Cyber
The Next Frontier
Become part of a critical layer of cyber defense. Cybersecurity positions will make up 45% of all US tech job openings.
The National Security Agency designated the University of Arizona's Cyber Operations program as a Center of Academic Excellence in Cyber Operations (CAE-CO). With this designation, UA joins an extremely exclusive group of only 24 cyber programs in the nation. The NSA's CAE-CO designation demonstrates that UA's Cyber Operations program meets the most demanding academic and technical requirements.
The Bachelor of Applied Science in Cyber Operations prepares graduates for cyber-related occupations in defense, law enforcement, and private industry.
Our curriculum includes both offensive and defensive cyber security content delivered within our state-of-the-art Virtual Learning Environment to ensure our students have extensive hands-on experiences to develop the knowledge, skills, and abilities necessary to succeed after they graduate.
Cyber
Engineering
Defense
& Forensics
Cyber Law
& Policy
Program News
DoD Cyber Scholarship Program (CySP)
The DoD CySP is a yearly scholarship program aimed at Juniors and Seniors pursuing a bachelor’s degree in cyber-related academic disciplines. The CySP is a 1-year scholarship, which grants selected Cyber Scholars tuition and mandatory fees (including health care), funding for books, a $25K annual stipend, and guaranteed employment with a DoD agency upon graduation.Cyber News
How an Iranian-linked influence campaign pivoted after Oct. 7 attack on Israel
In recent days, a purportedly pro-Israeli Telegram channel called “Tears of War” has posted dozens of messages. Interspersed with heartfelt posts pushing for the return of hostages taken as part of the Oct. 7 Hamas assault, a narrative thread is quite clear: The Israeli government is to blame for the ongoing suffering of hostages’ family members, and decisions made by Prime Minister Benjamin Netanyahu, in particular, have sabotaged any chance at a ceasefire.
The narrative builds on broader news Monday that Hamas had agreed to an Egyptian and Qatari proposal for a ceasefire and hostage release, even as the Israeli government said the deal did not go far enough and pressed ahead with a controversial military assault in the southern Gaza city of Rafah.
Tears of War is most likely an Iranian-linked persona, exposed months ago by researchers and the Israeli government as a tool used to inflame tensions within Israel.
But this week’s messages, relentlessly hammering the narrative, represent part of the third stage of what Recorded Future’s Insikt Group said Wednesday is a yearslong Iranian-aligned influence operation it tracks as Emerald Divide.
Dating to 2021, the operation is working to “psychologically manipulate Israeli citizens to take real-world actions that exacerbate ideological divisions within Israeli society and undermine the Israeli government,” Sean Minor, senior threat intelligence analyst at Insikt Group, said in a new analysis shared exclusively with CyberScoop.
Emerald Divide can “dynamically shift influence operations” by continually adopting “new and innovative influence tactics and techniques,” Minor wrote, including using digital emailing campaigns hosted on a crowdfunding platform, social media reference landing pages, a geographic web-mapping platform and employing artificial intelligence-generated deepfakes, “likely increasing the ability to reach targeted audiences and drive engagement.”
Minor’s analysis tracks with previous broad observations that Iranian-linked cyber and influence operations were largely reactive in the immediate aftermath of Hamas’ Oct. 7 attack on Israeli targets. But now, seven months into what has turned into a grinding and devastating conflict, various Iranian-linked cyber and influence operations have adjusted and are using the conflict to further their respective goals.
The activity overlaps with operations tracked by Microsoft as Storm-1364. A February analysis from Microsoft’s Threat Intelligence Center highlighted the group’s ability to rapidly adjust on the fly.
“The speed at which Storm-1364 launched this campaign after the October 7 attacks highlights this group’s agility and points to advantages of influence-only campaigns, which may be faster to form because they do not need to wait on cyber activity of a cyber-enabled influence operation,” Microsoft said at the time.
Emerald Divide’s operation can be split into three phases that each have distinct objectives and corresponding narratives, according to Minor. The first phase sought to increase conflict between Israel’s ultra-Orthodox religious groups and the country’s LGBTQ+ community. The second aimed for political unrest by pitting those on the Israeli left versus those on the Israeli right, while the third and current phase sought to sow discontent among Israelis regarding the government response to the Hamas attacks.
Common through all three phases has been an ongoing shift to the messaging platform Telegram, likely in an attempt to avoid asset seizures or takedowns, Minor wrote. Another theme is the consistent use of generative AI, which “likely indicates advanced influence actors have adopted and implemented AI as a routine capability which will likely continue to improve over time with advances in technology as well as applying lessons learned through the repetition of operational employment.”
The group did have “limited” success in getting real people to participate in protests and other actions, Minor noted, which will “likely embolden” the operators who are trying to achieve objectives while obfuscating attribution and staying below the threshold of armed conflict.
“As the Israel-Hamas conflict continues, the campaign will also likely continue taking advantage of dynamic events related to Israel’s domestic political landscape to exploit corresponding psychological vulnerabilities,” Minor concluded. New developments within Israeli society will present opportunities for further Emerald Divide pivots, he said, such as legislative elections slated for October 2026.
The post How an Iranian-linked influence campaign pivoted after Oct. 7 attack on Israel appeared first on CyberScoop.
ONCD report: ‘Fundamental transformation’ in cyber, tech drove 2023 risks
Malicious hackers are exploiting emerging technologies that rapidly connect people, posing advanced cyber risks in a world where the digital and physical are increasingly interwoven, according to a report Tuesday from the Office of the National Cyber Director.
“We are in the midst of a fundamental transformation in our Nation’s cybersecurity,” National Cyber Director Harry Coker said in a statement accompanying the report. “We have made progress in realizing an affirmative vision for a safe, prosperous, and equitable digital future, but the threats we face remain daunting.”
The first-ever “Report on the Cybersecurity Posture of the United States,” required as part of the law that established Coker’s office, also identified the top trends of 2023 as evolving critical infrastructure risks, ransomware, supply chain exploitation, commercial spyware and artificial intelligence.
And it detailed progress on efforts to implement the Biden administration’s national cybersecurity strategy published last year, with the office deeming 33 of 36 initiatives completed on time under the administration’s implementation plan and another 33 with deadlines still to come.
The report arrives nearly five months into Coker’s tenure as the second national cyber director and three months after a watchdog report pointed to the need for improvements in how the office is implementing the national strategy. In an accompanying report Tuesday, Coker’s office released a second version of the national strategy implementation plan, adding 31 more initiatives.
“Complexity, interconnectivity, and competition” were the three main characteristics of 2023, according to the cyber posture report.
“Continued progress in digital communications, advanced computing, quantum information science, data storage and processing, and other critical and emerging technologies are rapidly increasing the complexity of our economy and society,” the report states. “These technologies also connect people around the world, enable the proliferation of cyber-physical systems, and create new dependencies between critical infrastructure and essential services across every sector.
“As this landscape evolves, malicious state and non-state actors are exploiting its seams with growing capability and strategic purpose, making clear that cyberspace is closely aligned with other domains of international conflict and competition,” it continues.
Critical infrastructure risks are exacerbated by nation-states showing a willingness to compromise systems that don’t have inherent value for espionage, according to the report. It mentioned the Chinese government-sponsored hacking group Volt Typhoon breaching systems that “could enable disruption of operational technology systems in critical infrastructure and interference with U.S. and allied warfighting capabilities” as an example of that kind of activity.
Ransomware attacks and costs showed signs of increasing in 2023, the report says. A growing reliance on third-party service providers was another 2023 risk, with incidents like the Okta breach allowing hackers to go after one third-party provider that gives them access to other potential victims, according to the report.
A growing market for commercial spyware is another major 2023 trend the report identified due to the tech’s ability to “offer world-class capabilities to the highest bidder.” And artificial intelligence large-language models offered more sophisticated tools to hackers who otherwise don’t have many resources, the report says.
The post ONCD report: ‘Fundamental transformation’ in cyber, tech drove 2023 risks appeared first on CyberScoop.
US, UK authorities unmask Russian national as LockBit administrator
The U.S. and British governments on Tuesday identified Dmitry Yuryevich Khoroshev as the leader, developer and administrator of the LockBit ransomware operation, one of the most prolific and profitable cybercriminal syndicates in recent years.
Khoroshev, a Russian national, has been LockBit’s main administrator and developer since at least September 2019 continuing through the present, U.S. federal prosecutors said in an indictment unsealed Tuesday. Since its inception, LockBit has been used in attacks against more than 2,500 targets in at least 120 countries, leading to at least $500 million in ransom payments to Khoroshev and his affiliates and “billions of dollars in broader losses, such as revenue, incident response, and recovery,” the Department of Justice said in a statement.
Khoroshev is charged with one count of conspiracy to commit fraud, extortion and related activity in connection with computers, one count of conspiracy to commit wire fraud, eight counts of intentional damage to a protected computer, eight counts of extortion in relation to confidential information from a protected computer, and eight counts of of extortion in relation to damage to a protected computer.
The charges carry a maximum penalty of 185 years in person, according to the DOJ.
Alongside the indictment, the U.S., British and Australian governments announced sanctions against Khoroshev. The U.S. State Department also announced a $10 million reward for any information leading to his arrest and/or conviction.
“As part of our unrelenting efforts to dismantle ransomware groups and protect victims, the Justice Department has brought over two dozen criminal charges against the administrator of LockBit, one of the world’s most dangerous ransomware organizations,” Deputy Attorney General Lisa Monaco said in a statement. “Working with U.S. and international partners, we are using all our tools to hold ransomware actors accountable — and we continue to encourage victims to report cyberattacks to the FBI when they happen. Reporting an attack could make all the difference in preventing the next one.”
Tuesday’s actions come a little more than two months after an international law enforcement operation seized parts of the LockBit infrastructure as part of “Operation Cronos.” As part of that operation, the U.S. government unsealed indictments against two Russian nationals for their alleged roles in facilitating LockBit attacks: Artur Sungatov and Ivan Gennadievich Kondratyev (also known as “Bassterlord”).
After the February operation, authorities teased that they knew the identity of the main administrator — the actual person behind the “LockBitSupp” persona that communicates with journalists and others online, and used LockBit’s website to share information about the operation.
LockBitSupp reconstituted some of the infrastructure after the disruption, and attempted to make it look like it was business as usual, even as observers said LockBit was reposting old victims and claiming they were new. The new site listed 44 new victims and 25 victim updates, according to the Secureworks Counter Threat Unit, the majority of which were genuinely new.
“Since Operation Cronos took disruptive action, LockBit has been battling to reassert its dominance and, most importantly, its credibility within the cybercriminal community,” Secureworks Counter Threat Unit VP Don Smith said in an email to CyberScoop. “The psychological element of the action taken by law enforcement was extremely effective, the group’s efforts to re-establish its previous reputation have not gone particularly well. Today’s unmasking of Dmitry Khoroshev aka LockBit Supp, demonstrates the ability of law enforcement to deny cybercriminals the safety blanket of anonymity and place them at risk of arrest and prosecution if they travel out with their home country.”
The weekend prior to the announcement, authorities in control of LockBit’s website hinted that more information about LockBitSupp’s identity was coming. When asked about the authorities’ looming announcement, LockBitSupp offered CyberScoop a simple reaction: “I don’t know,” he said via online chat. “I like it.”
The post US, UK authorities unmask Russian national as LockBit administrator appeared first on CyberScoop.
State Department wants ‘digital solidarity’ at center of tech diplomacy
SAN FRANCISCO — A U.S. State Department strategy document released Monday said the Biden administration aims to orient its cyber-diplomacy around the concept of “digital solidarity” to help partners and allies responsibly use technology and to help developing nations grow their economies.
The long-awaited strategy for how the United States will pursue its digital diplomacy goals reiterates Washington’s commitment to an open, interoperative internet but comes at a time when that idea has never been under greater threat, including in the United States, where a recently passed law aims to force ByteDance to divest from TikTok.
Nonetheless, American officials said Monday’s strategy document provides a blueprint for cracking down on malicious behavior online, assembling an international coalition to effectively govern digital technologies, and promote economic development.
In remarks at the RSA Conference in San Francisco, Secretary of State Antony Blinken described digital solidarity as the document’s “North Star.” Blinken said that while “‘move fast and break things’ is the literal opposite of what we try to do at the State Department,” technology diplomacy is key to promoting economic development, aiding other countries in responding to cyber attacks and harnessing technological innovation to tackle hard problems, like climate change.
Blinken pointed to the U.S. response to Russia’s invasion of Ukraine — when the U.S. government and tech companies collaborated to provide technological assistance to the government in Kyiv — as an example of how the United States can be more responsive in its technology diplomacy.
“That is digital solidarity in action, and it’s the kind of collaboration we want to scale and apply around the world,” Blinken said.
Monday’s strategy lays out four “action areas” for American diplomats to pursue. The document calls on the State department to promote and maintain an open inclusive and secure digital ecosystem; align their technology governance work with partners in a way that respects human rights; encourage responsible state behavior online, including by discouraging cyberattacks on critical infrastructure; and improve the cybersecurity and tech policy capacity of partner states.
The strategy does not break much new ground and mostly reiterates existing U.S. policy, but Nate Fick, the top cyber diplomat at the State Department, told reporters in San Francisco that the strategy offers an affirmative vision of what the internet might look like at a time when authoritarian states are increasingly censoring their domestic web, and countries in Europe are looking to controls on data flows to wrest back their technology ecosystem from both Chinese and American firms.
“It’s our obligation to provide a compelling choice,” Fick said.
Open internet advocates have described the move to force a TikTok divestiture as an abandonment of the United States’ commitment to an open internet, but Fick argued that TikTok represents a “sui generis” national security threat.
“It’s not a slippery slope to determine which platforms can and can’t be used in a free and open society,” he said.
To develop a positive American vision of a contemporary internet, the 54-page document provides a lengthy to-do list of thorny diplomatic problems with no clear solution in sight.
Among its goals are the crafting of a new international treaty regarding cybercrime. U.S. officials have been battling Russian and Chinese diplomats on this issue at the United Nations, where the Kremlin’s diplomats have sought passage of a broad cybercrime treaty that experts warn would severely undermine online rights.
The document calls on U.S. diplomats to step up their work in international standards bodies and to reinvigorate their work before the International Telecommunications Union, one such key standard body. U.S. diplomats are instructed to pursue “more action-oriented discussions at the UN” to promote responsible state behavior online and improve cyber capacity.
The document also calls on U.S. diplomats to encourage the free flow of data and an open internet and to counter what the document describes as many American partners’ growing embrace of “narratives of digital sovereignty and protectionism.” This includes a proposal by the European Union to certify the cybersecurity of cloud computing providers, an idea that has sparked intense criticism by some U.S. observers and the American technology industry.
Conflicts such as these gesture at the tension in the new strategy document. Around the world, governments are increasingly seeking greater control over technology in all its forms — whether that’s the data collected by online platforms or the supply chain for critical chips — and that often comes into conflict with the United States’ historical emphasis on an open internet, with U.S. technology firms providing its essential components.
China’s growing technological clout is challenging that model, and Monday’s strategy document can perhaps be most clearly understood as a summation of U.S. policy to counter Beijing’s influence on matters of technology and public policy. As 5G cellular technology was rolled out over the past decade, Chinese firms dominated its deployment, and Blinken said on Monday that this experience is informing the State Department’s efforts to promote the work of companies committed to an open web.
“We’ve learned in the 5G experience that we cannot be complacent and let strategic competitors dominate the technologies that form the backbone of the global economy and that determine how and where information flows,” Blinken said.
The post State Department wants ‘digital solidarity’ at center of tech diplomacy appeared first on CyberScoop.
Krebs, Luber added to Cyber Safety Review Board
The country’s first Cybersecurity and Infrastructure Security Agency director and the current head of the National Security Agency’s Cybersecurity Directorate are among four new additions to the Cyber Safety Review Board, the Department of Homeland Security announced Monday.
Chris Krebs, who served as CISA’s director from November 2018 until then-President Donald Trump fired him two years later, and the NSA’s David Luber will be joined by Katie Nickels, senior director of intelligence operations at Red Canary, and Jamil Jaffer, venture partner with the Paladin Capital Group and founder and executive director of the National Security Institute at George Mason University Scalia Law School.
Luber will take the place of Rob Joyce, his NSA predecessor, as the federal CSRB representative from the spy agency. Joyce has been asked to stay on the board as a private-sector member. Robert Silvers, undersecretary for policy at DHS, and Heather Adkins, vice president for security engineering at Google, will remain as chair and deputy chair, respectively, for a second term on the board.
Exiting the CSRB will be Katie Moussouris, founder and CEO of Luta Security, Chris Novak, co-founder and managing director at Verizon’s Threat Research Advisory Center, Tony Sager, senior vice president and chief evangelist at the Center for Internet Security, and Wendi Whitmore, senior vice president of Unit 42 at Palo Alto Networks.
“I can’t thank Katie, Chris, Tony, and Wendi enough for the outstanding contributions they’ve made as CSRB members. I am truly grateful for their service on the Board,” CISA Director Jen Easterly said in a statement. “I am also very pleased to welcome Jamil, Dave, Katie, and Chris to the Board. I know their cybersecurity expertise and experience will be instrumental in the continuing evolution of the CSRB as a catalyst for positive change in the cybersecurity ecosystem.”
Luber and Krebs, now the chief intelligence and public policy officer at Sentinel One, add federal heft to the occasionally embattled CSRB. Created by President Joe Biden via a 2021 executive order, the CSRB was formed to review major cybersecurity incidents but has faced criticism on Capitol Hill for lacking authorities and independence from the private sector.
But more recently, the CSRB delivered a withering report that blamed Microsoft’s lax corporate culture for a July 2023 breach by Chinese hackers, writing that “Storm-0558 was able to succeed because of a cascade of security failures” at the tech giant.
Other notable CSRB members include National Cyber Director Harry Coker, Federal CISO Chris DeRusha and CISA Executive Assistant Director Eric Goldstein, among others.
The post Krebs, Luber added to Cyber Safety Review Board appeared first on CyberScoop.