Cyber
The Next Frontier

Become part of a critical layer of cyber defense. Cybersecurity positions will make up 45% of all US tech job openings.

View Full Curriculum

The National Security Agency designated the University of Arizona's Cyber Operations program as a Center of Academic Excellence in Cyber Operations (CAE-CO). With this designation, UA joins an extremely exclusive group of only 24 cyber programs in the nation. The NSA's CAE-CO designation demonstrates that UA's Cyber Operations program meets the most demanding academic and technical requirements.

Learn More

 

The Bachelor of Applied Science in Cyber Operations prepares graduates for cyber-related occupations in defense, law enforcement, and private industry.

Our curriculum includes both offensive and defensive cyber security content delivered within our state-of-the-art Virtual Learning Environment to ensure our students have extensive hands-on experiences to develop the knowledge, skills, and abilities necessary to succeed after they graduate.

 

Program News

DoD Cyber Scholarship Program (CySP)

The DoD CySP is a yearly scholarship program aimed at Juniors and Seniors pursuing a bachelor’s degree in cyber-related academic disciplines. The CySP is a 1-year scholarship, which grants selected Cyber Scholars tuition and mandatory fees (including health care), funding for books, a $25K annual stipend, and guaranteed employment with a DoD agency upon graduation.

Cyber News

Friday, September 23, 2022 - 08:51
British teen arrested in hacking case

British police arrested a 17-year-old from Oxfordshire, England, on Thursday as part of a hacking investigation, the City of London Police announced Friday.

The agency declined to share any additional information Friday morning, as did the U.K.’s National Crime Agency, whose National Cyber Crime Unit supported the investigation.

While it’s not yet clear who the suspect is, the arrest comes eight days after Uber’s systems were breached, followed shortly after by the high-profile hack of Rockstar Games, with the attacker leaking development footage from the highly anticipated upcoming installment of the Grand Theft Auto video game.

The FBI did not immediately respond to a request for comment Friday morning.

An Uber statement on Sept. 19 blamed Lapsus$ for the intrusion. Lapsus$ is a hacking group that had successfully targeted major corporations such as Microsoft, Nvidia, Okta and Ubisoft in a string of hacks in the spring of 2022.

British police arrested seven people in late March, aged 16 to 21, as part of an investigation into Lapsus$. Two of the suspects in that case, aged 16 and 17, were charged with three counts of unauthorized access to a computer with intent to impair the reliability of the data, one count of fraud by false representation and one count of unauthorized access to a computer with intent to hinder access to data. The 16-year-old faced an additional count of causing a computer to perform a function to secure unauthorized access to a program.

Ahead of the arrests, Bloomberg reported that a 16-year-old British teenager, who went by online aliases including “White” and “breachbase,” was the mastermind of the attacks. That teenager, along with several family members, was doxxed in March, ahead of the Bloomberg story.

The people behind the release of that information posted an additional note Sept. 18 claiming the teen was responsible for hacking Uber and Rockstar Games and said he “works with a team of (not-so) skilled individuals who use him as a front man/mule to spread the word of said breaches.” On Friday, the people posted again, citing the arrest and saying that “his OPSEC was obsolete and his friends used him as a mule.”

The post British teen arrested in hacking case appeared first on CyberScoop.

Thursday, September 22, 2022 - 11:20
Researchers unearth hacking group that's been active, yet undetected for...

During a recent investigation of a series of cyber intrusions into an unnamed high-value target, threat intelligence researchers with SentinelOne’s SentinelLabs team discovered nearly 10 hacking groups associated with China and Iran.

This isn’t necessarily new when dealing with significant targets, sometimes referred to as a “magnet of threats” in cybersecurity, as they attract and host multiple hacking efforts simultaneously. But among the cohabitating groups, researchers unearthed a previously unknown group that seems to be operating in alignment with nation-state interests and perhaps as part of a high-end contractor arrangement.

The group — dubbed “Metador” in reference to a string “I am meta” in one of their malware samples, and because of Spanish responses from the command and control servers — shows signs of operating for at least two years, with signs of extensive resources having been poured into development and maintenance in pursuit of what are likely espionage aims.

The group attacks with variants of two Windows malware platforms deployed directly into memory, with indications of an additional Linux implant, and are capable of rapid adaptations. According to the researchers, the group noticed that one of their victims had begun to deploy a security solution after initial infection and “quickly adapted” in response. “That swift response only did more to pique our interest,” the researchers said.

The group has primarily targeted telecoms, internet service providers and universities in the Middle East and Africa, the SentinelLabs researchers Juan Andres Guerrero-Saade, Amitai Ben Shushan Ehrlich, and Aleksandar Milenkoski said in findings published Thursday. But it’s likely only a fraction of the group’s true scope is known, as it manages its infrastructure in such a way to limit the ability to connect one victim to another, using a single IP address per victim, for instance.

Reliable attribution wasn’t possible, the researchers said. The developers are clearly fluent in English, with signs of more casual English — “LOLs” and smiley faces, the researchers said — alongside “highfalutin” English. Spanish is also used throughout the code of “Mafalda,” one of the two malware platform variants developed by the group. Mafalda is the name of an Argentine cartoon character, popular with the Hispanic diaspora dating back to the 1960s as a means of political commentary, the researchers said.

(SentinelLabs)

“It kind of points to the fact that Argentina is this not-so-hidden gem of offensive talent that people forget,” Juan Andres Guerrero-Saade, principal threat researcher at SentinelOne told CyberScoop. “There’s so many companies that have recruited unbelievable talent from Argentina for past 10, 15 years … and it’s a nice reminder that there is all this talent that you can easily tap into. And the question is, who is tapping into it?”

Another interesting pop culture reference was buried in Mafalda’s code: A lyric from the 90s song “Ribbons,” by British pop punk band The Sisters of Mercy: “her eyes were cobalt red, her voice was cobalt blue.”

“Whilst these cultural references are interesting fingerprints, they do not lend themselves to a clear sense of attribution nor a cohesive attributory narrative beyond the possibility of a diverse set of developers perhaps indicative of a contractor arrangement,” the researchers wrote.

The signs of active development and its success at detection for so long has the researchers worried, with hopes that the wider threat intelligence community and others will take the technical indicators shared in the report and look for their own signs of Metador.

“Their operations are massively successful precisely in that they’ve eluded victims, defenders, and threat intel researchers until now despite maintaining these malware platforms for some time,” the researchers wrote. “We consider the discovery of Metador akin to a shark fin breaching the surface of the water. It’s a cause for foreboding that substantiates the need for the security industry to proactively engineer towards detecting the true upper crust of threat actors that currently traverse networks with impunity.”

Guerrero-Saade said that the group seems to him as having “capabilities that I think are representative of folks with a deep well of experience who’ve done this before, and they’ve done it at a professional level, but are in a shop or in an arrangement that still makes choices that the true upper crust wouldn’t make.”

But the group offers a harbinger of the breadth and level of activity is going unnoticed, Guerrero-Saade said.

“What worries me is, in a world where hacker for hire is becoming more popular, where the enablers are becoming less identifiable as corporations … how are the talents of the 1 percent that eventually leave government for a better life, how is that trickling down? And what pockets are they ending up in? And how capable are we of tracking them?”

The post Researchers unearth hacking group that's been active, yet undetected for years appeared first on CyberScoop.

Thursday, September 22, 2022 - 09:41
Agencies don't know what sensitive data new IT systems collect on...

More than two decades after being tasked with establishing privacy programs, 14 federal agencies have failed to address key practices for protecting the sensitive personal data of Americans, a new Government Accountability Office report finds.

Agencies that have failed to implement full privacy plans include the Office of Personnel Management, which was the target of a data breach in 2015 that exposed the sensitive personal information of more than 20 million government employees.

Agencies that have not developed a full privacy strategy include the Departments of Agriculture, Defense, Justice, Homeland Security, Housing and Urban Development, Veteran’s Affairs, State, Treasury, Environmental Protection Agency and OPM.

The GAO defines a fully developed risk management strategy as enacting privacy protections for sensitive data, defining a designated privacy official tasked with managing risks to information systems and establishing a strategy for continuously monitoring privacy risks.

“Without fully establishing these elements of their privacy programs, agencies have less assurance that they are consistently implementing privacy protections,” the GAO included in its report, which was requested by members of the U.S. Senate Committee on Homeland Security & Governmental Affairs.

A rise in breaches of federal agencies involving personally identifiable information in recent years highlights the ongoing challenge the federal government faces in protecting privacy, especially as it adopts new and emerging technologies.

In the fiscal year 2020, federal agencies reported more than 30,000 privacy-related incidents to the Cybersecurity and Infrastructure Security Agency, an 8% increase from the year before. Among those incidents was a January 2020 breach of the U.S. Marshals Service’s Detention Services Network System, which released the PII of an estimated 387,000 people.

The report also identified serious issues with the processes that agencies use to weigh the potential privacy implications of new technologies. Half of the surveyed agencies responded that they were not always aware of which of their systems collected personally identifiable information, therefore not knowing when an assessment was needed. In many cases, such assessments were not initiated until long after the technology was implemented.

Congress has questioned the efficacy of such assessments before, most recently questioning why a privacy impact assessment from the IRS failed to address the use of facial recognition technology by its contractor identity verification software ID.me.

The majority of responding agencies reported having insufficient resources as a driving challenge in implementing privacy programs, including being short-staffed and privacy-related officials taking on additional workload priorities. For instance, Social Security Administration privacy officials reported having to reallocate resources during the COVID-19 pandemic. The majority of agencies also reported difficulty applying privacy requirements to new and emerging technologies, such as cloud services and artificial intelligence, due to a lack of federal guidance.

The report recommends that Congress consider legislation that would designate a senior privacy official at agencies who had privacy planning as their primary duty.

Congress should adopt the GAO’s requirements to require chief privacy officers and allow agencies to offer competitive salaries to recruit in-demand privacy personnel, Sen. Ron Wyden, D-Ore., told CyberScoop in a statement.

“The Government Accountability Office report identifies systemic failures in federal privacy protections that leave the personal data of Americans – including federal workers – far too vulnerable,” Sen. Ron Wyden, D-Ore., told CyberScoop in a statement. “The government simply doesn’t have the skilled privacy professionals it needs to adequately safeguard personal information.”

Nineteen of the 24 agencies reviewed agreed with GAO’s recommendations to address concerns with their privacy programs. The Justice Department did not concur with the GAO recommendations and HUD did not say if it concurred.

The post Agencies don't know what sensitive data new IT systems collect on Americans, GAO report finds appeared first on CyberScoop.

Thursday, September 22, 2022 - 06:29
Senate reports details inefficiencies, confusion at key U.S....

The National Counterintelligence and Security Center is paralyzed by dysfunction, lack of resources and confusion about its mission, leaving a key national security asset dangerously vulnerable, U.S. senators said Wednesday.

The center’s inability to adapt to the growing role of cyber and the “whole-of-society threat landscape” are among several factors contributing to the organization’s decline, according to a blistering 153-page Senate Select Committee on Intelligence report.

“Intelligence traditions have changed dramatically from the post-war era, from the Cold War era,” Senate Intelligence Committee Chairman Mark Warner, D-Va., said at a Wednesday hearing focused on the report, which comes at a time when the senator said the U.S. is locked in a battle with China that will “define who becomes the security and economic leader of the 21st century.”

China and other adversaries now target a much broader array of American institutions than they once did, the report said, calling threats “more complex, diverse and harmful to U.S. interests than was true in the past.” Targets include national laboratories, the financial and energy sectors, academia and companies in the U.S. industrial base.

The Senate report said that because U.S. adversaries now have access to far more varied tools for influencing American officials and inflaming social tensions, the counterintelligence center must gain real authority and modernize its mission and strategies.

As it stands, one of its problems is that it has an entirely different conception of its role in the Intelligence Community than leadership in the Office of the Director of National Intelligence does, the report said, noting that ODNI is establishing a separate foreign malign influence center not under the counterintelligence center’s control. The counterintelligence center is one of more than a dozen intelligence entities housed under the ODNI umbrella.

“There is no consensus as to whether certain emergent threats, particularly foreign malign influence and cyber threats, fit within the definition of CI [counterintelligence],” the report says, revealing a surprising amount of confusion over stewardship of issues seen as critical to national security.

A spokesperson for the counterintelligence center told CyberScoop in a prepared statement that the center “appreciates the Committee identifying multiple recommendations to improve NCSC’s ability to lead the counterintelligence mission, and NCSC will remain engaged with the Committee as appropriate.”

The Senate Select Committee on Intelligence report was billed as a “bipartisan assessment” of foreign intelligence threats and was based on research conducted by non-partisan committee staff. 

Nation-state hacks and other examples of modern cyberwarfare are cited throughout the report, which makes clear that technological advances have turned the counterintelligence world on its head. Several sections of the report are heavily redacted, including multiple paragraphs in text focused on how the counterintelligence center relates to ODNI leadership, how China leverages U.S. technology for military applications and how Russia uses malign influence campaigns to target the U.S.

The report paints a picture of counterintelligence center leadership caught flat-footed in the face of a rapidly changing threat environment. Among other things, the report said, there is currently “no consensus” on whether the counterintelligence center should be “internally focused” or if it should instead embrace a broader mission to “defend the United States as a whole” rather than just individual intelligence entities and their “parochial operations.”

The center’s deficiencies have left the larger U.S. counterintelligence apparatus without a key player, the report suggests, saying that the center only plays a “marginal role” in offensive counterintelligence despite the discipline’s “importance.”

Some of these problems may stem from a lack of guidance from Congress and other institutions. The legal definition for counterintelligence hasn’t been updated since 2002, hearing witnesses said.

“The United States faces a dramatically different threat landscape today than it did just a couple of decades ago,” said Chairman Warner. “New threats and new technology mean that we have to make substantial adjustments to our counterintelligence posture if we are going to protect our country’s national and economic security.”

The committee’s ranking member, Sen. Marco Rubio, R-Fla., zeroed in on the same problem, saying that our system is set up for an era in which counterintelligence operations played out across a contained battle space where governments were trying to steal other governments’ secrets.

That has changed.

“We’re now in an era in which the activities of intelligence agencies from around the world come from a variety of countries with different intentions and they range from cyber intrusions designed to both steal secrets and ultimately generate revenue to disinformation and misinformation to try to steer and influence and shape American policy and divide us,” Rubio said.

U.S. government agencies “simply weren’t created to function” in a world with such threats, he added.

“They were created in an era where there wasn’t great power competition, where the number of nations around the world that had the capability to even do intelligence operations against the United States domestically, not to mention globally, was much smaller than it is today,” Rubio said.

The post Senate reports details inefficiencies, confusion at key U.S. counterintelligence center appeared first on CyberScoop.

Wednesday, September 21, 2022 - 13:56
Senator slams U.S. courts agency for 'stonewalling' inquiry into...

The agency responsible for answering questions about a significant breach of the U.S. federal courts system is “stonewalling” congressional efforts to get additional information and specifics, Sen. Ron Wyden, D-Ore., said Wednesday.

Wyden’s comment comes after the Administrative Office of the United States Courts declined to respond to a series of his questions about the breach. In a July 28 letter, he asked the agency to provide details on what it knows about the severity of the hack and the timing of the digital intrusion that was revealed publicly during a July House Judiciary Committee hearing.

In that hearing, committee Chairman Rep. Jerrold Nadler, D-N.Y., said the courts had suffered “an incredibly significant and sophisticated cybersecurity breach” dating to early 2020 that has “had lingering impacts” on the Department of Justice and other agencies and may have included “three hostile foreign actors.”

Nadler said at the time that “perhaps even more concerning is the disturbing impact this security breach had on pending civil and criminal litigation, as well as ongoing national security or intelligence matters.”

The Administrative Office announced in a January 2021 press release that it was working with the Department of Homeland Security on an audit “relating to vulnerabilities in the Judiciary’s Case Management/Electronic Case Files system (CM/ECF) that greatly risk compromising highly sensitive non-public documents stored on CM/ECF, particularly sealed filings.”

The announcement — released Jan. 6, the same day as the attack on the U.S. Capitol — said that “an apparent compromise of the confidentiality of the CM/ECF system due to these discovered vulnerabilities currently is under investigation.”

The incident was separate from the SolarWinds breach that affected a range of U.S. federal agencies, Nadler said, adding that the committee had only learned in March 2022 the “startling breadth and scope of the court’s document management system’s security failure.”

Assistant Attorney General for National Security Matthew Olsen told Nadler at the hearing that he couldn’t “think of anything in particular” as far as specific cases the incident affected. Nevertheless, DOJ has filed its most sensitive court documents on paper since January 2021 “to avoid any chance of a breach or vulnerability in electronic filing systems compromising its high stakes cases,” Deputy Assistant Attorney General for National Security Adam Hickey told CyberScoop’s Suzanne Smalley on Aug. 4.

In the July 28 letter, Wyden asked the agency’s director, Roslynn R. Mauskopf, for specifics on the situation such when hackers first accessed the CM/ECF system, how long it took for agency to discover the intrusion, whether the agency discovered the breach or if it was alerted by another agency and what information the hackers accessed.

Mauskopf told Wyden in a Sept. 15 letter that the agency “takes these threats seriously,” and takes action to protect its networks from cybersecurity threats.

“The nature and extent of any such threats, as well as our response — issues raised in the questions contained in your letter — are sensitive, from both a law enforcement and a national security perspective,” Mauskopf wrote. “Accordingly, our communications to Congress on these matters have been through various confidential or classified briefings to Members and staff of relevant committees, with Executive Branch agencies participating as appropriate.”

Wyden said on Wednesday the response was “disappointing.”

“It is disappointing that court administrators continue to refuse to be transparent with the public about the breach revealed in 2021, including with regard to what information was accessed, or the extent to which they have addressed vulnerabilities in their systems,” Wyden said in a statement shared with CyberScoop.

“This continued stonewalling, nearly two years after the hack took place, is a major red flag about the state of the courts’ systems. I urge the Senate to pass the bipartisan Open Courts Act as soon as possible, to provide the funding and security standards needed to upgrade the courts’ outdated and vulnerable records systems.”

The post Senator slams U.S. courts agency for 'stonewalling' inquiry into cyberattack appeared first on CyberScoop.