Posts

Posted on

The Need for Cloud Security

This post was written by Xavier Zepiora, Junior cybersecurity major at Messiah University.

I recently read an article detailing how cloud attacks are becoming more common these days, and that these attacks are a result of misconfigured cloud settings. A team from Cado Security studied three different cloud attacks that have been impacting businesses. In this post, I’ll share a brief synopsis of each attack and how they confirm a need for more education regarding cloud security.

The first piece of malware the team came across is called DoH because it uses DNS queries over HTTPS. This attack is happening on serverless environments provided by AWS. Sending DNS queries over HTTPS means that they are encrypted and can’t be viewed by AWS security services. The malware also sends thousands of HTTPS string requests, so that EDR services do not detect it. This attack is primarily used for cryptomining but could be used in other ways as it uses command and control methods to operate.

The second piece of malware primarily targets cloud providers in Asia and blends into their UNIX-based systems. The malware uses timestamp manipulation to hide from detection. It has primarily been used for cryptojacking which is when someone else’s resources are used to mine cryptocurrency for the attackers.

The third is a group known as Watchdog which has been in operation since 2019. They have been performing cryptojacking attacks and find vulnerable cloud services through mass scans. They are also known for using steganography for avoiding detection.

These attacks are all only being used for crypto development right now but there is nothing stopping attackers from using the same methods to run other kinds of attacks on cloud systems. This shows the need for cyber security professionals to understand cloud security better, as well as IT professionals working at small companies that outsource to the cloud. If all three of the leading attack frameworks right now are a result of poor configuration, it means we need more cloud education.

Posted on

Cybersecurity Workshops at Local High School

This post was written by Senior Cybersecurity major, Ryan Donat.

I was recently invited, along with Dr. David Bibighaus, to present a series of workshops at CV YOU day, an event created and hosted by Cumberland Valley High School. The day is designed for high school students to explore various careers, hobbies, wellness strategies, and more. Thirty-minute workshops take place throughout the day for students to attend in order to find out more about their fields of interest, along with a College and Career Fair.

Dr. Bibighaus and I presented six workshop sessions on Cybersecurity as an industry as well as what it looks like in the educational setting at Messiah. Dr. Bibighaus discussed his extensive career in the field. He shared that he started out being an engineer and hated it, but then later discovered what his interests were as his career developed. He told some interesting stories from his journey, such as being part of the first team catching hackers for the Air Force, and how he led military red cell scenarios. He advised students to pursue what they are interested in, but to start with a broad education so that they can specialize later as their interests develop.

I then shared my route to majoring in cybersecurity, then explained my coursework and studies by showing an ethical hacking demonstration. Next, I taught on the Confidentiality, Integrity, and Availability triad by asking students questions about how they would disrupt a company with infinite access to a company’s computers and networks. I finished up by explaining what I would tell my 18-year-old self if I had the chance.

We finished each presentation by giving time for questions, where the students asked a lot of thought-provoking questions. It was a great event and we enjoyed our time with everyone. Special thanks to all the students, as well as to teachers Keith Ensminger, Robert Newara, and Jay Yohe. And thank you for having us, Cumberland Valley High School!

Posted on

Cyber Center Hosts Lunch and Learn

The Messiah University Cyber Center welcomed 40 attendees to a Lunch and Learn on November 30. The event gathered cybersecurity industry experts, local businesses, and Messiah cybersecurity students and faculty for a shared meal and a time of connection, along with a lively panel discussion on cyber-related topics. Guest panelists included Matthew Chiodi of Cerby, Christina Martin of Highmark Health, Nate Shea of SecureStrux, and Devin Chwastyk of McNees Wallace & Nurick. The event concluded with a special tour of the Cyber Center SOC, provided by SOC interns and Messiah’s Director of Information Security .

Special thanks to all in attendance for making this event a successful time of networking and learning from one another. The industry leaders in attendance brought encouragement and expert advice regarding careers in the cybersecurity field. Students came away excited about the possibilities for their future.

The Cybersecurity Education Program is planning another Lunch and Learn in the spring of 2023.

Cybersecurity Lunch and Learn, November 30, 2022, in the MU Cyber Center.
Vinny Sakore, Director of the CYSE Program at MU, interviews Christina Martin, Matt Chiodi, Devin Chwastyk, and Nate Shea during the Cybersecurity Lunch and Learn.
Special thanks to The Cracked Pot Coffee Shop for delicious coffee, as well as Messiah University Catering Services for a great lunch.
Posted on

Dr. Scott Weaver Presents at the International Conference of Education, Research and Innovation

Dr. Scott Weaver, Associate Professor of Computer Science at Messiah, presented at the 5th annual International Conference of Education, Research and Innovation (iCERi 2022) in Seville, Spain on November 7-10, 2022. The title of his presentation was “Introducing Project-Based Learning and Real-World Methodologies and Tools Earlier in the Software Development Curriculum”.

Abstract: Software development requires the ability to solve problems, an understanding of how to apply development methodologies within a context, and the ability to select and utilize the tools of the trade. Therefore, graduates entering the software development profession are expected to have a portfolio of development practices and tool experience. Project-Based Learning (PBL) is often used in capstone courses where students focus their attention on a project designed to provide a cumulative experience solving a real-world problem. A critical element of the capstone experience is applying industry standards for software development and utilizing industry tools to execute their project. Preparing students to use industry standards and tools earlier in the curriculum prepares them to focus their learning in the capstone course on fine tuning their skills and delivering a high-quality product versus learning the mechanics of using industry methodologies and tools. The study analyzes student cohorts over six years, tracing their course work through select core curriculum, and the impact of early introduction to Project-Based-Learning on their later course work and overall educational experience. Our results demonstrate that earlier introduction of project-based learning with industry tools have led to improved academic performance in upper-level courses, more sophisticated capstone projects and increased perceptions of professional preparedness.

Bio: Before coming to Messiah University, Dr. Weaver spent seven years in the computer industry as a program analyst and consulting, and nine years teaching mathematics and computer science at Mechanicsburg Area High School. He was pivotal in developing the Cybersecurity Education Program at Messiah, and currently teaches Data Communications & Networking, and Web Development: Client Side.

Dr. Weaver presenting at iCERi 2022 in Seville, Spain.
Dr. Weaver at iCERi 2022 in Seville, Spain.

.

Posted on

The Future of Russian Cyber: With a Bang or a Whimper

This post is written by Dr. David Bibighaus, Assistant Professor of Cybersecurity and Computer Science at Messiah University.

In many respects, cyber in 2022 has been the year of the dog not barking.  The war in Ukraine has been the most significant story of 2022.  Given Russia previously demonstrated capabilities in cyber and its willingness to use those capabilities, the lack of major cyber events tied to the Ukraine war has been puzzling.  To help think through this issue, we will briefly discuss three questions whose answers could have major implications for the future of Cyber defense.

  1. Why has Putin not launched significant cyber-attacks on Ukraine?

There are several possible answers.  The first is that the cyber forces were not included in the operational planning.  Under this hypothesis, cyber-attacks are most effective in the run-up and initial stages of the war.  If the cyber forces were not included in the initial operational planning, there may not have been a good time to insert cyber-attacks when they would be most impactful.  There is some evidence to this hypothesis.  It seems that planning for this “Special Military Operation” was kept to an absolute minimum.  Even most of the front-line Russian soldiers had no idea that they would be fighting until they crossed into Ukraine.

A second possible answer is that the Russians may have inadvertently undermined the effectiveness of their cyber-weapons in Ukraine.  Andy Greenberg, in his book Sandworm, has done an excellent job documenting the Russian development of cyber weapons against critical infrastructure.  Russia has spent the last six years using Ukraine as a trial run for these capabilities.  However, as Russia has tested these weapons on Ukraine, the Ukrainians have had to learn how to operate their critical systems in the face of a cyber-attack.  It is possible that when Russia unleased its Industroyer malware on the Ukrainian power grid in 2016, it unintentionally hardened that system so that future versions of that malware would be less effective.

A final possibility is that Russia’s cyber-forces were needed elsewhere.  Russian military doctrine makes no distinction between influence operations and cyber operations.  One of the stunning outcomes of the invasion was the spontaneous response by hundreds of multi-national corporations.  Suddenly McDonalds and Visa had a foreign policy that impacted the lives of virtually every Russian citizen.  Under this hypothesis, Russian forces that may have been used to conduct cyber-attacks could have been redirected to perform influence operations at home and abroad.   

2. Will Russia give up on cyber?

Many of the best and brightest young people in Russia with technical skills served in Russia cyber forces. For the men, it is a valid way to fulfill their military obligation without the unpleasantries that can accompany military life (women are not required to serve in the Russian Armed Forces). This loophole has impacted the cyber landscape by training more Russian hackers than would normally be expected for a country of its size. But can this continue? The war has revealed a desperate Russian need for military manpower; and especially intelligent and capable young people who can serve as junior officers.

Unless the tide of the war shifts dramatically in Putin’s favor, Russia may decide to dramatically reduce the number of those serving in the cyber forces. If so, it will have major implications for the future of cyber defense, as a significant pool of talented, well-trained nefarious actors could suddenly dry up.

3. Will Putin Use Cyber-Weapons on the West?

As of this writing, the War in Ukraine continues to go against Russia, to the point where the use of tactical nuclear weapons is being actively discussed. Might Russia elect to use a cyber weapon against the West before it elects to use such a weapon? Russia could use the sabotage of the Nord Stream pipeline as a justification to unleash a cyber-attack on the West’s critical infrastructure. But this course of action would present significant risks. A cyber-attack could cause short-term economic damage to the West. However, it is unlikely to have long-term impact on the Ukrainian battlefield other than hardening western resolve and possibly resulting in the West providing more material aid against Russia. 

No matter what happens, this war will be studied by nation-states for decades to come as a case study for when and when not to use cyber-weapons. How Russia chooses to answer the three questions posed here will impact the cyber landscape for a least a generation.

Image by Philipp Katzenberger, via unsplash.com

Dr. David Bibighaus grew up in upstate New York and completed his bachelor’s degree in electrical engineering from the United States Air Force Academy. He served in the Air Force for twenty-one years as a computer systems developmental engineer. Some of his notable assignments in the Air Force include serving as a Systems Engineer with the Military Satellite Communications division in Los Angeles, as a Crew Commander with the 33rd Information Operations Squadron in San Antonio Texas, as the head of the Cyber Defense Branch of the Air Force Research Laboratory in Rome New York, as an Electronic Warfare Officer with Task Force Paladin in Afghanistan, and as the Deputy Head of the Computer Science Department of the United States Air Force Academy. Dr. Bibighaus worked for Booz Allen Hamilton as a Senior Lead Engineer advising the Air and Space Forces on ways to improve the cyber security of their operational systems. Dr. Bibighaus joined the faculty of Messiah in 2022. He is interested mentoring young people and creating sustainable engineering solutions for the developing world. He enjoys spending time with his wife and three daughters, wood working, role playing games, and traveling.

Posted on

Meet Our New CYSE Program Faculty

The Cybersecurity Education Program and the Department of Computing, Mathematics, and Physics welcome our newest faculty member, Dr. David Bibighaus, as Assistant Professor of Cybersecurity and Computer Science. Prior to joining the department, Dr. Bibighaus served as Senior Lead Engineer at Booz Allen Hamilton, advising the Air and Space Forces on ways to improve the cyber security of their operational systems.

Dr. Bibighaus grew up in upstate New York and completed his bachelor’s degree in electrical engineering from the United States Air Force Academy. He served in the Air Force for twenty-one years as a computer systems developmental engineer. Some of his notable assignments in the Air Force include serving as a Systems Engineer with the Military Satellite Communications division in Los Angeles, as a Crew Commander with the 33rd Information Operations Squadron in San Antonio Texas, as the head of the Cyber Defense Branch of the Air Force Research Laboratory in Rome New York, as an Electronic Warfare Officer with Task Force Paladin in Afghanistan, and as the Deputy Head of the Computer Science Department of the United States Air Force Academy.

Dr. Bibighaus joined the faculty of Messiah in 2022. He is currently teaching Computer Programming I, Information Systems and Managers, and Network Security. Dr. Bibighaus is interested in mentoring young people and creating sustainable engineering solutions for the developing world. He enjoys spending time with his wife and three daughters, wood working, role playing games, and traveling.

Posted on

WiCyS Student Chapter Holds First Event

Messiah’s WiCyS (Women in Cybersecurity) student chapter started an exciting new tradition in October! Operating through Messiah’s Computer Science Club, the group held the University’s first CTF event. CTF’s, or Capture-The-Flag events, are cybersecurity competitions that develop participants’ hacking and problem-solving skills. The challenges involve finding a random string of characters, referred to as the flag, hidden inside a computer system. For this event, the competition involved cryptography, breaking password hashes, using basic Kali Linux tools, and more. The event took place in Messiah’s new, state of the art Cyber Center, and the WiCyS club partnered with the Games Club to provide food, a fun atmosphere, and a great community. They hope to continue these events each semester as the club grows.

Posted on

Compromised Passwords and Turning Off Hackers

Did you know that cyber criminals, aka the “bad guys”, have more than 15 billion compromised passwords[1] to choose from when trying to break into your system?  And where, you may ask, do these compromised passwords come from? 

One infamous password collection—dubbed “RockYou2021”—is thought to be a compendium of passwords cobbled together from data breaches[2].   It is estimated that this list is comprised of over 8 billion legitimate passwords collected from a series of data breaches that included username/password combinations. 

Given the size and scope of the leak, anyone who does anything online should check if their passwords were compromised. To check whether your password is safe, there are several free and easy options you can use. They include:

Since the databases that each of these resources uses are likely not identical, it would be smart to check as many as possible just to cover all your bases.

So, before you grumble about having to use some form of multi-factor authentication (MFA) you may want to make sure your current password hasn’t been hacked.

And for those of you who don’t know what MFA is, here is a quick overview.  As the name implies, MFA blends at least two separate factors. One is typically your username and password, which is something you know. The other could be:

  • Something you have. A cellphone, keycard, or USB could all verify your identity.  Often it is an app on your phone that provides a one-time password, otherwise known as an OTP.
  • Something you are. Fingerprints, iris scans, or some other biometric data prove that you are who you say you are.

MFA is a great “hacker turnoff”. So, even though it means that it might take a second longer to sign in, remember your hacked password and thank your IT Security director for that added little bit of protection MFA provides.

[1] https://www.okta.com/identity-101/why-mfa-is-everywhere/

[2] https://www.consumeraffairs.com/news/new-84-billion-password-hack-breaks-records-060821.html

Post written by Vinny Sakore, Director of Cybersecurity Education at Messiah University. Vinny spent 20+ years in the information technology and cybersecurity field. His industry experience includes serving as Verizon’s HIPAA Security Officer and stints as Chief Technology Officer for two healthcare technology companies. He continues to remain active in the industry by providing consulting services to a number of organizations including NetDiligence, Inc. (www.netdiligence.com).

Photo credit: George Prentzas via unsplash.com

Posted on

How To Thwart Hackers: Tips From MU’s Information Security Director

This is the final post for Cybersecurity Awareness Month from Messiah University’s Information Security Director, Allen Snook. We appreciate him and the Cybersecurity interns lending their expertise this month for the #seeyourselfincyber campaign, giving us tips and resources for safeguarding our information online.

Internet scams are nothing new. Since the 1980’s, hackers have been attempting to gain illegal access to networks and systems in order to obtain sensitive information. They are after your identity, the contents of your email, and your financial data (they don’t need to know how much is in your bank account to want to gain access to it). Phishing emails are one way they attempt to steal this information from you.

If you’ve been following our other blog posts for Cybersecurity Awareness Month, you might recall some of the tips we’ve given for keeping your personal information safe, such as developing strong passwords, updating your apps, and avoiding oversharing on social media. In this post, we wanted to share further measures for safeguarding your information in order to thwart malicious hackers.

  1. Think before you click. More than 90% of successful cyber-attacks start with a phishing email. If you receive an email from a person or a company you are not familiar with, do not click any of the links or attachments (no matter what they’re promising in their message). Pay close attention to the details and verify the sources before you click on anything.
  2. Create and use strong passwords. See our previous post on this.
  3. Try not to connect to public Wi-Fi networks. Although they are convenient, they are often vulnerable to cyber criminals.
  4. Secure your devices. Be sure to update security software, operating system software, internet browsers and apps. You could also install an antivirus software to help combat viruses, malware, etc. 
  5. Back up your data. Make extra copies of your files so that if something happens to one of the files, you still have your backups. One way to do this is by saving information in the cloud or to an external storage device. 

All of this is to say: Be proactive. You can ensure that you and your organization are a secure place online by taking the initiative to safeguard your information. We hope these tips equip you to do that.

#seeyourselfincyber #messiahcyber

Image by Mikhail Fesenko, via Unsplash.com

Posted on

Think Before You Post: Tips From MU’s Information Security Director

In an age where it’s popular to share many aspects of our lives online, we need to consider the dangers that can occur with freely dispensing information about ourselves. Oversharing online can put any one of us at risk of fraud, as identity thieves and hackers use the information we post to study us or to steal our identity. We should not give out an excessive amount of personal information, especially in a way that might be considered inappropriate or dangerous to us and those around us.

It is important to remember that nothing posted in a public forum is ever truly private. THINK BEFORE YOU POST! Here are a few specific tips to keep in mind:

  • Do not share your current location. This can mean turning off location-based apps.
  • Do not share sensitive information. This makes it easier for individuals to gather information about you. Examples of sensitive information are names of your family members, phone numbers, and birthdays.
  • Be careful what is in the background when you post. Be mature.
  • Not everything needs an account.
  • Sharing too much can result in cyberstalking. 
  • Review your privacy settings. Privacy settings can vary on social media platforms, so be sure to familiarize yourself with the settings on every platform you use. 

Want to know what’s out on the web about you? Simply search for yourself online. Doing this will allow you to see what other people can find out about you. You might be surprised at just how much information about you is public. 

We encourage you to be proactive in protecting your information. One of the ways to do this is to think about what you’re posting online before you post it. Avoiding the popularity of oversharing is a safety principle that can mitigate the risk of being a victim of cyber crime.

#seeyourselfincyber #messiahcyber

Post written by Allen Snook, Director of Information Security at Messiah University, and Cybersecurity interns.

Photo credit: Christina @ wocintechchat.com via Unsplash.com.