Cyber
The Next Frontier

Become part of a critical layer of cyber defense. Cybersecurity positions will make up 45% of all US tech job openings.

View Full Curriculum

The National Security Agency designated the University of Arizona's Cyber Operations program as a Center of Academic Excellence in Cyber Operations (CAE-CO). With this designation, UA joins an extremely exclusive group of only 24 cyber programs in the nation. The NSA's CAE-CO designation demonstrates that UA's Cyber Operations program meets the most demanding academic and technical requirements.

Learn More

 

The Bachelor of Applied Science in Cyber Operations prepares graduates for cyber-related occupations in defense, law enforcement, and private industry.

Our curriculum includes both offensive and defensive cyber security content delivered within our state-of-the-art Virtual Learning Environment to ensure our students have extensive hands-on experiences to develop the knowledge, skills, and abilities necessary to succeed after they graduate.

 

Program News

DoD Cyber Scholarship Program (CySP)

The DoD CySP is a yearly scholarship program aimed at Juniors and Seniors pursuing a bachelor’s degree in cyber-related academic disciplines. The CySP is a 1-year scholarship, which grants selected Cyber Scholars tuition and mandatory fees (including health care), funding for books, a $25K annual stipend, and guaranteed employment with a DoD agency upon graduation.

Cyber News

Wednesday, November 6, 2024 - 08:57
How early-stage companies can go beyond cybersecurity basics

The digital landscape has become a battleground, with cybercriminals constantly evolving their tactics and outmaneuvering even the most advanced defenses. Phishing scams are becoming increasingly sophisticated, zero-day vulnerabilities are emerging at an alarming rate, and ransomware attacks are crippling organizations worldwide. To stay ahead of this ever-shifting threat landscape, businesses must adopt a proactive approach to cybersecurity that goes beyond mere compliance.

The new face of cybercrime 

It’s no surprise that the threat landscape is more bold and complex than ever before. Hackers are constantly refining their tactics, exploiting new vulnerabilities, and finding ways to bypass even the most sophisticated security measures.

One of the biggest shifts we’ve seen is the rise of social engineering attacks. Phishing scams are becoming increasingly sophisticated, often using personalized messages and impersonating trusted individuals or organizations. These attacks can trick even the most tech-savvy users into clicking on malicious links or downloading malware.

Another major concern is the growing prevalence of zero-day vulnerabilities. These are security flaws that are unknown to the software vendor until they are exploited. This gives attackers a significant advantage, as they can exploit these vulnerabilities before patches are developed and deployed.

Supply chain attacks have also become a major threat. By targeting third-party vendors, hackers can gain access to multiple organizations simultaneously. This makes it even more difficult to detect and respond to attacks.

Ransomware attacks have also seen a dramatic increase in recent years. Not only are attackers encrypting data, but they’re also threatening to steal and publicly release sensitive information. This can lead to significant financial losses, reputational damage, and operational disruptions. 

It’s clear that the threat landscape is constantly evolving, and businesses need to stay ahead of the curve. By understanding the latest threats and taking proactive steps to protect themselves, organizations can mitigate their risk and ensure the security of their data and systems.

Compliance: a foundation, not a fortress

Compliance is a crucial component of cybersecurity, but it’s not the silver bullet. While standards like GDPR, HIPAA, and PCI DSS provide a solid foundation, they have their limitations in today’s evolving threat landscape.

One of the biggest issues is that compliance standards can be static. They may not keep pace with the rapidly evolving tactics of cybercriminals. This can create a false sense of security if organizations rely solely on compliance to protect themselves.

Additionally, compliance can sometimes become a tick-box exercise. Organizations may focus on completing the necessary procedures without actually improving their security posture. This can lead to superficial compliance that doesn’t address real-world risks.

Another limitation is the one-size-fits-all approach of many compliance frameworks. These standards may not adequately address the specific needs and risks of individual organizations. This can leave critical vulnerabilities exposed.

Finally, compliance often focuses on detection and response rather than prevention. While these are important, an overemphasis on post-breach activities can distract from the more proactive measures needed to prevent attacks in the first place.

In short, compliance is a necessary but insufficient condition for strong cybersecurity. Organizations need to go beyond compliance by building dynamic risk-based security strategies that address their unique needs and the ever-changing threat landscape.

Rethinking compliance in cybersecurity

Cybersecurity is more important than ever nowadays. To protect your organization from evolving threats, you need a proactive strategy that goes beyond basic compliance. Here’s a step-by-step approach to using compliance more effectively in your cybersecurity efforts:

  • Start by identifying your most critical assets and vulnerabilities. This will help you focus your resources on the areas that need the most protection.
  • Next, implement a layered security approach. This means using multiple security controls to protect your network, like firewalls, antivirus software, and intrusion detection systems. Consider using cyber insurance as a vital part of your cybersecurity strategy. 
  • Stay informed about emerging threats. Use monitoring tools and threat intelligence services to stay up-to-date on the latest risks.
  • Train your employees. They are your first line of defense, so make sure they know how to spot and avoid phishing scams and other attacks.
  • Finally, have a plan in place. If a breach happens, you need to know what to do. Develop an incident response plan and test it regularly.

Remember, cybersecurity is an ongoing battle. You need to constantly adapt and evolve your strategy to stay ahead of the latest threats.

Jonathan Selby is a risk management expert at Founders Shield. He works to oversee client strategy and communication, and has fostered a culture of providing unparalleled service and risk consulting for some of the fastest-growing companies in the world. Outside of work, he can be found on the basketball court and chess board — but not at the same time.

The post How early-stage companies can go beyond cybersecurity basics appeared first on CyberScoop.

Tuesday, November 5, 2024 - 13:05
False bomb threats at polling sites only blemish on Election Day voting process

Election officials and federal authorities have spent a considerable amount of time over the past few weeks debunking fake or false media regarding the integrity of U.S. elections.

Election Day has been a continuation of that trend, as federal, state and local election officials in swing states have attempted to stay on top of the routine kind of errors or glitches that happen every election cycle, while pushing back on egregious lies or misrepresentations being spread online by bad actors.

The most serious news of the day was in swing-state Georgia, where state officials called out yet another alleged Russian-led effort to disrupt the voting process, this time through bomb threats.

In a statement, the Fulton County Police Department said it responded to multiple bomb threats at polling places, resulting in temporary closings of at least two polling locations in Union City, while the county’s Department of Registration and Elections will seek a court order to keep those locations open to voters and make up the lost time.

Secretary of State Brad Raffensperger claimed that the bomb threats came from Russia, marking the second time in a week that he alleged Russian involvement in election-related disinformation ahead of federal law enforcement and intelligence agencies.

But the FBI quickly moved to back up those claims, saying in a statement Tuesday that the bureau was “aware of bomb threats to polling locations in several states, many of which appear to originate from Russian email domains.”

“None of the threats have been determined to be credible thus far,” the FBI said.

Cait Conley, senior advisor and election security lead at the Cybersecurity and Infrastructure Security Agency, said CISA is in contact with officials in Georgia over the incident but referred questions around attribution to the FBI.

Separately, the Department of Justice announced that a 25-year-old Georgia poll worker was arrested and charged with mailing a threatening letter to his own colleagues, including a bomb threat.

According to the DOJ, Nicholas Wimbish of Milledgeville, Ga., was working at the Jones County Elections Office on Oct. 16 when he had an alleged, unspecified altercation with a voter.

Authorities said the next day, Wimbish mailed a letter to the office posing as a “Jones County Voter” complaining about his own conduct, saying he and other pollworkers “should look over their shoulder,” that he would “rage rape” women and that a “boom toy” was headed for “early vote place.”

Wimbish has been charged with mailing a bomb threat, conveying false information about a bomb threat, mailing a threatening letter, and making false statements to the FBI.

Damon Hewitt, president and executive director of the Lawyers’ Committee for Civil Rights Under Law, told reporters that the Election Day bomb threats do not appear to be genuine.

“There have been a couple of evaluations of polling sites, but there have been no credible threats. Voting is safe today all through Georgia, as far as we have heard,” Hewitt said on a press call Tuesday.

Michigan Attorney General Dana Nessel told CNN that polling locations in her state have also been the target of threats, but “none of the threats have been deemed credible.”Similar threats were made in Duval County, Fla., according to The Tributary, a local news site.

The post False bomb threats at polling sites only blemish on Election Day voting process appeared first on CyberScoop.

Tuesday, November 5, 2024 - 10:04
Schneider Electric reports cyberattack, its third incident in 18 months

Multinational energy management company Schneider Electric said Tuesday it was the victim of a cyberattack, with attackers behind a new ransomware variant claiming responsibility.

“Schneider Electric is investigating a cybersecurity incident involving unauthorized access to one of our internal project execution tracking platforms which is hosted within an isolated environment,” a spokesperson said in an emailed statement. “Our Global Incident Response team has been immediately mobilized to respond to the incident. Schneider Electric’s products and services remain unaffected.”

The company was a listed victim on the Hellcat ransomware variant’s leak site, with attackers demanding a $150,000 ransom in “baguettes,” an obtuse reference to the company’s headquarters being located in France. In reality, the attackers are looking for payment in Monero, a privacy-focused cryptocurrency.

HellCat claims to have more than 40 gigabytes of data from the company’s JIRA platform, “including projects, issues, and plugins, along with over 400,000 rows of user data.” Jira is a general application used for project management that could include sensitive or proprietary information about employees or major projects.

Attackers did not further describe what type of information was stolen.

Screenshot from HellCat’s onion web site.

“To secure the deletion of this data and prevent its public release, we require a payment of $125,000 USD in Baguettes. Failure to meet this demand will result in the dissemination of the compromised information,” the note says, adding that “stating the breach” will decrease the ransom by half. “Its your choice Olivier…”

The message seemingly refers to new Schneider Electric Chief Executive Olivier Blum, who took over as CEO this week after Peter Herweck was ousted from the role.

HellCat has previously published records they claim to be from the Jordan Ministry of Education and Tanzania’s College of Business Education.

The incident marks the third time in the past 18 months that Schneider Electric has been attacked by ransomware groups. In January, the company’s sustainability business division was hit with Cactus ransomware. In June 2023, the company disclosed that it was targeted by Cl0p via the exploit used in the MoveIT breach.

The post Schneider Electric reports cyberattack, its third incident in 18 months appeared first on CyberScoop.

Tuesday, November 5, 2024 - 07:56
Man arrested in Canada believed to be behind Snowflake breach

Canadian authorities have arrested a person suspected of orchestrating a series of data exfiltration attacks targeting customers of the data storage firm Snowflake. 

Alexander “Connor” Moucka was taken into custody Oct. 30, based on a provisional arrest warrant, according to Canada’s Department of Justice. He is scheduled to appear in court Tuesday.

The Canadian Department of Justice confirmed to CyberScoop that the arrest was carried out at the request of the United States. 

While the specific charges against Moucka remain undisclosed, insiders familiar with the case have identified him as a key figure behind the attacks. Presentations from cybersecurity researchers given earlier this year labeled the individual, who was known by several online monikers including “Judische” and “Waifu,” as a 26-year-old from Ontario, Canada. Moucka was arrested in Kitchener, a city in Ontario approximately 65 miles west of Toronto. 

Attempts to reach Moucka have been unsuccessful. The FBI declined to comment. The White House did not respond to CyberScoop’s request for comment.

The Snowflake breaches, which were discovered between April and July, affected major companies like AT&T, Ticketmaster and Santander. It was believed earlier this year that as many as 165 companies were impacted by the breach. Those responsible for the breaches tried to blackmail these companies by threatening to sell the stolen data on criminal forums.

Researchers found evidence that Judische collaborated with another hacker, John Binns, on the attack targeting AT&T, which the company said in July included records of “nearly all” of its customers’ data for a six-month period in 2022. Binns, previously indicted for an attack on T-Mobile in 2021, was arrested by Turkish authorities after the AT&T attack and remains in custody. 

During a presentation at LabsCon earlier this year, a Mandiant researcher presented evidence that whomever is responsible for the Snowflake breaches is a member of “The Com,” an online ecosystem that includes groups engaging in cybercriminal activity, violence, extortion, kidnappings, shootings and robberies, according to researchers who track the activity and law enforcement officials. 

Bloomberg was the first to report on Moucka’s arrest. 

The post Man arrested in Canada believed to be behind Snowflake breach appeared first on CyberScoop.

Monday, November 4, 2024 - 16:34
Android warns of Qualcomm exploit in latest security bulletin

Android’s monthly security bulletin published Monday warns of two vulnerabilities with “limited, targeted exploitation” in the wild.

One vulnerability impacts Qualcomm chipsets via a use-after-free vulnerability in its FastRPC driver. Designated as CVE-2024-43047, the bug was reported to be under active exploitation in early October and is rated “high” severity with a CVSS score of 7.8.

A FastRPC driver is a piece of software in Qualcomm’s chip design that helps the main processor talk to the digital signal processor (DSP) using the FastRPC protocol. This driver handles data transfer and remote commands, letting apps use the DSP’s special processing power effectively for tasks like processing media, running machine learning, and other demanding applications.

Although victims have not yet been made public, Qualcomm cited researchers at Google’s Threat Analysis Group for the indications of exploitation which was later confirmed by Amnesty International’s Security Lab.

Qualcomm said in an emailed statement that the company commends “the researchers from Google Project Zero and Amnesty International Security Lab for using coordinated disclosure practices.”

“Regarding their FastRPC driver research, fixes have been made available to our customers as of September 2024. We encourage end users to apply security updates as they become available from device makers,” Qualcomm said.

Neither Google nor the Security Lab at Amnesty International responded to requests for comment. The involvement of the human rights group could be an indication that either state-backed hacking or surveillance activity may be at the center of the narrow campaign.

Monday’s security bulletin also included another vulnerability — CVE-2024-43093 — which Google claims is also  under exploitation. However, the vulnerability is currently in the process of being formally reviewed and documented, so no further details have been released.

Kern Smith, vice president of global sales engineering at the mobile cybersecurity firm Zimperium, said attackers are increasingly targeting employee devices to access corporate data and exploit supply chains. 

“It’s really a matter of when their devices or apps will be exposed to some level of vulnerability,” Smithsaid. “Mobile devices face the same or similar challenges like any other end point, especially when they’re critical to our personal and also to our professional lives.”

Smith added  that targeting mobile hardware is an increasingly common attack method.
There were 44 CVEs fixed in total. You can see the full list on Android’s website.

The post Android warns of Qualcomm exploit in latest security bulletin appeared first on CyberScoop.