natacs-logo-192x85

Cybersecurity

Top News in Cybersecurity

Defending yourself against cyberattacks starts with understanding the risks associated with cyber activity, what some of the basic cybersecurity terms mean, and what you can do to protect yourself.

Cyber Essentials Toolkits

Published by the Cybersecurity and Infrastructure Security Agency (CISA) 15 October 2020
 
It’s National Cyber Security Awareness Month (NCSAM)! Are you ready for the next chapter in CISA’s Cyber Essentials Toolkit? Chapter 5 has been released and CISA states, “This chapter focuses on strategies for cultivating a proactive data protection culture aimed at making organizations more resilient against attacks that may harm data integrity or render data inaccessible. It includes links to resources for leaders to understand how to properly manage backups, and safeguard against ransomware, malware, and other attacks.”
 
To access these toolkits, click here

Alert (AA20-283A): APT Actors Chaining Vulnerabilities Against SLTT, Critical Infrastructure, and Elections Organizations

Published by the Cybersecurity and Infrastructure Security Agency (CISA) 9 October 2020
 
The Cybersecurity and Infrastructure Security Agency (CISA)  and the Federal Bureau of Investigation (FBI) has issued a new alert; this alert (AA20-283A) states, “CISA has recently observed advanced persistent threat (APT) actors exploiting multiple legacy vulnerabilities in combination with a newer privilege escalation vulnerability—CVE-2020-1472—in Windows Netlogon. The commonly used tactic, known as vulnerability chaining, exploits multiple vulnerabilities in the course of a single intrusion to compromise a network or application."
 
To read this alert, click here

Do Your Part. #BeCyberSmart

Published by the Cybersecurity and Infrastructure Security Agency (CISA) 1 October 2020
 
Did you know that October is National Cybersecurity Awareness Month (NCSAM)? Outreach and promotions regarding cybersecurity will be provided each week by the Cybersecurity & Infrastructure Security Agency (CISA), and the National Cyber Security Alliance (NCSA). You won’t want to miss out!
 
For more information, click here.

 

CISA and MC-ISAC Release Ransomware Guide

Published by the Cybersecurity and Infrastructure Security Agency (CISA) 30 September 2020
 
The Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing & Analysis Center (MS-ISAC) have released a new guide regarding ransomware: “...that details practices that organizations should continuously engage in to help manage the risk posed by ransomware and other cyber threats.”
 
To access this guide, click here

Telework Essentials Toolkit

Published by the Cybersecurity and Infrastructure Security Agency (CISA) 30 September 2020
 
A Telework Essentials Toolkit has recently been published by the Cybersecurity and Infrastructure Security Agency (CISA). According to CISA, this document is “...a comprehensive resource of telework best practices. The Toolkit provides three personalized modules for executive leaders, IT professionals, and teleworkers.”
 
To access this toolkit, click here.

Emergency Directive 20-04

Published by the Cybersecurity and Infrastructure Security Agency (CISA) 18 September 2020
 
An Emergency Directive has been released by the Cybersecurity and Infrastructure Security Agency (CISA). This Emergency Directive (20-04) from CISA concerns "a critical vulnerability affecting Microsoft Windows servers with the domain controller role. An unauthenticated attacker with only network access to the domain controller could exploit the vulnerability to completely compromise all Active Directory identity services.”
 
To read this Emergency Directive, click here

Understanding the Tactics of Ransomware Attacks

Published by Security Boulevard 10 September 2020
 
When surfing the internet, or checking your emails, are you aware of the dangers lurking online? Don’t become a victim of a ransomware attack, instead, be prepared to fight by understanding the strategy of your enemy.
 
To read this article, click here.

Iran-Based Threat Actor Exploits VPN Vulnerabilities

Published by the Cybersecurity and Infrastructure Security Agency (CISA) 15 September 2020
 
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a new alert; this alert (AA20-259A) states, “CISA and FBI are aware of an Iran-based malicious cyber actor targeting several U.S. federal agencies and other U.S.-based networks.”
 
To read this alert, click here

Chinese Ministry of State Security-Affiliated Cyber Threat Actor Activity

Published by the Cybersecurity and Infrastructure Security Agency (CISA) 14 September 2020
 
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert; this alert (AA20-258A) states, “The Cybersecurity and Infrastructure Security Agency (CISA) has consistently observed Chinese Ministry of State Security (MSS)-affiliated cyber threat actors using publicly available information sources and common, well-known tactics, techniques, and procedures (TTPs) to target U.S. Government agencies.”
 
To read this alert, click here.

Technical Approaches to Uncovering and Remediating Malicious Activity

Published by the Cybersecurity and Infrastructure Security Agency (CISA) 1 September 2020
 
Are you interested in learning how to mitigate malicious activity online? Well, you are in luck! An advisory, “Technical Approaches to Uncovering and Remediating Malicious Activity” has been released by the Cybersecurity and Infrastructure Security Agency, along with several international partners, and states “This joint guidance provides best practices to mitigate and detect common attack vectors; however, organizations are reminded to tailor mitigations specific to their own unique network environment.”
 
To access this document, click here

Operational Best Practices for Encryption Key Management

Published by the Cybersecurity and Infrastructure Security Agency (CISA) 25 August 2020
 
Encryption is an extremely important tool, as it provides an extra layer of cybersecurity. The Cybersecurity and Infrastructure Security Agency (CISA) has released on its website, the Operational Best Practices for Encryption Key Management along with the Encryption Key Management Fact Sheet. The email announcement from CISA states, “The Federal Partnership for Interoperable Communications (FPIC) in collaboration with SAFECOM and the National Council of Statewide Interoperability Coordinators developed this document as a way to further address critical encryption issues, including encryption key change periods and the continued use of the data encryption standard (DES).”
 
To access these documents, click here

Cyber Essentials Toolkits

Published by the Cybersecurity and Infrastructure Security Agency (CISA) 17 August 2020

 

Technology is an essential part of our everyday lives and it's important for operations to understand the fundamentals of cybersecurity to mitigate their risk of becoming a cyberattack victim. The Cybersecurity and Infrastructure Security Agency (CISA) has published a set of Cyber Essential Toolkits that focus on the individual, staff members and an operation's systems.

 

To access these toolkits, click here.

The State of Civil Aviation Cybersecurity

Published by Trip Wire 9 August 2020
 

Are you aware of the risks that the aviation industry faces due to cyberattacks? There are many different areas of aviation that could be affected: air traffic control (ATC) centers, airlines, supply vendors, airports and passengers. It’s important to remember that as more systems connect with each other and new technology is implemented, new cybersecurity risks emerge.

 

To read this article, click here

Garmin Ltd. (GRMN) Q2 2020 Earnings Call Transcript

Published by The Motley Fool 29 July 2020

 

In the world of aviation, many rely on apps and services provided by the company, Garmin. The company recently experienced a network outage, generated by a cyberattack. CEO Clifton Pemble stated, “We immediately assessed the nature of the attack and started remediation efforts. We have no indication that any customer data was accessed, lost or stolen.”

 

To read this article, click here.

Trade Groups Warn of Online Charter Fraud

Published by AINonline 15 July 2020

 

If you were to conduct a Google search for private air charter, it is highly likely that you would come across an ad promoting a website that offers this service. However, chances are this website is fake, created by fraudsters looking to take advantage. Prior to booking any travel, it’s important to do your research.

 

To read this article, click here

Report COVID-19 Fraud

Published by The United States Department of Justice
 
The United States Department of Justice is reminding people to be on the lookout for any COVID-19 fraud schemes involving the IRS, testing and treatment of the virus, and antibody testing; and to report any suspicious activity.
 
For more information, click here

Radio Frequency: An Airborne Threat to Corporate and Government Networks

Published by Security Magazine 6 July 2020

 

Radio frequency (RF) plays a huge part within the aviation industry and is required to use while operating an aircraft. Malicious users take advantage of the different devices and networks to intercept RF communications. “According to the annual Ericsson report, there are more than 22 billion connected devices – 15 billion of these devices contain radios – making them targets for an RF breach. Nations and enterprises are more at risk of a radio-based attack than ever before.”

 

To read this article, click here

Cyber Researchers Devise Method to Pinpoint Location of Drone Operators

Published by HS Today 6 July 2020

 

Drones can be extremely helpful and useful in some respects; but can also be a threat to protected airspace. HS Today states, “While some disruptive drone use is mere carelessness, the threats from malicious use include surveillance and active attacks.” Due to these threats, researchers at Ben-Gurion University of the Negev (BGU) have made it possible to: “...pinpoint the location of a drone operator who may be operating maliciously or harmfully near airports or protected airspace by analyzing the flight path of the drone.”

 

To read this article, click here

Ransomware Attacks Spike by 140%, 57% of Organizations Agree to Pay

Published by Atlas VPN 9 June 2020

Just because something hasn’t happened to you yet, doesn’t mean it can’t happen in the future. Murphy’s Law states, “Anything that can go wrong, will go wrong.” This is why it’s crucial to know how to protect your organization/business from ransomware. Atlas VPN states, “Data extracted and analyzed by Atlas VPN reveals, the amounts of demanded ransom payments increased by 140%, comparing the numbers of 2018 to 2019. More and more organizations succumb to blackmail: 57% of organizations settled and paid the ransom during the last 12 months.”

To read this article, click here.

Opinion: Aviation’s Cybersecurity Imperative

Published by Aviation Week 22 May 2020

Cybersecurity is essential in the aviation industry to mitigate threats to aircraft, in-flight systems, ground facilities, sensitive security information (SSI) and more. As technology grows at a rapid rate, so does the need for security. Aviation Week states, “In the years ahead, the industry will need to invest in expanded education and training as well as research to secure high-assurance systems that can be updated with minimal impact on certification.”

To read this article, click here.

PODCAST: Connected Aircraft Cybersecurity 101 With the Satcom Guru

Published by Aviation Today 16 March 2020

Cybersecurity is an extremely broad subject and is used across many industries, including aviation. Peter Lemme, a former Boeing engineer, speaks about cybersecurity and the potential security risks that operators see while in flight. To listen to this episode on the Global Connected Aircraft podcast, click the link below!

To read this article, click here.

'Flight Risk' Employees Involved in 60% of Insider Cybersecurity Incidents

Published by ZDNet 20 May 2020

ZDNet states, “Employees planning to leave their jobs are involved in 60% of insider cybersecurity incidents and data leaks, new research suggests.” Many aspects of the aviation industry are sensitive and require protection. Take a moment and think... what if one of your employees resigned and took with them critical security information regarding your operation? Do you have a plan in place to mitigate insider threat? If you don’t, you may want to look into it.

To read this article, click here.

Cyber Security in Shipping During COVID-19 Pandemic

Published by Hellenic Shipping News 5 May 2020

The phrase ‘a new normal’ can be hard to digest, as change can be daunting. Despite this, we all need to adapt to this new way of living, especially companies and organizations. Orders concerning social distance have forced millions to start working remotely, and this includes employees of shipping companies. However, working from home raises concerns with regards to cybersecurity and puts operations at risk.

To read this article, click here. 

Aviation & Defense Cyber Security Market - Current Impact to Make Big Changes | Lockheed Martin, IBM, Rockwell Collins

Published by Open PR 30 April 2020

Cybersecurity is extremely important as it puts a plan in place to help protect and defend against possible cyber attacks/threats. It is especially crucial because of the simple fact - technologies are always advancing. Open PR states, “During these suspicious times, governments and organizations are investing more in the cybersecurity of defense and aviation products and services than they have ever before. The key factor of investment in the cybersecurity segment due to significant tension between the necessity for technology developments and simultaneously preventing these technologies from cyber-attacks.”

To read this article, click here.

SIM Swapping: A Route for Criminals to Target Those Preoccupied by COVID-19 Pandemic

Published by Homeland Security Today 22 April 2020
 
Technology continues to improve and our mobile devices keep us connected to many aspects of our lives. Homeland Security Today states, “SIM Swapping is a form of unauthorized access to your data through your cell phones". Using this technique criminals gain open access too many of the same accounts you can reach through your computer.
 
To read this article, click here.

Online Extortion Scams Increasing During the COVID-19 Crisis

Published by Homeland Security Today 22 April 2020
 
Stuck at home, millions of people are trying to find ways to combat their boredom. Many turn to their computers, cell phones, iPads and other devices. While keeping busy via the internet may be a way to pass time, users should still be careful. Cyber crime continues to be a growing concern with online extortion scams on the rise during the current “stay- at-home” orders.
 
To read this article, click here.

Defending Aviation From Cyber Attack

Published by Tech Radar 16 April 2020

Cyber security has become a popular topic over the years as these types of threats are becoming more and more apparent. The aviation industry faces potential cyber threats that could be damaging to your operation. These threats can effect numerous aspects of the aviation industry: passenger safety, crew safety, financial loss and more.


To read the article and learn more, click here.

Deal with Ransomware the Way Police Deal with Hostage Situations

Published by Homeland Security News Wire 27 March 2020
 
How much would you pay a perpetrator to retrieve back your sensitive files and data that had been stolen? Can't think of a price? Thinking this would never happen to you? Think again. Over 600 government agencies endured ransomware attacks within the first 9 months of 2019. The best course of action to prevent falling victim to this type of attack is preparation. Educate yourself on best cyber security practices to remain protected. 
 
To learn more, click here

How to Avoid Falling Victim to a COVID-19 Phishing Attack

Published by 101 Domain 23 March 2020
 
Since the coronavirus has made its way across the globe, hackers have 'gone phishing' trying to hook their victims. Knowing most people are on high alert due to recent health issues arising, hackers are taking advantage of our fears. Be aware of the new scams that have appeared and know what to look for. 
 
To read more, click here

 

Hackers Are Using These Fake Coronavirus Maps to Give People Malware

Published by Business Insider 12 March 2020

Coronavirus is a global pandemic affecting numerous aspects of our daily lives. During this pandemic, hackers are taking advantage of opportunities to gain access to your systems, sensitive security information (SSI) and personal identifiable information (PII). Educate yourself on safe practices and know what to look for; double check to see if you are on a secured website and ensure what you are downloading doesn’t result in malware. Stay vigilant.

To read this article and learn more, click here.

 

 

Protecting Against Cybersecurity Threats When Working From Home

Published by The National Law Review 11 March 2020

How can we stop the spread of coronavirus? The answer - isolation. While the answer seems simple, it's not that easy to isolate yourself when you have to get up every morning and go to work. 

Organizations are taking extreme efforts to help stop the spread of COVID-19; some entities are advising staff to start working from home. Even though that helps mitigate exposure, there are concerns about how to keep sensitive information and data secured. The National Law Review provides some great tips on how to remain secure with remote employees.

To read this article, click here.

Exclusive: Details of 10.6 Million MGM Hotel Guests Posted on a Hacking Forum

Published by ZDNet 19 February 2020

Personal information including dates of birth, home addresses, full names, emails and phone numbers were released in a large data dump on a hacking forum. The data was obtained through a hacking breach against MGM Resorts and affected more than 10 million guests, including government officials, celebrities, reporters and tech CEOs.

To read this article, click here.

 

Cyber-security Threat Guidance Published by ACI World

Published by International Airport Review 11 February 2020

A new handbook has been published by the Airports Council International (ACI) World, providing information on cybersecurity to airports. The handbook is intended to help airports examine their current cyber defenses as well as educate them on how to maintain and strengthen their security systems.

To read this article, click here.

Medical Devices' Vulnerability to Cyber Attacks

6 February 2020

The healthcare industry is a regular target for cyber attacks and medical devices are especially vulnerable, according to recent articles in Homeland Security Today and HeathcareITNews. The devices, which monitor everything from a patient’s insulin level to their heartbeat, are connected to healthcare IT systems and contain sensitive data. Despite this, they hold few, if any, cybersecurity technology and are extremely easy to hack into, experts say.

To read the article in Homeland Security Today, click here.

To read the article in HealthcareITNews, click here.

 

Cybersecurity Expert Explains How Scammers are Taking The Coronavirus Online

Published by WECT 6 News 31 January 2020

Online searches for the coronavirus have become opportunities for cyber criminals and experts are warning users to avoid anything that doesn’t look quite right. One cybersecurity firm says it has discovered docx, mp4s and pdfs that contain malicious files, which can quickly advance through networks, taking over multiple computers. The files, which claim to have links to videos on protection from the coronavirus, can target personal information, a company’s sensitive data or just corrupt a computer system.

To read this article, click here.

 

 

Nintendo Hacker Pleads Guilty

Published by ZDNet 4 February 2020

A 21-year-old man faces up to five years in prison after pleading guilty to hacking a second time into Nintendo’s system, downloading proprietary and confidential data, and then releasing that information online. The man used a vulnerability in Nintendo’s servers and a phishing email to gain access in the two hacking events.

To read this article, click here.

Preparing for Increased Geopolitical Tensions and Threats

Posted by Cyber and Infrastructure Security Agency (CISA) 6 January 2020

CISA has released a preparation guide for navigating the increase in threats, both cyber and physical, against the United States. Reviewing and implementing the CISA Cyber Essentials can increase your defenses against a cyberattack immediately. An actionable checklist has also been provided to assist in protecting against Cyber and Physical attacks.

Click here to download the full CISA Insight Guide.

What is Cybersecurity?

Published by Cybersecurity and Infrastructure Security Agency (CISA)

Educate yourself on cybersecurity with this informative article from the Cybersecurity and Infrastructure Security Agency (CISA). Learn how to improve your cybersecurity, what falls under cybersecurity and what the risks associated with poor cybersecurity are.

Click here to read more.

CISA Releases Cyber Essentials for Small Businesses and Governments

Distributed by the U.S. Department of Homeland Security (DHS) Private Sector Office 6 November 2019

 

Cybersecurity is often discussed from a national perspective, but even smaller government and business organizations are vulnerable. This is why the Cybersecurity and Infrastructure Security Agency (CISA) has released a new guide specifically created for these entities.

 

Click here to read the full notice.

U.S. Official Visits Minneapolis to Cite Cyber Threats

Posted by Neal St. Anthony with the StarTribune 4 November 2019

The director of the National Counterintelligence and Security Center (NCSC) voices concern over the ability of the U.S. to protect its critical infrastructure from cybersecurity threats.

Click here to read the full article.

National Cybersecurity Protection System (NCPS)-Intrusion Detection

Released by DHS/CUSA/PIA-033 25 September 2019

How are federal network systems protected and defended against cyber threats? This report explains how information related to known or suspected cyber threats is collected by the National Cybersecurity Protection System (NCPS).

Click here to download the assessment.

DHS Gives Cybersecurity Warning to Small Aircraft Owners Podcast

Published by National Business Aviation Association (NBAA) 12 August 2019

Several steps have been voluntarily taken in the aviation industry to address the risk of unauthorized aircraft access. This podcast, hosted by NBAA, discusses these measures in response to a warning issued by the Department of Homeland Security (DHS) concerning small aircraft and restricted access.

To listen to the podcast, click here.

Civil Aviation Cybersecurity Information Repository

Published by International Civil Aviation Organization (ICAO)

Building a solid cybersecurity structure to keep air transportation safe is of great importance to the ICAO. This link discusses Civil Aviation and Cybersecurity.

Click here for details.