Logo

American Security Council Foundation

Back to main site

Alan W. Dowd is a Senior Fellow with the American Security Council Foundation, where he writes on the full range of topics relating to national defense, foreign policy and international security. Dowd’s commentaries and essays have appeared in Policy Review, Parameters, Military Officer, The American Legion Magazine, The Journal of Diplomacy and International Relations, The Claremont Review of Books, World Politics Review, The Wall Street Journal Europe, The Jerusalem Post, The Financial Times Deutschland, The Washington Times, The Baltimore Sun, The Washington Examiner, The Detroit News, The Sacramento Bee, The Vancouver Sun, The National Post, The Landing Zone, Current, The World & I, The American Enterprise, Fraser Forum, American Outlook, The American and the online editions of Weekly Standard, National Review and American Interest. Beyond his work in opinion journalism, Dowd has served as an adjunct professor and university lecturer; congressional aide; and administrator, researcher and writer at leading think tanks, including the Hudson Institute, Sagamore Institute and Fraser Institute. An award-winning writer, Dowd has been interviewed by Fox News Channel, Cox News Service, The Washington Times, The National Post, the Australian Broadcasting Corporation and numerous radio programs across North America. In addition, his work has been quoted by and/or reprinted in The Guardian, CBS News, BBC News and the Council on Foreign Relations. Dowd holds degrees from Butler University and Indiana University. Follow him at twitter.com/alanwdowd.

ASCF News

Scott Tilley is a Senior Fellow at the American Security Council Foundation, where he writes the “Technical Power” column, focusing on the societal and national security implications of advanced technology in cybersecurity, space, and foreign relations.

He is an emeritus professor at the Florida Institute of Technology. Previously, he was with the University of California, Riverside, Carnegie Mellon University’s Software Engineering Institute, and IBM. His research and teaching were in the areas of computer science, software & systems engineering, educational technology, the design of communication, and business information systems.

He is president and founder of the Center for Technology & Society, president and co-founder of Big Data Florida, past president of INCOSE Space Coast, and a Space Coast Writers’ Guild Fellow.

He has authored over 150 academic papers and has published 28 books (technical and non-technical), most recently Systems Analysis & Design (Cengage, 2020), SPACE (Anthology Alliance, 2019), and Technical Justice (CTS Press, 2019). He wrote the “Technology Today” column for FLORIDA TODAY from 2010 to 2018.

He is a popular public speaker, having delivered numerous keynote presentations and “Tech Talks” for a general audience. Recent examples include the role of big data in the space program, a four-part series on machine learning, and a four-part series on fake news.

He holds a Ph.D. in computer science from the University of Victoria (1995).

Contact him at stilley@cts.today.

Feds can now spot the signs of pandemic phishing

Thursday, April 30, 2020

Categories: ASCF News Emerging Threats Cyber Security

Comments: 0

The coronavirus pandemic has presented cybercriminals with a crisis to exploit, and many are choosing phishing emails as their weapon of choice.

These emails are a form of fraud that aims to steal personal information. At NASA, phishing emails have bombarded employees at twice the rate it’s used to, according to an April 6 memo.

The Department of Defense has seen a “surge” in spear-phishing attempts exploiting the pandemic, Lt. Gen. Bradford Shwedo, the chief information officer of the Joint Chiefs of Staff, said at an April 13 news conference.

And the U.S. Agency for International Development has seen an “uptick” in cyber activity, including phishing attacks.

Generally, agencies receive thousands, or sometimes tens of thousands, of phishing attempts each day, and IT leaders across the federal government are broadly seeing the same number of phishing attacks. But according to a survey from Fifth Domain, more hackers are trying to use the COVID-19 pandemic to trick their way in through the front door.

Fifth Domain contacted the 24 Chief Financial Officers Act agencies to see how phishing attempts have changed in recent weeks. Just under half of those agencies provided substantial responses.

According to research from Zscaler, a cloud security company, its corporate customers faced an 85 percent increase in COVID-19 phishing attempts from January to March. Several of these emails asked for personal information while masked as government agencies.

“You can talk to any cybersecurity professional and they’ll tell you all of the technical countermeasures they put in place cannot really do anything to negate an employee doing the wrong thing, mostly unknowingly doing the wrong thing because they just don’t understand what they’re doing,” said Marianne Bailey, leader for Guidehouse’s cybersecurity practice and former principal director for cybersecurity in the DoD CIO’s office. “And phishing is the perfect way to deliver a malware or package. It’s the perfect way because oftentimes it is directed toward a specific individual.”

A Department of Commerce memo to employees from March 20 warned of an “increase in scams and phishing attempts that reference the ongoing COVID-19 outbreak.” It also warned of emails impersonating the Centers for Disease Control and Prevention, the Department of Health and Human Services, and the World Health Organization. A spokesperson declined to comment.

In the memo, the agency detailed several signals of phishing emails, including unprofessional spelling or grammatical mistakes, as well as unusual formatting. It urged employees to avoid clicking on links and files in suspicious emails.

The departments of Veterans Affairs and Justice each said they have experienced an increase in coronavirus-themed cyberattack attempts.

“While VA has not seen an increase in phishing attempts, we have seen a change from normal phishing-related themes to a focus on COVID-related themes,” said Joe Williams, a spokesman for the VA.

The Federal Emergency Management Agency, which is leading the government’s COVID-19 response, has not experienced an increase, a spokesperson said.

Several agencies told Fifth Domain they’ve completed anti-phishing training for employees and that department IT officials are constantly communicating with employees about threats.

Some anti-phishing efforts appear to be working. The Department of Education’s security operations center has received a “considerable” increase is reported phishing attempts from employees, according to a spokesperson, but hasn’t observed an increase in overall phishing attempts.

Last week, after an employee at the Department of Housing and Urban Development reported a phishing email to the department’s Cyber Incident Response Team, the team searched 44,000 HUD inboxes, finding 4,366 malicious emails, a department spokesperson told Fifth Domain.

Fifth Domain shared the results of its survey with experts from threat intelligence firm Mandiant, who said that the numbers aligned with what the company has observed.

“There has not been a pronounced change in the threat of spear-phishing but also other malicious activity that we’ve seen,” said Ben Read, senior manager at Mandiant.

“There are people doing them, and they are still the same people,” Read said. “There hasn’t been a massive increase in the … cyberespionage or cybercriminal workforce that would facilitate more spear-phishes.”

The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, which is charged with protecting federal networks, referred Fifth Domain to a joint phishing alert released April 8 with the United Kingdom’s National Cyber Security Centre, but did not offer insight into any changes in phishing attempts against DHS or federal networks.

The National Science Foundation, the Nuclear Regulatory Commission, the Office of Personnel Management and the Federal Emergency Management Agency did not report increases.

Photo: Several agencies told Fifth Domain they've seen changes in phishing attempts against their employees. (jaminwell/Getty Images)

Link: https://www.fifthdomain.com/civilian/2020/04/29/amid-pandemic-several-agencies-have-seen-changes-in-phishing-lures/

Comments RSS feed for comments on this page

There are no comments yet. Be the first to add a comment by using the form below.