five-to-six-year program. Presently, roughly 900 students are active in the program at 94 participating universities.
Instead of applying to the NSF, students who wish to take part in the program apply at one of the 94 schools that currently has a CyberCorps grant. To be a part of the program, students sign a legal agreement with the federal government to exchange their schooling for work after graduating.
Once enrolled in the program, students maintain a current resume in CyberCorps’ databases. Hiring managers at different governmental agencies have access to those resumes for recruiting purposes. “Students, when they are still in school, create connections with the agencies to have internships, then when they graduate, they choose,” Piotrowski says. “They can go anywhere they want.”
While a student who graduates from the CyberCorps program has an obligation to repay the government with service, Piotrowski says it doesn’t have to start right away.
“When a student graduates, [they] have 18 months to start working on their obligation. They don’t have to start the day after graduation,” he says. “The bottom line is your commitment is not for life. Your commitment is for maximum three years.”
After the conclusion of their paid government service, CyberCorps grads can opt to stay at their current organization or move on to another job.
Still, there are a small handful of graduates who change their minds about working for the federal government. Those individuals must pay back the government for their schooling, which averages $55,000 per year for undergrad. Students who don’t complete their program must also pay back money.
Piotrowski says that even if graduates wish to work for Google or another company, it makes sense for them to fulfill their government commitment first, stating that they will make more money in the long run and gain government connections and contracts. The only downside of working in cybersecurity for the government, Piotrowski says, is employees must undergo background checks and he stresses the importance of being honest in answering the government’s questions.
“We have students that tried every possible drug in high school, and we still enrolled them, because the important thing is that [the drug use is] in the past,” Piotrowski says.
Many CyberCorps grads end up working at the National Security Agency; 740 CyberCorps grads have worked for the NSA, by Piotrowski’s count.
“As we’re recruiting at those universities, we are … looking for those CyberCorps students that owe back a commitment of service to the United States government,” says Dave Luber, deputy director of cybersecurity for NSA, adding that he sometimes sits in on Ph.D. dissertations of students in the program. “It’s a good opportunity to track their progress throughout their university work before they join the NSA.”
Even for those graduates who don’t want to work for the NSA, there are a wide variety of options open to them. In a report to Congress last year, CyberCorps listed more than 700 types of positions within the federal government that related to cybersecurity.
“Cybersecurity is one of the most dynamic interesting professions,” Piotrowski says, noting the millions of open jobs and that only two of three cybersecurity positions at the federal level are currently filled. “That [ratio] will not get better in your lifetime.”
See how the schools you’re considering fared in Fortune’s rankings of the best master’s degree programs in data science (in-person and online), nursing, computer science, cybersecurity, psychology, public health, and business analytics, as well as the doctorate in education programs and MBA programs (part-time, executive, full-time, and online).

source

Sign in
A newsletter briefing on cybersecurity news and policy.
with research by Vanessa Montalbano
A newsletter briefing on cybersecurity news and policy.
Welcome to The Cybersecurity 202! No idea if any of this is deserved, but if you like a good scathing music review, here you go.
Reading this online? Sign up for The Cybersecurity 202 to get scoops and sharp analysis in your inbox each morning.
Below: U.S. officials link the Chinese spy balloon to a vast aerial surveillance operation, and scammers pose as charities trying to help Turkey and Syria after Monday’s earthquakes. First: 
President Biden used his State of the Union address Tuesday evening to discuss some cyber-related topics like online privacy, but he steered clear of addressing cyber directly.
It’s part of a recent trend in the annual speech — which is widely seen as a signal of every White House’s priorities — where the subject usually hasn’t been explicitly mentioned. 
Biden devoted just two paragraphs to online privacy, and largely focused on privacy for children online. “It’s time to pass bipartisan legislation to stop Big Tech from collecting personal data on our kids and teenagers online, ban targeted advertising to children, and impose stricter limits on the personal data the companies collect on all of us,” Biden said in his speech. 
Those subjects do relate to cybersecurity, as Cliff Steinhauer, director of information security and engagement at the nonprofit National Cybersecurity Alliance, told me: “If you aren’t collecting Social Security numbers, you don’t have to protect Social Security numbers. If you’re not collecting location data, then you don’t have potential location data that you can lose. So, absolutely, it becomes safer not to take that information in the first place because it becomes very difficult to protect it.” 
The presence of some marginally cyber-related material, though, didn’t fully satisfy some cyber experts. They would’ve liked to see some more head-on State of the Union talk on cyber from the president.
“It’s disappointing,” Alex Santos, CEO of the critical infrastructure protection-focused firm Fortress Information Security, told me. “At the same time, [the speech is] arguably a performance and maybe the public isn’t as interested in that issue as some of the headline issues.”
The new chairman of the House Homeland Security Committee was less understanding of the Democratic president’s omission.
“President Biden didn’t so much as utter the word cybersecurity once in his remarks tonight,” said Rep. Mark Green (R-Tenn.) in a news release. “Cyberthreats from criminal actors and nation-state adversaries are a preeminent national security threat of our time. Given the magnitude of the cyberthreat landscape, I strongly believe cybersecurity must be a priority. But this clear void in his speech is nothing new.” 
In his speech, Biden touted the need for privacy, health and safety online, especially for children using social media platforms.
Children are “subject to the platforms’ excessive data collection vacuum, which they use to deliver sensational and harmful content troves of paid advertising,” a fact sheet from the administration reads.
Social media platforms and other digital service providers need to prioritize safety-by-design over profit, Biden said. On the cyber side, the Cybersecurity and Infrastructure Security Agency has similarly been touting safety and security-by-design.
The fact sheet also addressed data collection practices:
Industry organizations, like the Information Technology Industry Council, and tech advocacy groups, like Fight for the Future, used the occasion of Biden’s speech to call for passage of long-stalled federal privacy legislation. 
Biden also mentioned the need to “crack down on identify fraud by criminal syndicates stealing billions of dollars from the American people.”
And Biden made an allusion to alleged Chinese spying, referencing the balloon the U.S. military shot down over the weekend. But he didn’t mention Chinese hacking and cyberespionage, which experts say pose a significant threat.
“Make no mistake: As we made clear last week, if China threatens our sovereignty, we will act to protect our country,” he said. “And we did.”
The recent history of State of the Union mentions of “cyber” is hit-or-miss.
Even though this year’s speech didn’t mention cybersecurity, that doesn’t mean the Biden administration is doing nothing on cyber. Nor does the lack of cyber mentions in prior administrations’ State of the Union speeches mean they didn’t do anything on the subject. 
The White House is preparing the forthcoming national cybersecurity strategy, which will lay out a blueprint for approaching cybersecurity — and is set to embrace the role of regulation in boosting America’s cyberdefenses. 
Cybersecurity work by the White House and CISA is important, said Steinhauer, whose organization promotes safe use of technology and partnership between government and industry. (CISA and Steinhauer’s organization partner on initiatives such as National Cybersecurity Awareness Month.)
But the group also talks about creating a culture of security and a culture of privacy, he noted.
“We say it all the time that it starts at the top of the organization,” Steinhauer said. “I would definitely like to see the president talk about that” in a speech like the State of the Union, he said.
The U.S. intelligence community on Tuesday linked the Chinese spy balloon that was shot down Saturday to a vast surveillance program run by the People’s Liberation Army that has for years collected information on military assets in several countries and areas of strategic interest, Ellen Naskashima, Shane Harris, John Hudson, and Dan Lamothe report for The Washington Post. 
One official acknowledged that while they still are unsure of the size of the balloon fleet, there have been “dozens” of missions since 2018. The balloon that was shot down Saturday is the fifth one to be identified over U.S. territory in recent years. 
Biden directed sensitive sites to be protected from spying, “which was straightforward because we could track the path of the balloon and ensure no sensitive activities or unencrypted communications would be conducted in its vicinity,” National Security Council spokesman John Kirby said. The Biden administration “turned the tables on China and collected against the balloon” to “learn more about China’s capabilities and tradecraft,” Kirby said. 
Some of the balloons have electrooptical sensors or digital cameras that can capture highly precise images, officials said. They also have the ability to transmit radio signals, they said.
As part of a broader misinformation campaign, the Kremlin is supporting actors that impersonate international media outlets, according to a new study published Tuesday by the European Union’s External Action Service, Bloomberg News reports. 
The operations targeting print and TV media have become more sophisticated since Russia invaded Ukraine nearly a year ago, with magazines in particular seeing their style mimicked to give a sense of legitimacy to the content mostly targeting Ukraine.  
“We have plenty of evidence that Russia is behind coordinated attempts to manipulate public debates in open societies,” E.U. foreign policy chief Josep Borrell said in a speech Tuesday.
The new evidence of information manipulation comes as the “E.U. is struggling to counter Russian disinformation efforts, which officials have said is aimed at undermining the bloc’s unity in supporting Ukraine,” Bloomberg News reports. The report added that the scheme is also intended to distract audiences, deflect blame or direct attention to different topics. 
Less than 24 hours after two massive earthquakes killed more than 11,000 people and injured tens of thousands of people, cybercriminals have begun targeting global efforts to provide aid to victims, according to Bitdefender’s Alina Bizga.
The scam, identified by the Bitdefender Antispam Lab, involves a fake Ukrainian charity foundation seeking money to send to those impacted by the natural disaster, with alleged representatives reaching out to people via email. 
The lab found that a majority of the scam messages were traced back to IP addresses in Pakistan. 
The fake charity, dubbed the Wladimir Foundation, was originally established to target donations to assist those enduring the war in Ukraine. It had been operating as recently as Dec. 29, 2022, according to the lab.
“Fraudsters always try to advantage of individuals’ vulnerabilities and feelings after natural disasters strike, exploiting the empathy of the online community to steal personal info and money,” Bizga writes. “While these insidious acts are nothing new, they can be quite effective in stealing money from unwary and kindhearted individuals.” 
Russian crypto exchange exec pleads guilty to laundering Ryuk ransomware funds (The Record)
Florida state court system, US, EU universities hit by ransomware outbreak (Reuters)
After Hive takedown, could the LockBit ransomware crew be the next to fall? (CyberScoop)
Medusa botnet returns as a Mirai-based variant with ransomware sting (Bleeping Computer)
pic.twitter.com/xnAhGIy67M
Thanks for reading. See you tomorrow.

source

September 19, 2022
BATON ROUGE – Cybersecurity jobs are among the fastest growing careers nationwide. To meet this critical demand across every industry, having the top cybersecurity experts to train the next generation of information security analysts and cyber professionals is a priority at LSU.
In recognition and support of this priority, the state granted $5 million this past legislative session for LSU’s cybersecurity and defense programs in Baton Rouge and Shreveport. LSU Alexandria also has announced its Technovation Center for cyber and defense with support from Louisiana Economic Development. The state’s investment has made the expansion of LSU’s cybersecurity research resources and faculty possible. As a result of this prioritization, two of the nation’s top cybersecurity experts have joined LSU’s faculty.
– William F. Tate IV, LSU President
Ibrahim “Abe” Baggili is LSU Department of Computer Science & Cybersecurity Professor in the LSU College of Engineering and Center for Computation & Technology and Aisha Ali-Gombe is an associate professor in the LSU Department of Computer Science & Engineering and the Center for Computation & Technology.
– Photo: Katherine Seghers, LSU
Ibrahim “Abe” Baggili has joined LSU’s faculty as an LSU Department of Computer Science & Cybersecurity Professor in the LSU College of Engineering and Center for Computation & Technology. He was the former director of the Connecticut Institute of Technology and the Elder Family Endowed Chair at the University of New Haven, where he secured over $7 million in research funding, helped more than double enrollment in computing programs and led the university to become one of only 21 in the nation to be designated by the National Security Agency as a Center of Academic Excellence in Cyber Operations, or CAE-CO. 
Baggili leads an extensive cybersecurity and forensics research and outreach agenda and has received multiple national and international awards. He received all of his higher education degrees, including his Ph.D. in technology, from Purdue University. He is a first-generation college graduate and is originally from Jordan and is fluent in Arabic.
“President Tate’s bold vision for defense and cybersecurity is critical to compete in this fast-paced and evolving field. LSU’s cyber vision synchronizes well with my own aspirations. I joined because I could see limitless potential at LSU. I have no doubts in my mind that with the right leadership support and accomplished faculty and students, we are on our way towards becoming the preeminent cybersecurity program both nationally and internationally. I am here to be part of this vision and to make it a reality,” Baggili said.
Aisha Ali-Gombe has joined LSU’s faculty as an associate professor in the LSU Department of Computer Science & Engineering and the Center for Computation & Technology. She was an assistant professor at Towson University in Maryland. She received her Ph.D. in computer science with a concentration in information assurance from the University of New Orleans. She received her Bachelor of Science degree in computer science from the University of Abuja in Nigeria and her master’s degree in business administration specializing in entrepreneurship and venture creation from Bayero University Kano in Nigeria. She is one of the few Black female cybersecurity researchers with a Ph.D. at a Carnegie-designated research-intensive university. 
“I’ve always had a close relationship with LSU – as a postdoc and a visiting research scientist. But with President Tate’s unveiling of the APECS initiative in March, I knew it’s time. It’s time to give back to the community that made me. Having been a critical backbone of another top CAE-CO school and my wealth of experience in system security pedagogy and research, I am confident we can actualize the president’s vision of making Louisiana a national leader in cyber workforce development, industry collaboration and scholarship,” Ali-Gombe said.
For more information on LSU’s defense/cybersecurity priority, please visit https://lsu.edu/president/priorities/defense.php.  
 
POPULAR SEARCHES:

source