Cyber
The Next Frontier
Become part of a critical layer of cyber defense. Cybersecurity positions will make up 45% of all US tech job openings.
The National Security Agency designated the University of Arizona's Cyber Operations program as a Center of Academic Excellence in Cyber Operations (CAE-CO). With this designation, UA joins an extremely exclusive group of only 24 cyber programs in the nation. The NSA's CAE-CO designation demonstrates that UA's Cyber Operations program meets the most demanding academic and technical requirements.
The Bachelor of Applied Science in Cyber Operations prepares graduates for cyber-related occupations in defense, law enforcement, and private industry.
Our curriculum includes both offensive and defensive cyber security content delivered within our state-of-the-art Virtual Learning Environment to ensure our students have extensive hands-on experiences to develop the knowledge, skills, and abilities necessary to succeed after they graduate.
Cyber
Engineering
Defense
& Forensics
Cyber Law
& Policy
Program News
DoD Cyber Scholarship Program (CySP)
The DoD CySP is a yearly scholarship program aimed at Juniors and Seniors pursuing a bachelor’s degree in cyber-related academic disciplines. The CySP is a 1-year scholarship, which grants selected Cyber Scholars tuition and mandatory fees (including health care), funding for books, a $25K annual stipend, and guaranteed employment with a DoD agency upon graduation.Cyber News
Justice Department unveils charges against alleged LockBit developer
The U.S. Department of Justice revealed charges Friday against Rostislav Panev, a dual Russian and Israeli national, for his alleged role as a developer in the notorious LockBit ransomware group. Panev was arrested in Israel following a U.S. provisional arrest request and is currently awaiting extradition.
Authorities allege that Panev has been an instrumental figure in LockBit’s operations since its inception in 2019. As a developer, Panev is accused of designing malware code and maintaining the infrastructure used by gang members and its affiliates to conduct its attacks. LockBit has been tied to over 2,500 attacks in 120 countries, extracting more than $500 million in ransom payments and causing billions in losses to victims, including businesses, hospitals, and government agencies.
The arrest is part of a broader campaign by international law enforcement agencies to dismantle LockBit. In February, a coordinated operation led by the U.K.’s National Crime Agency in cooperation with the FBI and the U.S. Justice Department disrupted LockBit’s infrastructure, seizing websites and servers critical to its operations. These efforts significantly curtailed the group’s ability to launch further attacks and extort victims.
Panev is one of several individuals charged in connection with LockBit. Alongside him, other key figures have been indicted, including Dmitry Khoroshev, alleged to be “LockBitSupp,” the group’s primary creator and administrator. Khoroshev, still at large, is accused of developing the ransomware and coordinating attacks on an international scale. The State Department has offered a reward of up to $10 million for his capture.
Meanwhile, numerous members linked to LockBit remain fugitives, such as Russian nationals Artur Sungatov and Ivan Kondratyev, each facing charges for deploying ransomware against multiple industries globally. Mikhail Matveev, another alleged LockBit affiliate, is also at large, with a $10 million reward for his capture. Matveev was recently charged with computer crimes in Russia.
“As alleged by the complaint, Rostislav Panev for years built and maintained the digital weapons that enabled his LockBit coconspirators to wreak havoc and cause billions of dollars in damage around the world,” said Philip Sellinger, the U.S. Attorney for the District of New Jersey. “But just like the six other LockBit members previously identified and charged by this office and our FBI and Criminal Division partners, Panev could not remain anonymous and avoid justice indefinitely. He must now answer for his crimes. Today’s announcement represents another blow struck by the United States and our international partners against the LockBit organization, and our efforts will continue relentlessly until the group is fully dismantled and its members brought to justice.”
Panev’s lawyer, Sharon Nahari, told Israeli news outlet Ynet earlier this week that Panev was neither aware of nor complicit in the alleged schemes. An extradition hearing for Panev will be held in Israel next month.
You can read the full criminal complaint against Panev here.
The post Justice Department unveils charges against alleged LockBit developer appeared first on CyberScoop.
Study finds ‘significant uptick’ in cybersecurity disclosures to SEC
The introduction of new cybersecurity disclosure rules by the U.S. Securities and Exchange Commission has led to a significant uptick in the number of reported cybersecurity incidents from public companies, according to a leading U.S. law firm that specializes in finance and M&A activity.
Analysis by Paul Hastings LLP found that since the disclosure law went into effect in 2023, there has been a 60% increase in disclosures of cybersecurity incidents, and 78% of disclosures were made within eight days of discovery of the incident.
The regulations require public companies to disclose material cybersecurity incidents within four business days of determining their materiality, aiming to provide investors with timely and relevant information that could impact investment decisions.
Despite the increase in disclosures, less than 10% of disclosures detailed the material impacts of these incidents, revealing potential hesitancy or difficulty in assessing comprehensive impacts swiftly. Companies are often faced with the challenge of balancing detailed reporting with the protection of sensitive operation details, as the rules do not mandate disclosing specific technical details that could hinder remediation efforts.
Michelle Reed, co-chair of Paul Hastings’ data privacy and cybersecurity practice, said the hesitancy is likely because companies are disclosing very quickly, so as to not be penalized by the SEC for delayed disclosure.
“The coming year will be an interesting testing ground on how materiality in the cyber world ultimately shakes out,” Reed told CyberScoop.
The materiality clause has led to inconsistent outcomes among companies that have publicly disclosed a cybersecurity incident. For instance, the ransomware attack on automotive software provider CDK Global in June resulted in varying degrees of materiality disclosures. CDK’s parent company, Brookfield Business Partners, said in their July disclosure they did not “expect this incident to have a material impact” on their business despite paying a $25 million ransom.
Some other car dealerships also filed disclosures saying the attack on CDK negatively impacted their company, but stopped short of saying the incident caused a “material impact.”
Reed told CyberScoop these cases illuminate the ambiguity companies face in determining the depth of information necessary for reporting, while avoiding the disclosure of sensitive security measures that could exacerbate vulnerabilities and lead to lawsuits.
“Materiality is a sliding scale, weighing risk and likelihood of impact,” she said. “The exact same breach could happen to two different companies, and based on size of the company and effectiveness of their incident response, one may have to disclose and the other may not.”
An additional concern covered in the report is the prevalence of third-party breaches, which account for 1 in 4 incidents. The report points out this kind of cybersecurity incident leads to further dilemmas for companies on whether to disclose third-party breaches, particularly when other companies may have disclosed an incident related to the same breach.
You can read the full report on Paul Hastings’ website.
The post Study finds ‘significant uptick’ in cybersecurity disclosures to SEC appeared first on CyberScoop.
Israeli court to hear U.S. extradition request for alleged LockBit developer
An Israeli Court is set to deliberate a significant extradition case involving Rostislav Panev, an Israeli citizen alleged to be involved with the notorious LockBit ransomware gang.
According to Israeli news outlet Ynet, a U.S. extradition request was made public Thursday claiming that between 2019 and 2024, Panev served as a software developer for LockBit. During this period, LockBit is alleged to have executed cyberattacks impacting roughly 2,500 victims globally, including U.S. governmental and health care organizations.
The U.S. Department of Justice places LockBit among the most detrimental ransomware groups in operation, responsible for financial losses exceeding $500 million. Moreover, the group purportedly harbored connections with Evil Corp., an erstwhile Russian-based cybercrime syndicate sanctioned by the U.S. government in 2019 for its role in distributing malware and enabling a range of cybercriminal activity.
Documents disclosed in conjunction with the extradition request reveal that Panev was arrested at his Israeli home in August. He is suspected of developing software that placed ransom notes on compromised systems. For his work, he has allegedly made $230,000, largely via cryptocurrency. Law enforcement agencies discovered digital wallets tied to these payments, along with ransom templates, during searches at Panev’s residence.
Panev’s lawyer, Sharon Nahari, told Ynet that Panev was neither aware of nor complicit in the alleged schemes.
The extradition proceedings were instigated by the State Attorney’s Office after Israel’s Minister of Justice signed off on a formal request from the U.S. According to YNet, the U.S. kept the extradition order sealed, fearing that it might tip off other LockBit affiliates, potentially allowing them to escape to Russia.
International law enforcement has been aggressively pursuing those behind LockBit, starting in February with the public unveiling of “Operation Cronos,” the name of the organized international effort led by the U.K.’s National Crime Agency. British authorities seized the website used by LockBit to post targets and share data from targeted entities that refused to pay ransom and used it as the platform to disseminate news about the operation and information about the nearly 200 affiliates working with LockBit at the time, part of both a traditional law enforcement disruption as well as a psychological operation designed to undermine LockBit’s support in the cybercrime community.
In October, law enforcement agencies announced additional arrests, seizures and sanctions targeting LockBit ransomware infrastructure, and 16 people were either arrested, sanctioned or both by the U.S. or U.K.
The post Israeli court to hear U.S. extradition request for alleged LockBit developer appeared first on CyberScoop.
Chinese cyber center points finger at U.S. over alleged cyberattacks to steal...
China’s national cyber incident response center accused the U.S. government of launching cyberattacks against two Chinese tech companies in a bid to steal trade secrets.
In a notice Wednesday, the National Computer Network Emergency Response Technical Team/Coordination Center of China (CNCERT) said a suspected U.S. intelligence agency was behind the attacks, and that CNCERT had “handled” them, according to a Google translation.
The U.S. government has long accused China of cyber espionage to steal trade secrets from domestic companies, and China’s allegations about U.S. cyberattacks arrives in the midst of a very public campaign from U.S. government officials blaming China for a major attack on telecommunications carriers.
CNCERT said one of the attacks dates back to August of this year, against “a certain advanced material design and research unit.” The suspected attackers exploited a vulnerability in a document management system to infiltrate the software upgrade management server the company used, then install Trojans in more than 270 hosts of the company, CNCERT said.
The other attack dates to May of last year, against a “large-scale high-tech enterprise” in China’s “smart energy and digital information industry,” according to CNCERT. The center’s analysis determined that the attackers exploited Microsoft Exchange vulnerabilities to get into the company’s mail server, then implanted backdoors and took control of devices at the company and its subsidiaries.
China has, in recent years, stepped up its charges about U.S. cyberattacks. The report did not name a specific U.S. government office or entity responsible for the attacks.
The Chinese Communist Party-owned newspaper China Daily published an infographic this year detailing allegations that the United States is the leading source of cyberattacks against China over the past five years, citing CNCERT in part.
Republican lawmakers, as well as a top official in the incoming second Trump administration, have said recently in response to the Salt Typhoon telecommunications breaches that the United States has been too timid about going on offense against China.
CNCERT describes itself as a non-governmental non-profit cybersecurity technical center. China Daily said it is led by the Ministry of Industry and Information Technology.
Spokespeople for the National Security Agency and U.S. Cyber Command did not immediately respond to requests for comment Thursday.
The post Chinese cyber center points finger at U.S. over alleged cyberattacks to steal trade secrets appeared first on CyberScoop.
Ukrainian sentenced to five years in jail for work on Raccoon Stealer
Ukrainian national Mark Sokolovsky was sentenced Wednesday to five years in federal prison for his role in operating Raccoon Infostealer malware, which infiltrated millions of computers worldwide to steal personal data.
According to court documents, Sokolovsky, 28, was integral to operations that allowed the leasing of Raccoon Infostealer for $200 per month, payable via cryptocurrency. Users predominantly deployed this malware through phishing schemes to extract data from unsuspecting victims. The stolen data included log-in credentials, financial information, and other personal records, often used for financial crimes or sold on cybercrime forums.
Raccoon Infostealer, a potent tool in the cybercriminal arsenal, was dismantled by international law enforcement, alongside Sokolovsky’s arrest, in March 2022. In October 2022, a grand jury indicted Sokolovsky — also known as “Photix,” “raccoonstealer,” and “black21jack77777” — for charges including conspiracy to commit fraud, money laundering, and aggravated identity theft. He was extradited from the Netherlands to the U.S. in February.
Mark Sokolovsky was sentenced Wednesday to five years in federal prison. (Department of Justice)
In a plea deal reached in October, Sokolovsky agreed to forfeit $23,975 and pay restitution of at least $910,844.61. His actions were linked to compromising over 52 million user credentials, which facilitated fraud, identity theft, and ransomware attacks affecting victims worldwide.
U.S. Attorney Jaime Esparza for the Western District of Texas described Sokolovsky as a pivotal figure in an international conspiracy that enabled amateurs to commit significant cybercrimes. He praised the teamwork of international law enforcement in capturing Sokolovsky and promised to keep working hard to fight cybercrime.
The Raccoon Infostealer had reportedly claimed to cease operations in March 2022 following the death of a developer in the Russian invasion of Ukraine. However, reports suggested a resurgence of the malware by June 2022.
The post Ukrainian sentenced to five years in jail for work on Raccoon Stealer appeared first on CyberScoop.