Category Archives: NSA

Published 4:59 pm Tuesday, January 30, 2024

Most kids only dream about making it to the Super Bowl, but for former Nansemond-Suffolk Academy star Cole Christiansen, getting to the big game is old hat at this point. The former Saint and Army product was part of the Chiefs practice squad last year when Kansas City defeated the Philadelphia Eagles in Super Bowl LVII. Christiansen was elevated to the active roster and will travel with the Chiefs to Las Vegas for Super Bowl LVIII, where he and his teammates hope to become the first back-to-back champions since Tom Brady and the New England Patriots 2003-2004 team.

It definitely meant a lot last year, but this ones gonna be really, really, really special, Christiansen told the Suffolk News-Herald. Even this past AFC Championship game had a little more meaning to it. Being a part of the team and having grass stains on my uniform, like I really contributed, it really meant a lot.

Being close to home and winning the AFC Championship allowed more family and friends to be in the stands to watch him play.

I had my parents, my fiancee, my middle sister, my financial adviser, his wife, and then two of my parents friends came, Christiansen said. So we had a big crew, and they had a blast being there. It really made me happy knowing that they were up there watching me.

Christiansen said his family is excited about this trip to the Super Bowl, especially having him suited up and likely to see action on the field. Cole says no one is more excited than his father, David.

Theyre so pumped, Christiansen said about his family. They honestly are more thrilled than I am. Dad especially because he has been my number one supporter my whole life in football. My mom, too, honestly, but my dad really just loves being at the tailgates, like when I was in college, they would drive up every single weekend, and they were the king and queen of the Army tailgate. My dad [would] be out there at six in the morning grilling for all the dads, and theyd be out there until 10 oclock at night after the game with all my buddies. So, he doesnt want this train to end. So, every time he gets to go to another football game, hes just so excited, and then to be able to go to the Super Bowl twice, I mean, the guy is losing his mind. Its awesome.

Cole was able to defer his military commitment out of college to pursue his career in the NFL. Still, after his NFL ride is over, Cole will jump into another uniform to defend our nation in the United States Army. However, his NFL opportunity almost wasnt available. Before a last-minute change to the National Defense Authorization Act in 2019, upperclassmen at service academies could only pursue professional careers after fulfilling their service obligations.

When I went in, they werent letting us go to the league, he said. All the way up until my senior year, the rule was still that you would serve first, play second. Then, we were actually at the White House accepting the commander-in-chief trophy the second time, and President Donald Trump found out that we had to serve first, and he said I want to change that rule; called his lawyer while we were in the Oval Office talking to him and says I want to do this, I want to sign an Executive Order to let them play. Fast forward like three months, the rules change.

Cole played a pivotal role in the Chiefs defeat of the Buffalo Bills in the AFC Divisional Round on Jan. 23, 2024. With under 13 minutes to play in the game, with the Chiefs up three points and the Bills facing a fourth-and-five at their 30-yard line, Buffalo ran a fake punt most likely because they realized the Chiefs only had 10 players on the field. However, it only took one man Christiansen to stop Damar Hamlin two yards short of the line to gain, paving the way for another trip to the AFC Championship game in Baltimore, Maryland. The Chiefs defeated the Ravens 17-10 Sunday to secure a trip to Las Vegas, Nevada, for Super Bowl LVIII and a chance at a repeat.

On that play, Cole says Hamlin had been lined up on the opposite side of him the whole game, then came to his side. That was just one of four indicators the Chiefs special teams unit picked up on to determine the Bills would try the fake punt. Cole credits his teammates for setting the edge on their side, which allowed him to run down Hamlin for the stop.

I thought it was going to come to my side because he [Hamlin] originally switched his alignment to my side, Cole said. So, I went up the field to set the edge, but it [the play] goes away from me, and the rest of the guys did an awesome job setting the edge on their side, and I just ran him down from behind.

Cole earned Chiefs Special Teams Player of the Week for that play.

Super Bowl LVIII will take place in Las Vegas on Sunday, Feb. 11, at 6:30 p.m. and will be televised on CBS.

Photo courtesy of Cole Christiansen

Read the original:
Former NSA Saint has a chance to become repeat Super Bowl champion - The Suffolk News-Herald - Suffolk News-Herald

Teresa Shea, previously a vice president at the former Raytheon company, was added to the board of directors of Two Six Technologies, an Arlinton, Virginia-based company that provides national security customers with technology products and expertise.

The company said Friday that aside from her time as VP of cyber offense and defense experts within Raytheon Intelligence and Space, the executive has over three decades of experience in serving with the National Security Agency, where she held key leadership responsibilities such as delivering signals intelligence advice to the director of NSA, the director of national intelligence and government and military officers.

[Sheas] insights will enable us to understand the shifting priorities of the [intelligence community] and identify mission requirements that we can address with our innovative products, remarked Larry Prior, chairman of the Two Six board.

The executive also previously worked at In-Q-Tel and serves as president of Oplnet and as adviser on numerous boards including Cigent Technology and ZeroFox.

Read more:
NSA Veteran Teresa Shea Joins Board of Directors of Two Six Technologies - ExecutiveBiz

NEW YORK CITY Artificial intelligence and machine learning technologies are helping the National Security Agency and other U.S. government agencies detect malicious Chinese cyber activity, a top U.S. intelligence official said in remarks on Tuesday that indicate how U.S. security agencies are using the technology to improve computer defenses.

Speaking Tuesday at the International Conference on Cyber Security at Fordham University, Rob Joyce, the director of the NSA Cybersecurity Directorate, said that AI is helping his agency detect Chinese operations targeting U.S. critical infrastructure that might evade traditional defensive measures.

U.S. intelligence officials have warned in recent months that Chinese hacking groups are increasingly targeting power generation systems, ports and other critical infrastructure entities by using methods that analysts refer to as living off the land the use of tools, software and privileges already present on networks to achieve various objectives. Malware that would normally trip detection software or tools is never employed, making it much harder to detect.

Recent Chinese operations do not rely on traditional or known malware that might be easily flagged based on signatures, Joyce explained. Instead, the hackers takes advantage of architecture implementation flaws or misconfigurations, or default passwords to get into networks, create accounts or users that appear to be legitimate, which are then used to move around the networks or perform activities that typical users dont normally do.

AI tools are helping the NSA catch these operations. Machine learning, AI and big data help us surface those activities, Joyce said, because the models are better at detecting anomalous behavior of supposedly legitimate users.

Recent advances in AI and machine learning have raised concerns among researchers and security officials that they might provide an advantage to offensive cyber operations, but Joyce said Tuesday that hes encouraged by the defensive dividends offered by the technology.

Youre going to see that on both sides, people that use AI/ML will do better, Joyce said.

Joyce, his colleagues at the NSA and other agencies have been warning for months that China is aggressively targeting U.S. critical infrastructure in troubling ways. The U.S. government and Microsoft revealed in May 2023 that Chinese-linked operations were targeting critical infrastructure entities in the U.S. and Guam as part of a campaign tracked as Volt Typhoon.

Theyre not there for intelligence. Theyre not there for financial motivation. Theyre in places like electric, transportation, and ports, trying to hack in so they can cause societal disruption and panic at a time and place of their choosing, Joyce said Tuesday.

In November, Morgan Adamski, the director of the NSAs Cybersecurity Collaboration Center, told a crowd of industry analysts and researchers at the CYBERWARCON conference that China was penetrating crtiicial infrastructure and waiting for the best time to exploit these networks. In a call to action, Adamski urged the researchers to look for anomalous behavior beyond known malware in their networks and emphasized how serious the situation is.

The threat is extremely sophisticated and pervasive, she said, as reported by Wired at the time. It is not easy to find. It is pre-positioning with intent to quietly burrow into critical networks for the long haul. The fact that these actors are in critical infrastructure is unacceptable, and it is something that we are taking very seriously something that we are concerned about.

Read this article:
AI is helping US spies catch stealthy Chinese hacking ops, NSA official says - CyberScoop

Will the use of generative AI in Cybersecurity help countries and nations combat threats in cyber wars? The NSA thinks so. The attackers are chomping at the bit to cause problems to anyone online, and they are ramping up their technology skills to cause harm. Global cybercriminal groups have been on the offensive for years, but Rob Joyce, director of cybersecurity at the US NSA agency, told attendees at the Fordham University event in New York that generative AI is absolutely making us better at finding malicious activity, and he outlined the key benefits of the technology for use within security personnel.

Generative AI tools have been leveraged in a big way. Joyce noted that over the past year, a disproportionate effort has been placed by nefarious individuals to deploy the application of generative AI in the cybercriminal community. Joyce said that cybercriminal groups have been leveraging generative AI tools to turbocharge fraud and scams.

The NSA continued that generative AI in cyber security will offer practitioners marked benefits in combating attacks and cracking down on global cyber criminal groups.

Over the past year, generative AI has enabled bad actors to have the ability to launch a barrage of powerful and personalized social engineered attacks upon the online community at large. Researchers from Darktrace have raised concerns because of the increased AI-supported phishing attacks and have warned that hackers will use technology to fine-tune their techniques and attack and scam users. Rob Joyce, director of cyber security at the US NSA agency, goes on to assure the country that the national security bodies are harnessing the AI tools to great effect. He promises cybersecurity experts are getting as much out of generative AI as criminals.

In the cybersecurity conference, Joyce cites examples and use cases to show how to combat the threats of those who hide on the internet to cause harm, all the while posing as safe accounts. AI has long been a misunderstood research field. Still, it is unlikely that generative AI will ever be a silver bullet for cybersecurity practitioners, and it is not a super tool that will make an incompetent person competent.

Featured Image Credit: Cottonbro Studio; Pexels

Deanna is the Managing Editor at ReadWrite. Previously she worked as the Editor in Chief for Startup Grind and has over 20+ years of experience in content management and content development.

Read the original post:
NSA says cybersecurity will gain many benefits with generative AI - ReadWrite

A senior figure at the NSA has said that generative AI in cyber security will offer practitioners marked benefits in combating attacks and cracking down on global cyber criminal groups.

Rob Joyce, director of cyber security at the US agency, told attendees at an event at Fordham University in New York that generative is absolutely making us better at finding malicious activity and outlined key benefits of the technology for use among security personnel.

Joyce noted that, over the last year, a significant focus on the nefarious applications of generative AI have been a key talking point, particularly their use by cyber criminals.

Many threat actors and cyber criminal groups have been leveraging generative AI tools to turbocharge fraud and scams, he said.

Last year, researchers at Mandiant warned that generative AI will give threat actors the ability to launch a new wave of far more powerful and personalized social engineering attacks.

Mandiant's claims were just one of a number of warnings from security experts on the matter over the course of 2023. Research from Darktrace raised concerns about the prospect of AI-supported phishing attacks, warning that hackers could use the technology to fine-tune techniques and dupe users.

However, while Joyce said fears over the use of generative AI in cyber crime were justified, he also made clear the fact that national security bodies are harnessing these tools to great effect, and that cyber security experts were getting as much out of generative AI as criminals.

Citing examples and use-cases, Joyce said AI can be used to combat threat actors who hide on networks posing as safe accounts through vulnerability exploits.

As these sorts of accounts don't behave normally, AI and LLMs can be used by cyber security teams to aggregate activity and identify malicious activity.

Joyce warned, however, that generative AI wont represent a silver bullet for cyber security practitioners.

[AI] isnt the super tool that can make someone whos incompetent actually capable, but its going to make those that use AI more effective and more dangerous, he said.

Speaking to ITPro, Spencer Starkey, VP for EMEA at SonicWall, echoed Joyce's comments, adding that the use of AI tools in cyber security will prove vital for practitioners in the coming years and enable them to stamp out attacks far more effectively.

These technologies are perfect for spotting suspicious behavior and fending off cutting-edge threats because they can instantly analyze large volumes of data without requiring human oversight, he said.

RELATED RESOURCE

Discover how you can increase your IT team's productivity WATCH NOW

Cyber security experts are already using AI and ML to identify cyber attacks in real-time, which emphasizes the significance of their work in maintaining a secure online environment, he added.

While AI can sift through records of login activity and IP addresses to monitor unusual activity, it can also respond proactively if programmed to do so. Once a potential threat actor is identified, AI models can log out accounts or place restrictions on data deletion.

AI might even be able to predict attacks before they happen, if trained correctly, according to Own Companys Graham Russel.

A notable trend is the strategic use of backup files, he told ITPro. Traditionally seen as a safety net for data recovery, backup files are now being leveraged as a valuable resource for training and refining AI and machine learning models.

Incorporating backup files into AI and machine learning models allows organizations to simulate diverse scenarios, ensuring that the algorithms are robust and adaptable to real-world complexities," Russel added.

This approach not only optimizes the performance of AI applications but also enhances the accuracy of predictions and decision-making processes."

The use of generative AI in cyber security could also help crack down on voice and facial recognition scams, according to Nick France, CTO of Sectigo.

France told ITPro that AI's ability to analyze vast quantities of data and detect anomalies in speech patterns could uncover efforts to tamper with voice authentication and facial recognition processes.

The machine learning aspect of AI means that, when paired with security solutions such as identity verification and biometric authentication (voice or fingerprint), it improves in its detection over time, increasing accuracy but also reducing the number of false positives, he said.

And rather than having to wait after the scam has happened, AI has real-time capabilities that can make a decisive judgment call in the moment.

Visit link:
NSA: Benefits of generative AI in cyber security will outweigh the bad - ITPro

Rob Joyce, the Director of Cybersecurity at the National Security Agency (NSA), highlighted the escalating role of artificial intelligence (AI) in cyberattacks. Joyces insights reveal a concerning trend: the adoption of AI by state-backed hackers and criminal entities.

Joyce underscored that various criminal and nation-state actors now leverage AI technologies to enhance their cyber operations. As he pointed out, these entities have access to major generative AI platforms, significantly enhancing their capabilities. This trend marks a shift in the landscape of cyber threats, where AIs role is becoming increasingly prominent.

In response, U.S. intelligence, according to Joyce, is also utilizing AI and machine learning techniques to detect and counter these threats. This dual-edged nature of AI in cybersecurity presents a new dynamic where both attackers and defenders are harnessing the power of advanced technology.

At the core of the NSAs strategy is using AI, machine learning, and big data to identify malicious activities. Joyce noted that these technologies have proven effective in detecting unusual activities, especially in critical U.S. infrastructure sectors like electricity and transportation. The ability of AI to discern patterns and behaviors that deviate from the norm provides U.S. intelligence agencies with an upper hand in identifying and countering threats.

The NSA focuses not only on detecting traditional malware, but also on identifying the exploitation of vulnerabilities and implementation flaws. These sophisticated attack vectors allow adversaries to infiltrate networks and operate undetected, posing significant challenges to cybersecurity defenses.

A particular focus of Joyces address was the recent activities of China-backed hackers. These hackers, as Joyce explained, are targeting U.S. critical infrastructure in what is believed to be preparations for potential geopolitical conflicts, such as an anticipated invasion of Taiwan. The use of Artificial Intelligence by these actors complicates the cybersecurity landscape, as their methods are more sophisticated and harder to detect.

The U.S. intelligence community, leveraging AI tools, actively monitors and responds to these threats. AI is instrumental in identifying and mitigating actions of state-backed hackers, especially in scenarios where they mimic legitimate network users.

Generative AIs ability to create convincing computer-generated text and imagery has introduced new challenges in cybersecurity. These tools are now employed in cyberattacks and espionage campaigns, making detecting and preventing such activities more complex.

Joyce highlighted that Artificial Intelligence technologies, while not making an incompetent individual capable, significantly enhance the effectiveness of those who use them. For instance, AI-driven tools craft more convincing phishing emails and conduct more sophisticated hacking operations. These developments necessitate a robust response from national security agencies.

Read Also: Bitcoin ETFs: Is Hong Kong Brewing Strategic East-West Capital War?

Maxwell is a crypto-economic analyst and Blockchain enthusiast, passionate about helping people understand the potential of decentralized technology. I write extensively on topics such as blockchain, cryptocurrency, tokens, and more for many publications. My goal is to spread knowledge about this revolutionary technology and its implications for economic freedom and social good.

The presented content may include the personal opinion of the author and is subject to market condition. Do your market research before investing in cryptocurrencies. The author or the publication does not hold any responsibility for your personal financial loss.

Link:
AI Identified as Emerging Threat in Cyber Crime by NSA Director - CoinGape

Cybercriminals of all skill levels are using AI to enhance their abilities, but AI is also helping to hunt them down, security experts have warned.

At a conference at Fordham University, National Security Agencys director of cybersecurity, Rob Joyce, said that Chinese hacking groups are being assisted by AI to slip past firewalls when infiltrating networks.

Hackers are using generative AI to improve their use of English in phishing scams, and also using it for technical guidance when infiltrating a network or launching an attack, Joyce warned.

2024 is set to be a critical year for state-backed hacking groups, particularly those working on behalf of China and Russia. Taiwans presidential election kicks off in just a few days, which China will be looking to influence in its pursuit of reunification. But eyes will also be on the US elections coming up in November and the UK is expected to hold a general election in the second half of 2024.

China backed groups are already developing highly effective methods for infiltrating organizations and are using AI to do so. Theyre all subscribed to the big name companies that you would expect - all the generative AI models out there, Joyce says. Were seeing intelligence operators [and] criminals on those platforms.

The US experienced an increased number of attacks on critical energy and water infrastructure sites in 2023, which US government officials attributed to groups linked to China and Iran. One of the attack methods used by the China backed Volt Typhoon group involves accessing a network covertly and then using built-in network administration tools to perform attacks.

While no particular examples were given of recent attacks involving AI, Joyce points out, Theyre in places like electric, transportation pipelines and courts, trying to hack in so that they can cause societal disruption and panic at the time in place of their choosing.

China backed groups have been gaining access to networks by abusing implementation flaws - bugs caused by poorly implemented software updates - and then establishing themselves what would appear to be a legitimate user of the system. However, their activities and traffic within the network is often unusual.

Joyce explains that, Machine learning, AI and big data helps us surface those activities [and] brings them to the fore because those accounts dont behave like the normal business operators on their critical infrastructure, so that gives us an advantage.

Just as generative AI is expected to help bridge the skills gap in cybersecurity by providing insights, definitions and advice to those working in the industry, it can also be reverse engineered or abused by cybercriminals to provide guidance on their hacking activities.

Joyce explained that AI is not a silver bullet that can suddenly make someone with no experience into a cybercriminal mastermind, but its going to make those that use AI more effective and more dangerous.

Via TechCrunch

View post:
AI is helping China-backed hackers but it's also helping to hunt them down, NSA says - TechRadar

A new advisory from signals intelligence and cybersecurity experts at the National Security Agency (NSA) highlights the top 10 most common cybersecurity misconfigurations in large organisations including regular exposure of insecure Active Directory Certificate Services.

It comes as the NSAs Cybersecurity Director Rob Joyce warned that if your infrastructure cant survive a user clicking a link, you are doomed.

"Im the director of cybersecurity at NSA and you can definitely craft an email link I will click he added on X writing as generative AI models make it far easier for non-native speakers to craft convincing phishing emails and as such campaigns remain highly effective for threat actors.

The list is a useful guidebook to those seeking to secure IT estates and is no doubt based in part on the NSAs extensive experience of breaching services, as well as support defending CNI. To The Stack, it is also a crisp reminder that strict organisational discipline is critical for cyber hygiene.

Too many network devices with user access via apps or web portals still hide default credentials for built-in administrative accounts. (Cisco, were looking at you, you, you. (Others are also regularly guilty.) The problem extends to printers and scanners with hard coded default credentials on them but are set up with privileged domain accounts loaded so that users can scan and send documents to a shared drive).

NSA says: Modify the default configuration of applications and appliances before deployment in a production environment . Refer to hardening guidelines provided by the vendor and related cybersecurity guidance (e.g., DISA's Security Technical Implementation Guides (STIGs) and configuration guides)

More specifically on default permissions risks, NSA says it regularly says issues with configuration of Active Directory Certificate Services (ADCS); a Microsoft feature used to manage Public Key Infrastructure (PKI) certificates, keys, and encryption inside of AD environments.

Malicious actors can exploit ADCS and/or ADCS template misconfigurations to manipulate the certificate infrastructure into issuing fraudulent certificates and/or escalate user privileges to domain administrator privileges it warns, pointing to ADCS servers running with web-enrollment enabled; ADCS templates where low-privileged users have enrollment rights and other associated issues with external guidance on a handful of known escalation paths here, here and here.

Ensure the secure configuration of ADCS implementations. Regularly update and patch the controlling infrastructure (e.g., for CVE-2021-36942), employ monitoring and auditing mechanisms, and implement strong access controls to protect the infrastructure. Disable NTLM on all ADCS servers. Disable SAN for UPN Mapping. If not required, disable LLMNR and NetBIOS in local computer security settings or by group policy.

Already have an account? Sign in

Read this article:
Top 10 misconfigurations: An NSA checklist for CISOs - The Stack

The National Security Agency and the Cybersecurity and Infrastructure Security Agency published on October 4, 2023, a document titled Identity and Access Management: Developer and Vendor Challenges. This new IAM CISA-NSA guidance focuses on the challenges and tech gaps that are limiting the adoption and secure employment of multifactor authentication and Single Sign-On technologies within organizations.

The document was authored by a panel of public-private cross-sector partnerships working under the CISA-NSA-led Enduring Security Framework. The ESF is tasked with investigating critical infrastructure risks and national security systems. The guidance builds on their previous report, Identity and Access Management Recommended Best Practices Guide for Administrators.

SEE: 8 Best Identity and Access Management (IAM) Solutions for 2023

In an email interview with TechRepublic, Jake Williams, faculty member at IANS Research and former NSA offensive hacker, said, The publication (its hard to call it guidance) highlights the challenges with comparing the features provided by vendors. CISA seems to be putting vendors on notice that they want vendors to be clear about what standards they do and dont support in their products, especially when a vendor only supports portions of a given standard.

Jump to:

The CISA-NSA document detailed the technical challenges related to IAM affecting developers and vendors. Specifically looking into the deployment of multifactor authentication and Single-Sign-On, the report highlights different gaps.

According to CISA and the NSA, the definitions and policies of the different variations of MFAs are unclear and confusing. The report notes there is a need for clarity to drive interoperability and standardization of different types of MFA systems. This is impacting the abilities of companies and developers to make better-informed decisions on which IAM solutions they should integrate into their environments.

The CISA-NSA report notes that vendors are not offering clear definitions when it comes to the level of security that different types of MFAs provide, as not all MFAs offer the same security.

For example, SMS MFA are more vulnerable than hardware storage MFA technologies, while some MFA are resistant to phishing such as those based on public key infrastructure or FIDO while others are not.

SEE: The 10 Universal Truths of Identity and Access Management (One Identity white paper)

The CISA and NSA say that the architectures for leveraging open standard-based SSO together with legacy applications are not always widely understood. The report calls for the creation of a shared, open-source repository of open standards-based modules and patterns to solve these integration challenges to aid in adoption.

SSO capabilities are often bundled with other high-end enterprise features, making them inaccessible to small and medium organizations. The solution to this challenge would require vendors to include organizational SSOs in pricing plans that include all types of businesses, regardless of size.

Another main gap area identified is MFA governance integrity over time as workers join or leave organizations. The process known as credential lifecycle management often lacks available MFA solutions, the CISA-NSA report stated.

The overall confusion regarding MFA and SSO, lack of specifics and standards and gaps in support and available technologies, are all affecting the security of companies that have to deploy IAM systems with the information and services that are available to them.

An often-bewildering list of options is available to be combined in complicated ways to support diverse requirements, the report noted. Vendors could offer a set of predefined default configurations, that are pre-validated end to end for defined use cases.

Williams told TechRepublic that the biggest takeaway from this new publication is that IAM is extremely complex.

Theres little for most organizations to do themselves, Williams said, referring to the new CISA-NSA guidance. This (document) is targeted at vendors and will certainly be a welcome change for CISOs trying to perform apples-to-apples comparisons of products.

Williams said another key takeaway is the acknowledgment that some applications will require users to implement hardware security modules to achieve acceptable security. HSMs are usually plug-in cards or external devices that connect to computers or other devices. These security devices protect cryptographic keys, perform encryption and decryption and create and verify digital signatures. HSMs are considered a robust authentication technology, typically used by banks, financial institutions, healthcare providers, government agencies and online retailers.

In many deployment contexts, HSMs can protect the keys from disclosure in a system memory dump, Williams said. This is what led to highly sensitive keys being stolen from Microsoft by Chinese threat actors, ultimately leading to the compromise of State Department email.

CISA raises this in the context of usability vs. security, but its worth noting that nothing short of an HSM will adequately meet many high-security requirements for key management, Williams warns.

The CISA-NSA document ends with a detailed section of key recommendations for vendors, which as Williams says, puts them on notice as to what issues they need to address. Williams highlighted the need for standardizing the terminology used so its clear what a vendor supports.

Chad McDonald, chief information security officer of Radiant Logic, also talked to TechRepublic via email and agreed with Williams. Radiant Logic is a U.S.-based company that focuses on solutions for identity data unification and integration, helping organizations manage, use and govern identity data.

Modern-day workforce authentication can no longer fit one certain mold, McDonald said. Enterprises, especially those with employees coming from various networks and locations, require tools that allow for complex provisioning and do not limit users in their access to needed resources.

For this to happen, a collaborative approach amongst all solutions is essential, added McDonald. Several of CISAs recommendations for vendors and developers not only push for a collaborative approach but are incredibly feasible and actionable.

McDonald said the industry would welcome standard MFA terminology to allow equitable comparison of products, the prioritization of user-friendly MFA solutions for both mobile and desktop platforms to drive wider adoption and the implementation of broader support for and development of identity standards in the enterprise ecosystem.

Create standard MFA terminology Regarding the use of ambiguous MFA terminology, the report recommended creating standard MFA terminology that provides clear, interoperable and standardized definitions and policies allowing organizations to make value comparisons and integrate these solutions into their environment.

Create phishing-resistant authenticators and then standardize their adoption In response to the lack of clarity on the security properties that certain MFA implementations provide, CISA and NSA recommended additional investment by the vendor community to create phishing-resistant authenticators to provide greater defense against sophisticated attacks.

The report also concludes that simplifying and standardizing the security properties of MFA and phishing-resistant authenticators, including their form factors embedded into operating systems, would greatly enhance the market. CISA and NSA called for more investment to support high-assurance MFA implementations for enterprise use. These investments should be designed in a user-friendly flow, on both mobile and desktop platforms, to promote higher MFA adoption.

Develop more secure enrollment tooling Regarding governance and self-enrollment, the report said its necessary to develop more secure enrollment tooling to support the complex provisioning needs of large organizations. These tools should also automatically discover and purge enrollment MFA authenticators that have not been used in a particular period of time or whose usage is not normal.

Vendors have a real opportunity to lead the industry and build trust with product consumers with additional investments to bring such phishing-resistant authenticators to more use cases, as well as simplifying and further standardizing their adoption, including in form factors embedded into operating systems, would greatly enhance the market, stated the CISA and the NSA.

Follow this link:
CISA and NSA Issues New Identity and Access Management Guidance for Vendors - TechRepublic

FORT MEADE, Md. - The National Security Agency (NSA) and U.S. partners have released a new report describing the latest techniques in phishing attacks and the defenses organizations can deploy against them. The Cybersecurity Information Sheet (CSI) Phishing Guidance: Stopping the Attack Cycle at Phase One outlines tailored cybersecurity controls for Information Technology (IT) departments to reduce phishing attacks, also known as electronically delivered social engineering. The Cybersecurity and Infrastructure Security Agency (CISA), NSA, the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) co-authored the CSI. Knowing how to navigate phishing danger is essential because anyone can fall victim to these attacks, said Eric Chudow, NSAs Cybersecurity System Threats & Vulnerability Analysis Subject Matter Expert. Cyber threat actors are constantly evolving their techniques and harnessing new technologies to their advantage, including artificial intelligence. They are also finding it easier to deceive people who have transitioned to hybrid work environments and have fewer-face-to-face interactions. Cyber actors employ a wide range of technologies and platforms to conduct phishing attacks. Common vectors include short messaging system (SMS) text messages and chats in platforms such as Slack, Teams, Signal, WhatsApp, iMessage, and Facebook Messenger. Such attacks may lure users into divulging their login credentials or clicking a malicious hyperlink or attachment which then executes malware. The CSI provides detailed mitigations to protect against login credential phishing and malware-based phishing, as well as steps for identifying and remediating successful phishing activity. It lists more than a dozen best practices for IT professionals to follow to avoid their organization being compromised, including phishing-resistant multi-factor authentication (MFA), phishing filters for links and attachments, protective DNS, application allow-lists, and remote browser isolation. Additional guidance in the CSI focuses on software manufacturers implementing secure by design and default tactics and techniques. Software manufacturers should develop and supply software that is secure against the most prevalent phishing threats. The co-authoring agencies urge organizations to hold software manufacturers to a secure-by-design technology standard and build these and other mitigations directly into products to protect users and organizations from phishings malicious effects. Read the full report here. Read NSAs secure-by-design guidance. Visit our full library for more cybersecurity information and technical guidance.

NSA Media Relations MediaRelations@nsa.gov 443-634-0721

Link:
How to Protect Against Evolving Phishing Attacks - National Security Agency