Resource Type: News

Featured on Fox 2 KTVU | December 4th, 2020

Tens of millions of Americans participated in cyber shopping during the weekend after Thanksgiving. Between Black Friday and Cyber Monday, deck KTVU’s Frank Mallicoat spoke to cybersecurity expert Randy Watkins, CTO of CRITICALSTART, a cybersecurity firm in Texas, about how to protect your personal information online

Featured on Fox News 13 Tampa | December 1, 2020

This holiday season is set to shatter online shopping records, as the pandemic pushes consumers online and shoppers are scoring deals from the safety of their homes.

The traditional Thanksgiving weekend shopping spree turned into a long lineup of digital deals this year.

“So it’s no longer just Black Friday to Cyber Monday, it’s two weeks before Thanksgiving and three weeks after Thanksgiving,” said Randy Watkins, chief technology officer for CRITICALSTART.

He says the convenience of shopping from the sofa also comes with serious threats. Usually, the hackers get into your accounts through your email.

The scammer’s goal is to get you to open an attachment that could install malicious software, or persuade you to enter private data like credit card information, usernames and passwords so they can steal your hard-earned money.

“An attacker does not care about your Walmart account, your Target account, your Amazon account, what they care about is that you probably use that same username and password for your Chase account, your Wells Fargo account, your Bank of America account,” Watkins said.

With all the deceptive ads and phishing attacks, it is tough to know what to trust. Experts say to be on the lookout for fake websites and emails that look like the real thing. Instead of clicking links, navigate to the website on your own and only shop with reputable retailers.

“If it seems too good to be true, it probably is. You’re not gonna get the $5,000 TV for $400,” said Watkins.

In the Tampa Bay area, scammers trick people out of millions of dollars every year, which is why you need to be vigilant and skeptical when loading up your shopping cart online.

“The tricky thing about this is it’s really hard to catch the people who perpetrate these,” explained Hillsborough County State Attorney Andrew Warren. “It’s hard to identify them, it’s hard when they don’t live in this country, and it’s really hard to prosecute them.  That’s why the best response to this is trying to protect yourself before the fraud ever occurs so that the scammers never end up taking your money.”

Tips to Guard Against Attackers: https://www.criticalstart.com/how-retailers-can-be-ready-for-black-friday-and-cyber-monday/

Retail stores should be taking heightened security measures during the holiday season to protect their customers against cyberattacks, according to a cybersecurity company.

Black Friday may be more prone this year to cyberattacks as more consumers are choosing to shop online due to the coronavirus pandemic, cybersecurity company CRITICALSTART said recently.

Experts like Randy Watkins with CRITICALSTART, a Managed Detection and Response company that monitors cyber-attack detections, says extra caution is necessary when you’re digging for deals.

There are several ways to watch out for your personal information while you surf the internet to ensure your holiday shopping is “hacker free.”

“They don’t even really have to hack, they just have to convince you to give them your information,” Watkins said.

The first thing he says is to always be skeptical.

“Unfortunately, we have to live in a world of skepticism and vigilance when it comes to our security,” he added.

For all you online shoppers, he says, steer clear of site impersonations.

“An attacker will attempt to look like a large retailer and they will approach the user and convince them to log in to that website to capture the username and password,” Watkins said.

Hackers and scammers may use the large window of deals that retailers have created to lure potential victims to provide their sensitive information.

“A flood of aggressive advertising via social media and email may prompt consumers to dismiss red flags, making them even more susceptible to credential-harvesting phishing scams, account takeover and fraud,” the company said.

Consumers can protect themselves from having their information stolen from criminals in the following ways:

• Inspect “appointment shopping” offers online closely
  Many stores will be offering “appointment shopping” this year to avoid hectic crowds and limit the spread of COVID-19. Before reserving an early spot you see on social media to get that deep discount, be sure to check the store or vendor’s official website to see if the offer is legitimate.
  
• Be cautious of QR codes
  QR codes, those scan-able black and white squares have also seen a rise during the pandemic. While this is time-efficient, cybercriminals can create malicious QR codes to redirect users to fake websites and steal personal data or to install malware on personal devices, CRITICALSTART said.
  
• Distance yourself from fake accounts
  Cybercriminals often use social-media scams to steal people’s data by impersonating other people’s or companies’ accounts. These types of attacks are becoming harder to spot as scammers are now using visual security questions to bypass normal safety features.

Featured on 12 News Phoenix | November 23, 2020

Without a clear winner, there is a big opportunity for disinformation campaigns.

Cybercriminals are “relishing in the madness” of those trying to sow further discord as the presidential election outcome remains unknown.

That’s according to Jerry Ray, SecureAge‘s COO. He and other cybersecurity experts were anxious to weigh in Wednesday as efforts continue to determine the election outcome.

“The higher the temperature of those defending or defaming the election results, the lower their awareness of the multitude of attacks awaiting them,” Ray said.

Those attacks include phishing emails, fraudulent websites and other tactics to exploit the “highly distracted,” he said.

“As the votes continue to be counted, the most inevitable and effective cyberattacks will be subtle, unnoticed, unattributable and masked within the culture of doubt and suspicion cast upon the election for the sake of either plausible deniability by the victors or grounds for dispute by the vanquished,” Ray said. “With only a fraction of 1 percent of the voting population determining the outcome, the attackers need only work in the margins and against those least able to defend themselves or least likely to notice.”

No Voting Machine Hacks Reported

Allyn Lynd is Critical Start‘s senior digital forensics and incident response (DFIR) adviser/manager.

“There are currently organizations reporting what they believe are irregularities in voting-polling rolls, but no actual voting machine hacks,” he said.

There are credible reports of uncounted votes stemming from someone else registering for an absentee ballot to a bogus address.

“Again, this is not an issue with the voting machines, but an issue with the voting ecosystem,” Lynd said.

This adds to the confusion as results remain uncertain, he said.

Brandon Hoffman is NetEnrich‘s CISO. He said there’s a big opportunity for disinformation campaigns to continue to erode confidence in the election process.

“Sowing discord will help future campaigns with a more malicious intent,” he said. “As they foment unrest, people are more likely to click on emails and sites that echo their own sentiments that have been stoked by these information warfare exercises.”

Hacking Democracy

Joseph Carson is chief security scientist and advisory CISO at Thycotic. He said attackers continued to focus cyberattacks at the election campaigns. Furthermore, they focused on creating disinformation on social media, all focused at generating distrust in the system.

“Hacking an election is not about influencing the outcome, it is about hacking democracy,” he said. “It is always important to see the ultimate motive. And hacking democracy is about dividing people, creating distrust in both your government and your fellow citizens.”

Tim LeMaster is senior director of systems engineering at Lookout.

“There was a lot of work going on behind the scenes to coordinate election security issues, both in terms of threats, but also best practices and security guidance,” he said. “There was a significant focus this year on recognizing and removing disinformation from social media. With so many Americans using those platforms, it’s important to have some amount of monitoring in place to limit foreign attempts to spread misinformation that would further divide the citizens.”

Coordinated Efforts Needed

Moving forward, there will be a growing need for coordinated efforts around sharing threat data and government guidance, LeMaster said.

“Organizations like the U.S. Election Assistance Commission (EAC) will play an even larger role in coordinating some of that activity,” he said. “The emergence of groups like Defending Digital Campaigns is an encouraging sign that things are headed in this direction.”

Mark Kedgley is CTO at New Net Technologies (NNT). He said as society becomes more automated, ensuring the integrity of democratic processes needs “serious care and attention.”

“As the Hall County, Georgia, case indicates, voting machines are connected to distributed databases, which expands the attack surface to the IT infrastructure of each county or state where such a connection is in place,” he said. “Vulnerability management, secure configuration baselines and change control are all now non-negotiable.”

By Faith Karimi, CNN  –  October 20, 2020

As the US grapples with an election season rampant with mistrust and conspiracy theories, federal officials are warning Americans about threats to undermine the integrity of the vote — and how to avoid them.

Mail-in ballots, massive turnout and the pandemic could combine to delay the outcome of this year’s presidential election, providing a wide window for scammers and others to spread false information.

Social media is again populated by false election claims. Adding to the confusion, Microsoft says Russian, Chinese and Iranian hackers have targeted people and organizations involved in the election.

“A significant number of Americans appear susceptible to believing unproven claims,” Daniel A. Cox, director of the Survey Center on American Life and co-author of a report on US conspiracy theories, said in a statement. “Politically motivated conspiracy theories find a receptive audience among both Democrats and Republicans.”

Both the FBI and the Cybersecurity and Infrastructure Security Agency, which protects the nation’s infrastructure, have reassured voters that they’re working to protect the election’s integrity.

But the two agencies are urging Americans to keep an eye on the following threats:

False reports of leaked voter data

The stakes in this year’s election aren’t just high in the US. “Foreign actors” and cybercriminals may try to discredit the results by spreading disinformation, the FBI and CISA say. These false claims could include reports of ballot fraud, cyberattacks targeting election infrastructure, and other related issues that could make voters question whether the election is legitimate, federal officials say.

Hackers may also spread false reports that they obtained and leaked US voter registration data. But don’t worry, the feds say.

“In reality, much US voter information can be purchased or acquired through publicly available sources,” both federal agencies say. “While cyber actors have in recent years obtained voter registration information, the acquisition of this data did not impact the voting process or the integrity of election results.” Public leaks of voters’ information do occasionally happen. In 2017 the personal information of almost 200 million registered US voters was accidentally exposed online by a Republican analytics firm.  

Misleading online journals

Foreign governments have used pseudo-academic online journals to spread false information in the past. And they may use them again to try to influence the outcome of the election, the FBI says. Such fake online journals could express support for specific candidates, allege voter suppression, amplify reports of real or alleged cyberattacks on election infrastructure and assert voter fraud, federal officials say. Foreign actors employ social media and other online platforms to increase the journals’ global reach and give them credibility. “Such sites could be employed … to manipulate public opinion, increase societal divisions, cause widespread confusion, discredit the electoral process and undermine confidence in US democratic institutions,” the FBI and CISA say.  

Fake websites and email accounts

Cybercriminals have mastered the art of spoofing email domains. During elections, they use that to fool people into thinking that websites or emails are legitimate, federal officials warn. “Adversaries can use spoofed domains and email accounts to disseminate false information; gather valid usernames, passwords, and email addresses; collect personally identifiable information; and spread malware, leading to further compromises and potential financial losses,” the FBI says.

These crooks set up fake domains by making small changes to words (“electon” instead of “election”). Or they masquerade as official government sources but use an alternative domain, such as a dot.com instead of dot.gov site. Even so, “if cybercriminals were able to successfully change an election-related website, the underlying data and internal systems would remain uncompromised,” the FBI and CISA say in a joint report.

Cyberattacks that slow election systems

Criminals also have tried to target election systems, federal officials say. While that can slow a system or make it temporarily inaccessible to election officials, it does not prevent voting or the reporting of results. “The FBI and CISA have no reporting to suggest cyber activity has prevented a registered voter from casting a ballot, compromised the integrity of any ballots cast, or affected the accuracy of voter registration information,” the agencies say in a statement.

“Any attempts tracked by FBI and CISA have remained localized and were blocked, minimal, or easily mitigated,” the agencies say. Federal officials say such attempts would be difficult to conduct undetected. And even if hackers did succeed in affecting voting, election officials say they have multiple safeguards and plans in place. They include provisional ballots so registered voters can cast ballots and paper backups.  

How to thwart these threats

The federal agencies are providing tips on how to beat these scams:

• Ensure reports about election irregularities are from a credible source such as the media, state and local election officials. Always be aware of who’s sharing the information and their potential intent.
• Before sharing reports on social media, where they can take a life of their own, make sure they’re from reliable sources.
• Most social media platforms have ways to report suspicious posts and false information. Make use of them.
• Report anypotential election crimes — such as false information about where to vote — to the FBI.
• Double-check web and email addresses to make sure they’re not imitations of legitimate election sources.
• Update your anti-malware and anti-virus software, along with your operating systems.
• Don’t open unknown emails or attachments, and avoid clicking on questionable files or links.

 While voters should be concerned about election threats, they should not be worried about the integrity of their vote, said Allyn Lynd, a senior adviser at CRITICALSTART, a cybersecurity company in Texas. “The US Election Assistance Commission — a federal agency that serves as a resource for election administrators and vendors — conducts testing and certification of voting machines,” he told CNN. But if anyone believes their vote has been tampered with, they should notify election officials at their polling place and report it to federal agencies such as the FBI. “The public should be aware that election officials have multiple safeguards and plans in place — such as provisional ballots to ensure registered voters can cast ballots, paper backups, and backup pollbooks — to limit the impact and recover from a cyber incident with minimal disruption to voting,” Lynd said. The best protection to ensure a vote is correctly recorded, counted and tabulated is a paper trail showing all those steps, he said.  See the CNN article

Ransomware attacks are usually more common early in the school year.

Cybersecurity experts are concerned about attacks on Michigan schools ramping up early in the school year, especially with many students learning remotely.

Last year, more than 500 schools across the country were hit by ransomware, cybersecurity experts said. To make matters worse, the attacks usually picked up in the first few weeks of school when students, parents, and teachers had their guard down.

Security experts told the Local 4 Defenders that ransomware attacks are on the rise, targeting schools and colleges across the nation. Your home laptop could also be targeted.

As Michigan students return to school in the next few weeks, some will be handed Chrome books and others will use their own laptops. All of them need to be on the lookout for cyber attacks.

“There are two fronts where the attacks are going to happen,” said Randy Watkins, chief technology officer for CRITICALSTART. “One is toward the students, and the other is toward the school.”

CRITICALSTART is a cybersecurity company. Watkins said he continues to see an increase in ransomware, especially when schools first start back up.

“Attackers are going to make a lot of fake sites to distribute malware,” Watkins said. “Sometimes it’s an attacker that is trying to steal information for identity theft. It just depends on the motivation of the attacker.”

Parents should make sure children are looking at reputable web sources and not just anything that comes up on Google.

“Now we are looking at school starting and they are starting to come around with remote registration links and URLs,” Watkins said. “They are coming around with a syllabus that looks like a syllabus attachment, but it is actually a piece of malware. If you click on that syllabus, it infects your machine.”

Experts said parents should also reach out to schools and ask what they’re going to protect their students’ information.

“The school bears the brunt of the responsibility for implementing controls to ensure the safety of the students’ information,” Watkins said.

Another attack target on the rise is parents, he said.

“Attackers targeting the parents of students by sending them fake report cards that are really just pieces of malicious software,” Watkins said.

If a home computer is compromised, there are fewer options.

“With a lot of the ransomware that is going around, that is where an attacker will encrypt your files and demand money for it,” Watkins said. “Unfortunately, in a lot of cases, the only remedy is to pay the ransom.

“Everyone should have a properly patched computer. When Windows or Microsoft releases a patch, you are going to apply those.”

You should also maintain some level of antivirus on your machines to prevent malicious items from installing.

Parents are well within their rights to ask if their school has an instant response program and whether parents will be notified if the school computers are attacked.

Featured in WDIV Detroit News | September 1, 2020

NASHVILLE, TENN. (WSMV) – As schools are back in session, so are hackers and cyber-criminals looking to take advantage while students and districts continue to adapt to a new style of learning and teaching.

 “There wasn’t anything that they necessarily did wrong, it’s just something they weren’t prepared for,” said Randy Watkins, chief technology officer for cybersecurity company CRITICALSTART.

Watkins is trying to make sure schools are prepared for potential hacking attempts like some experienced in the Spring.

One thing he’s seen is attempts to overload school district computer systems.

“Essentially they’re giving the platform more traffic than it can handle, which makes it unavailable for legitimate traffic,” Watkins said. “So it’s actually preventing the students from logging-in and preventing them from getting their education.”

But why would anyone want to do that?

Watkins says there could be several different reasons.

 “There’s a lot of different motivations for an attacker, sometimes it’s notoriety. Sometimes it’s a prank,” Watkins said. “In this instance, it was actually a student at the school to be funny or prevent themselves from having to go back to school.”

While many districts have been working with cybersecurity teams to protect their networks, families at home may be more vulnerable.

“Microsoft and other applications on your computer release regular security updates, so make sure you’re keeping up with those,” Watkins said. “Maintain proper antivirus coverage. You should have an application on your machine that’s meant to stop malicious software from being installed.”

Most importantly, in this digital era, it’s best to encourage everyone in your household that’s using a computer to have a critical eye, even youngsters.

“Unfortunately yes, we are putting more responsibility on them to be responsible stewards of security,” Watkins said.

In addition to protecting their systems, school districts are also responsible for protecting your child’s personal information.

Watkins suggests parents reach out to their students’ schools to ask what they’re doing to protect that information.

Featured in News 4 Nashville | August 27, 2020

How you can protect your computer and how school districts are protecting your information.

With so many kids doing school online, there’s a new concern that parents may not be thinking of… computer security. Not only at home, but with the school district having your child’s personal, sensitive information. 

Just imagine your 9-year-old child, who barely knows how to use a computer, much less email. They open an email that looks to be from a teacher with a link inside that says ‘click to get homework’. They click it and suddenly your computer is infected with a virus. It’s a hypothetical situation but could happen and destroy any pictures or documents you have on that computer. 

Randy Watkins is the chief technology officer at a company called CRITICALSTART that helps businesses and organizations detect and defend themselves from cyber threats. “With schools having so much attention right now with school starting back up. They’re on all online platforms and they’re collecting more information about users, attackers see them as having more valuable information that they’ll pay a higher ransom for so they are absolutely targeting schools with ransomware.”

He says there are several things we can do at home to protect ourselves and our kids. First, make sure your computer’s operating system is properly patched or updated. “Organizations and software companies like Microsoft, they release security patches pretty regularly.’

Maintain any antivirus software already installed. “That will help prevent some of the ransomware from executing on your computer.”

And teach your kids about the culture of computer security. “Teach them to only look at reputable sources on the internet. Don’t open emails they aren’t expecting to open. Don’t open attachments from those emails if they haven’t verified that they should have an attachment.”

School districts also have a responsibility to protect your child’s information. We asked several Tampa Bay area school districts how they are doing that. 

Pinellas County: “The district has many safety systems in place to protect computers from being hacked including anti-virus software to a top-rated firewall.  We lock down the student computers meaning students don’t have administrative rights. They can’t load any applications or software to the device. 

The district loads only approved software and the applications needed. Students are allowed to receive and send only internal emails such as to their teachers. They cannot email other students. The district has a TIS Security Council that meets twice a month to review security manual, security protocols, vulnerability and penetration tests, and train staff on cybersecurity.”

Hillsborough County: “As for our own security systems, our district deploys a managed Fortinet nextgen firewall service with content filtering for the devices. 

Also when the device is taken home, we currently have Lightspeed Relay filtering deployed for content filtering. We deploy Symantec EndPoint Protection on all Windows devices district-wide. Our software allows for application control as well as other controls.”

Featured in WTSP Tampa Bay News | August 27, 2020

Most schools and universities are back in session virtually. 

While online learning is the best option during this ongoing COVID-19 pandemic.  It is also the perfect opportunity for hackers to strike. 

Randy Watkins, Chief Technology Officer for CRITICALSTART, a cybersecurity company, says hackers are increasingly targeting online learning tools and e-classrooms.

“Most attacks are delivered by email not just in these attacks but of all attacks. It’s easy for an attacker to send out emails that contain attachments or links to download malicious software that can do everything from giving them a back door into your computer to encrypt all your files and hold them for ransom,” said Watkins.

Watkins says education is key and encourages all parents to talk to their kids about the risks. He adds that parents should be on the lookout too.

“So if you are expecting from your student’s school district it should come from a Gmail,” said Watkins. “So look for that domain mismatch also look at links. You can do a link preview where you hover over a link and I’ll show you where it’s going to take you and if that doesn’t match your expectations, then don’t click on it.”

Watkins adds that school systems have also been the victims of these cyber-attacks. 

“A notable attack that was launched by a student where they essentially overwhelmed the application with traffic and took it offline and what that does is it takes it away from other students. So they see it as a prank they see it as a joke when it’s actually a pretty serious offense,” added Watkins.

Featured in KSEE 24 News | August 21, 2020

RALEIGH, N.C. (WNCN) — School is in session, but instead of heading into the classroom many kids are logging onto their computer, and IT professionals are warning that could cause serious problems.

“With every school going into this new realm I just don’t think we’re prepared,” said Quentin Rhoads-Herrera, Director of Professional Services at Critical Start. “Especially since a lot of them kind of quickly had to stand up this new technology, and quickly buy into these vendors. There hasn’t been a lot of attention placed into security in the educational space.”

Cyber-attacks are nothing new for many colleges and universities.

“Universities actually get breached a lot,” said Rhoads-Herrera. “If they are research universities we see them get hit by nation-states quite a bit.”

However, Rhoads-Herrera believes hackers may have found a new target.

“We’re going to see a lot of attackers hit up schools in a way to disrupt services by causing chaos or outages,” said Rhoads-Herrera. “Others may go after them for data such as addresses or any type of sensitive information.”

“How prepared do you think we are as a nation for e-learning,” asked CBS 17’s Holden Kurwicki.

“I don’t think we’re very prepared,” said Rhoads-Herrera.

The good news is that there are ways to protect yourself by updating your computer’s security, strengthening your password, and using only verified WiFI devices.

“Whatever we deliver we have to make sure we’re at least doing our due diligence enough to say we’re securing our students’ data, our faculties data,” said Rhoads-Herrera. “When a breach does happen we need to be transparent about it and do everything in our power to follow up on it and prevent it from happening ever again.”

So many students are starting classes this week and cyber experts warn that your child’s e-classroom could be a target. Cyber experts with CRITICALSTART said it’s time to be proactive to stop hackers in their tracks and not reactive after something happens.

There are a number of concerns when it comes to children and the internet.

“Kids are going to be on the internet more than ever with everything being online. They always have the internet at their fingertips,” said Randy Watkins, CRITICALSTART Chief Technology Officer.

Now more than ever, with kids of all ages taking on learning from home, experts said they’ve already seen what could happen. They said hackers could disturb your student’s class time.

“A lot of folks want to know why are people doing this at all. We’re all going through this pandemic and why would you stop children from learning,” Watkins said.

Watkins said hackers usually attack for one of two reasons; fun, like pulling a prank, or destruction, like stealing private information.

“Kids don’t even have to be technologically inclined to attack at school,” Watkins said.

Experts also said the best thing parents can do is teach kids to not click on questionable links or pop-ups and only use recognizable websites for research. Cyber experts also recommend checking with your child’s school to see what their plans are to keep students safe while learning at home.

Featured in KOAT 7 Action News | August 13, 2020

Despite the recent hacking of high-profile users’ Twitter accounts, and reports that Russia continues its attempts to penetrate U.S. institutions and government entities, cybersecurity remains something that campaigns are thinking about only when there’s an issue. 

“Campaigns do not talk publicly about the precautions they’re taking,” said Brian Franklin, co-founder of Campaign Defense, a cybersecurity training firm. “But while I think state parties are making slow progress, most campaigns seem to be ignoring the issue and addressing only when a problem comes up. The lack of discussion about it is concerning and will likely be an increasing problem as we get closer.” 

Some experts are advising political professionals to operate with an “assume breach mentality” from now until Election Day.

It’s advice they’re offering not just to campaign professionals but also to advocates and reporters covering the national horserace and even think tanks.

“As we’re entering this period between now and November, I think it’s absolutely to be expected that there will be a higher level of activity,” Jan Neutze, who heads Microsoft’s Defending Democracy Program, told C&E in a recent interview. 

Practitioners need to have the mindset to be constantly monitoring and investigating their own and their organization’s digital protections, Neutze said. 

While cyber threats had decreased early on during the pandemic, they’ve spiked back up, he said. “We’re seeing a constant drumbeat of nation-state activity.”

He added: “One of the things that is so challenging is the combination of cybersecurity threats and then exploiting that for disinformation purposes.” 

In terms of specific threats, Neutze said domain spoofing remains a popular avenue of attack, one that involves hackers creating a fake domain that looks like an organization from which the recipient would expect to receive emails. Another is “password spray attacks.”

“They try in large volumes to essentially crack passwords,” he said, noting that multi-factor identification deployed across your entire digital ecosystem “can really help secure yourself against these types of attacks.”

Campaigns remain a prime target, but if hackers or cyber criminals don’t have luck with the organization itself, they’ll start to target its vendors and advisors.

“Security is only as good as its weakest link,” Neutze said. “That’s why it’s imperative that campaigns are very intentional about what technology they use and the minimum baselines they set for folks they have to share files with and so on.” 

As part of its Defending Democracy Program, Microsoft recently made available patches for Windows 7, which was released in 2009. The company had pledged to support the software for a decade but extended that because “a relatively small but still significant number of certified voting machines in operation [are] running on Windows 7,” it said in September.  

“We didn’t want there to be any reason whatsoever why folks wouldn’t have access to these security patches,” said Neutze. “Some [elections officials] have the challenge that due to budget limitations they’re running some legacy applications and software where patches don’t exist anymore.” 

In fact, some cybersecurity experts view voting infrastructure as possibly a bigger target for countries like Russia that are bent on electoral interference. 

“The biggest problem that makes this threat real, is it’s not impossible for nation-states to gain access to these [voting] devices even a year before the election happens,” said Quentin Rhoads-Herrera, director of professional services at CRITICALSTART, a cybersecurity services provider.

He advised elections officials to use network monitoring services and industry-standard encryption when data is at rest and when it’s sent. 

“If I vote for person X and that becomes a data point that’s sent to another device, it’s signed before it’s sent,” said Rhoads-Herrera. “That just confirms that data hasn’t been altered. That’s a common practice in things like banking apps.”

The recent HBO documentary “Kill Chain: The Cyber War on America’s Elections,” highlighted the vulnerability of many voting systems in America today. 

Rhoads-Herrera echoed that, noting that most companies don’t want their machines tested by outside experts for fear that the vulnerabilities could be shared publicly. 

“These developers of voting machines, they’re not looking for widespread testing of their machines,” he said. “It’s an extremely real risk.”

Featured in Campaigns and Elections | July 24, 2020

WASHINGTON – Fearing nightmare scenarios such as attacks on voter registration databases and state websites tallying results, U.S. officials are leading simulated training exercises to get ready for Nov. 3.

The “tabletop exercises,” to be held virtually because of coronavirus, will include thousands of state and local election officials in addition to intelligence and cybersecurity officials in Washington amid concerns about threats from Russia, China, and other countries.

“We try to make it a pretty bad day,” said Matthew Masterson, an adviser with the Cybersecurity and Infrastructure Security Agency, or CISA, part of the Department of Homeland Security. CISA is charged with helping to protect the nation’s critical infrastructure from cyber and physical attacks, including its election systems.

Still, Masterson and other experts say the U.S. is now far better prepared to weather potential election meddling by Russia or other foreign adversaries than in 2016 when the Kremlin hacked into Democratic Party emails and orchestrated a sophisticated disinformation campaign designed to help elect then-candidate Donald Trump.

CISA officials have worked with state and local election authorities to identify vulnerabilities in voter registration databases, dispatched cybersecurity experts to look for intrusions, and improved communication among states, campaigns, and U.S. intelligence officials about the threat landscape. The training exercises will game out scenarios, including foreign disinformation campaigns, cyberattacks on election infrastructure, or simply overwhelmed and understaffed polling places across the country.

Yet the threat has also morphed, with adversaries such as China, Iran, and North Korea joining Russia to meddle in U.S. politics and using ever-changing tools and tactics. Meanwhile, some fear the U.S. political climate is so polarized – due to coronavirus and tensions over police violence and other divisive issues – that America’s enemies will have a lot of fodder to work with as they seek to stoke discord.

“They don’t need to make any fake news this time around because there’s just constant disinformation all across the political landscape,” said Clint Watts, a research fellow with the Foreign Policy Research Institute, a think tank. “It’s free ammunition.” 

Here’s who could mess with the 2020 presidential election. 

Russia

Russia remains the most concerning foreign actor in terms of U.S. election interference, although there is a growing focus on China and Iran as well, according to a U.S. intelligence official who was not authorized to speak on the record.

Intelligence officials told lawmakers in the House of Representatives in February that Russia was already interfering in the 2020 campaign to try to get Trump re-elected, according to the New York Times and other outlets.

In a recent analysis, Watts noted that last year, Facebook took down accounts associated with a Kremlin’s troll farm that was promoting Trump, denigrating his Democratic opponent, Joe Biden, and boosting Bernie Sanders, one of Biden’s primary opponents. And in March, Facebook closed another Russian troll farm operation that appeared to be trying to infiltrate American minority groups on Facebook and Instagram, “presumably hoping to divide the political left and influence voters headed into Election Day,” he said.

Rob Davis, CEO of CRITICALSTART, a Texas-based company that monitors security breaches from nation-states and advises its clients about defensive measures, said that Moscow, in a re-run of 2016, will most likely use aggressive social media campaigns and targeted cyber operations to try to smear candidates and aggravate social tensions on issues such as race and immigration. Russian hackers could also renew attempts to hack voter databases and compromise U.S. election infrastructure. 

“Russia’s goal is to be disruptive. Often it has no agenda beyond that,” Davis said. 

China

China insists it has no interest in meddling in the U.S. election despite repeated accusations from Trump that Beijing prefers Biden and that “China will do anything they can do to have me lose this race.” 

Google disclosed in June that hackers based in China sought to infiltrate the email accounts of staffers working on Biden’spresidential campaign. But there is little further concrete evidence that China is waging a sophisticated operation aimed at backing a specific candidate or wants to remove Trump, even though Washington and Beijing have drifted toward a new Cold War amid tensions over the coronavirus pandemic, trade, territorial disputes in the South China Sea and human rights. 

China doesn’t like Trump, said Watts of the Foreign Policy Research Institute, but because Trump has overseen a U.S. retreat from the world stage, that has given Beijing a freer hand to extend its own influence. And China’s President Xi Jinping is more interested in crushing Chinese dissidents, stealing intellectual property and expanding the reach of its 5G network than in influencing the U.S. election, he said.

“China’s battle plan is more about espionage to access information and spying on political parties to get a potential preview of U.S. policy changes or shifts regarding the military and planning for different outcomes,” said CRITICALSTART‘s Davis. 

Iran

Google also said in June that Iran-based hackers tried to gain access to Trump campaign accounts, and Microsoft said late last year that Iranian hackers, with apparent backing from the government in Tehran, had made more than 2,700 attempts to hack into the email accounts of current and former American government officials, journalists covering political campaigns and accounts associated with a presidential campaign.

The earlier hacking attempts coincided with a period when the Trump administration was imposing additional sanctions on Iran after the U.S. pulled out of a nuclear deal with Tehran and world powers, dealing a major blow to Iran’s economy. 

But Iran, according to Watts, has “very limited reach” when it comes to spreading misinformation. “They can’t sustain the content the way the Russians and the Chinese do,” he said, adding that in terms of cyberattacks “they’re kind of reckless and silly, and they get caught a lot, which is why we keep hearing about it.”

One example: 

In early January, the Federal Depository Library Program’s website was briefly taken offline after a hacker uploaded photos to the site that included an Iranian flag and an image depicting a bloodied Trump being punched in the face.

The website was also modified to say: “Hacked by Iran Cyber Security Iranian Hackers: This is only (a) small part of Iran’s cyber ability!”

Homegrown Disputes and Problems

“Whether it’s threats of Chinese interference, Iranian interference, Russian interference, or North Korean interference, any country – or even non-state actors who now have capabilities to try to meddle in our elections – know that this administration takes seriously its responsibility to make sure every American’s vote is counted, counted properly and that foreign influence is minimized in its ability to impact an outcome of an American election,” Secretary of State Mike Pompeo said during a forum on the future of national security hosted by The Hill newspaper on July 15. 

But Trump continues to play down Russia’s malign role in the 2016 election. And rather than focusing on possible foreign interference, he has blasted Democrats for trying to expand mail-in voting amid the coronavirus pandemic, alleging without evidence that it is an invitation to fraud.

“RIGGED 2020 ELECTION: MILLIONS OF MAIL-IN BALLOTS WILL BE PRINTED BY FOREIGN COUNTRIES AND OTHERS. IT WILL BE THE SCANDAL OF OUR TIMES!” the president tweeted last month. 

Voting experts and officials have characterized Trump’s allegations as a bogus conspiracy and noted safeguards that states use to protect the authenticity of absentee ballots and envelopes.

Lawrence Norden, director of the Election Reform Program for the Brennan Center for Justice at the New York School of Law, called Trump’s assertion “nonsense” and noted that mail-in ballots must be returned in secrecy envelopes created by local election authorities. He said the envelopes are bar-coded in many states with a unique identifier that ties the ballot to the voter.

“(Trump’s) rhetoric is right out of the Russian playbook” and “designed to cast doubt about our democratic processes and about the integrity of elections,” said Elaine Kamarck, an expert on American electoral politics and a senior fellow in governance studies with the Brookings Institution, a left-leaning think tank.  

“I can’t imagine what a foreign adversary can do that the U.S. isn’t already doing to itself” in terms of fueling division and churning out disinformation,” Watts said.

Less than four months to the vote, there are signs of the different forms this disorder could take on Election Day: 

• In early July, armed right-wing activists flocked to fake Antifa protests in Pennsylvania and other places – planning to confront left-wing activists and anarchists at events that never materialized and were falsely trumpeted online.
   
• On Wednesday, a major breach in Twitter’s security allowed hackers to break into the accounts of leaders and technology moguls, damaging trust in a platform used by politicians and corporate leaders to communicate directly with the public. The hack was related to a Bitcoin scam, but it nevertheless spotlights the potential for nefarious actors to sabotage high-profile voices to meddle in the political process. 
   
• Primary elections in Wisconsin, Georgia, and other states have exposed major problems with holding an election during the coronavirus pandemic, which has sparked stay-at-home orders and social distancing rules. Among the issues: long lines, a shortage of polls workers, and faulty voting machines. Tech problems played a role throughout a botched Democratic primary caucus in Iowa in February. 

Robby Mook, who ran Hillary Clinton’s 2016 presidential campaign and now works on a Harvard University project to develop strategies and tools to protect U.S. elections against foreign attacks, said he was less worried about Russian hacking than about massive logistical problems on Election Day exacerbated by the pandemic. 

“We’re hacking our own election by not resourcing it well,” Mook said in an interview with Campaign HQ, a political podcast. Local election officials “don’t have what they need to be robust when trouble comes.”

Perhaps most worrying of all – what CRITICALSTART‘s Davis described as “terrifying” – is if either the American public or the candidates themselves don’t believe the official results are accurate. In an interview with “The Daily Show” host Trevor Noah last month, Biden warned that military officers could remove Trump from the White House if he loses the vote, but refuses to leave. 

“I promise you, I’m absolutely convinced they will escort him from the White House with great dispatch,” Biden said. The Trump campaign responded to Biden by saying: “President Trump has been clear that he will accept the results of the 2020 election.”

Featured in USA TODAY | July 17. 2020

LOS ANGELES (CBSLA) — The federal income tax deadline is Wednesday, after being postponed from its typical April 15 date due to the coronavirus pandemic.

The IRS says it has a huge backlog of paper tax returns because so many IRS employees have been working from home. Millions of taxpayers who filed paper returns have not yet received their refunds, even months after sending them in. Paper returns are being processed in the order they have been received, so taxpayers should not call or file a second return, according to the IRS.

IRS’s website is encouraging taxpayers and tax professionals to file electronically because processing paper returns can take several weeks longer than usual.

Those who need more time can file for an extension, and delay filing until Oct. 15, but will still have to pay what they owe at that time or be subject to penalties and late fees.

Experts are also warning people to be on the lookout for email and phone scams targeting panicked filers.

“A lot of the scams that we see during the tax season, especially on Tax Day, are a lot of phishing attempts to both individuals as well as tax preparers,” Quentin Rhoads-Herrera, a cybersecurity expert, said.

Rhoads-Herrera, of CRITICALSTART, said scammers are usually trying to get sensitive personal information or money.

“The most common one we’re seeing currently is a phishing attempt, a fake email being sent, claiming that they’re from the IRS to the individual stating that if they don’t pay by a certain date, their social security number will be turned off or canceled,” Rhoads-Herrera said.The IRS said that if people can’t pay the full amount they owe, they should pay what they can and arrange a payment plan, apply to defer payment to a later date or request penalties be waved due to economic hardship — though people will still be on the hook for the interest.

Those who have not yet filed their taxes can do so online through the IRS website.

Featured on CBS Los Angeles | July 15, 2020

NBC News and Boston 25’s Blair Miller interviews Quentin Rhoads-Herrera of CRITICALSTART‘s TEAMARES about the vulnerabilities associated with contact tracing and how hackers are targeting companies and individuals through these apps.

Video Transcript:

M. Davenport:  Health officials want to know how people are contracting the Coronavirus, who they are catching it from, but one of the methods for finding out is coming under fire and it could be exposing you to hackers. Blair Miller found what has some people so worried and why you could be at risk.

B. Miller:  Contact tracing is a way for states to identify who’s had the virus and then figure out who has had contact with that person. It’s supposed to help figure out how the virus is spreading and prevent it, but it’s also raising a lot of red flags for cybersecurity experts.

B. Miller:  State health officials are pushing for communities to trace the virus from person to person in an effort to know how widespread it is.

M. Sudders:  Answering the call and sharing information about your close contacts helps us track the spread of the virus and keeps us all safe.

B. Miller:  Contact tracing involves people giving their information through web-based apps or through a phone call so that health groups can then pinpoint the spread, but cybersecurity groups are warning that hackers are using them too.

B. Miller:  How widespread do you think this could be and the kind of problems that it leads to?

Q. Rhoads-Herrera:  I think it could be very widespread.

B. Miller:  Quentin Rhoads-Herrera researches cybersecurity problems and found that there is no single contact tracing method that health departments are using. A recent study of 17 government-sponsored apps found that less than a third had the kind of encryption methods needed to protect sensitive information.

Q. Rhoads-Herrera:  We’ve seen, for the most part of this year, contact tracing phishing attempts at companies and people trying to trick them into giving bank account information, social security numbers, things of that nature.

B. Miller:  As the Coronavirus cases climb in some states, the tracing will too. Rhoads-Herrera believes the attempts hacks will only get worse.

Q. Rhoads-Herrera:  That’s the most critical piece. If you understand what’s going to be implemented, you can avoid all of those other shady applications.

B. Miller:  If you are asked to be part of the contact tracing, make sure your health department is involved when doing this and make sure that you’re using the tools they suggest.

Leslie Toldo of NBC 25 Mid-Michigan Now News interviews CRITICALSTART‘s CTO, Randy Watkins, on the potential impact COVID-19 contact tracing apps on your cybersecurity.

Video Transcripts:

LT: With all of this going on and all of this in mind, it’s hard to know if you’ve already been exposed to coronavirus. There are some contact tracing apps available, but a tech expert from the security firm CRITICALSTART warns that if an app doesn’t use state data, it won’t be reliable. He says it’s vital to pay attention to alert exposures, like the ones we told you about this morning, and report symptoms and test results to loved ones and your employer right away.

RW: If you miss a common link, there is a potential that the actual origin of that outbreak could be entirely missed. The other big risk there is if you aren’t contacted because you don’t have these applications or you are not a part of this contact tracing method, you could be infected or you could be a carrier of the virus without knowing and unknowingly, unfortunately, spread it to more vulnerable family members.

LT: The state health department is doing contact tracing by phone and ask people to take any call that comes from the My COVID help number or your local health department.

Quentin Rhoads-Herrera, director of professional services at CRITICALSTART, joins GDC to talk about the safety and privacy concerns stemming from new contact tracing apps.

Featured in FOX 32 Chicago | May 13, 2020

Tennessee has just 25 percent of the recommended amount of contact tracers, leaving the state 1,500 people short for the critical disease mitigation effort.

The National Association of County and City Health Officials is recommending just over 2,040 in Tennessee for its population. Nashville has just 75 contract tracers which needs to be tripled to become adequate.

“This contact tracing is an essential tool we have to use to get everyone back to work,” said Democrat Mike Stewart from the TN House of Representatives. “I understand sometimes we have political disputes, Republican, Democrat, but everybody recognizes contact tracing is going to be an essential part of moving forward, so I do not understand these low numbers the department has.”

The Tennessee Department of Health has defended their contract tracing efforts by pointing to the work local health departments are doing and by saying they are training more tracers.

Stewart and several other state leaders have suggested arming furloughed health care professionals with the training they need to become contract tracers in their community.

“We need to fight coronavirus like we fight wars where you put everything on the table,” Stewart continued. “And I just don’t think our Department of Health is doing that.”

Representative Scott Cepicky, a Republican from Maury County, wrote a letter to his colleagues in the state house, encouraging them to join him in an effort to stop a program that shares the information of sick Tennesseans with law enforcement.

He wrote in the letter, “an issue of great concern is the infringement of personal privacy and liberty that is happening right now in Tennessee.”

On the cybersecurity front, Apple and Google are both offering anonymous location services data to help with contact tracing in some instances, but neither company has a history of compliance with government wants and wishes.

“Location data is notoriously easy to de-anonymize and identify individuals, thus resulting in the violation of your privacy,” said Quentin Rhoads-Herrera, a cybersecurity expert working as the Director of Professional Services for the firm CRITICALSTART.

Reporter Alex Apple asked Rhoads-Herrera, “What is your advice for people that are worried about this?”

“I would advise everyone to ask all the creators and storage holders of this data and applications to be as upfront as possible about how they’re storing this data and how they’re securing it,” he finished.

Featured in The CW Chattanooga | May 11, 2020

In late April, Gov. Andrew Cuomo announced the state’s partnership with Bloomberg Philanthropies for New York’s contact tracing program.

Last week, New York City started recruiting 1,000 workers to conduct contact tracing.

This week, privacy concerns about the initiative have emerged. The focus was not as much on flaws on the tracing program as it was on how little is known about who will get to see the data and how it will be protected.

In a letter sent to the governor last Friday and released to the media on Monday, Public Advocate Jumaane Williams asked Cuomo to address questions about how New York will protect civil liberties and people’s privacy. “We cannot sacrifice protections and civil liberties in the name of speed … To maintain public trust, transparency is key.”

The Public Advocate requested information about the role technology will play in New York’s contact-tracing process and how the state will ensure no third party agency will be able to access data collected through contact tracing.

Williams also asked Cuomo to clarify who will get access to the data, what systems will be used to log and monitor it, and what research will guide how long contact tracing data stays in use.

A new report from the Surveillance Technology Oversight Project released on Thursday explores the risks associated with proximity detection, which relies on Bluetooth signals from cell phones.

New York hasn’t announced any plans to incorporate this technology into its approach.

But S.T.O.P.’s report argues the discussion about privacy concerns and civil liberties cannot wait until the emergency ends.

“History teaches that privacy invasions often outlive the emergency they are intended to combat. To this day, the USA Patriot Act provisions that were supposed to expire in 2005 are being debated for renewal to 2024,” the report reads, referring to the domestic security law passed in the aftermath of the September 11 attacks.)

Through a spokesperson, the governor dismissed Williams’ concerns: “The data resides with the state, not a private foundation and this isn’t happening. There’s enough real problems fighting this pandemic, and we have no time for politicians who create fake ones in a craven attempt to get in the paper.”

Of course, to reach the tremendous scale required for contract tracing to be effective in helping control the spread of the virus, speed is an important factor.

But transparency is a success factor, too. Public health experts have repeatedly talked about how contact tracing cannot operate effectively if people distrust the program.

After all, contact tracing works best when tracers can reach as close as they can get to every single person potentially exposed to the coronavirus. For contact tracers to obtain sensitive information about people’s contacts and whereabouts, New Yorkers will need to feel comfortable speaking with contact tracers and understand how the information they share will be protected.

In his briefing on Monday, Williams highlighted the importance of explaining ahead of time the process for protecting contact tracing data, particularly for helping immigrant communities feel comfortable participating. One would expect that contact tracers would need to be able to explain how the information they collect will be safeguarded. Before the health department contacts anyone through the contact tracing program, more transparency about what New York is doing to prevent this pool of data from falling into the hands of other government agencies like ICE or private groups can help facilitate trust.

“This isn’t a question of privacy versus public health,” says Albert Cahn, executive director of the Surveillance Technology Oversight Project). “You cannot fight this virus [and] help save New Yorkers’ lives unless you have the privacy safeguards. If we try to move forward without that, it’s really just a recipe for disaster.”

Contract tracing isn’t new. But Cahn, who also serves on the New York Immigration Coalition’s Immigrant Leaders Council, says that the health department reaching out to thousands of New Yorkers, collecting their names and routines, creates a larger pool of information. It might not have been worthwhile in the past (due to a combination of legal safeguards and the far fewer number of individuals who’ve had information collected) for an agency like ICE or the NYPD to try to access data from the health department’s work on contact tracing with other diseases, he says. But, the scale of contact tracing planned to address the coronavirus is “orders of magnitude larger than anything we’ve done in our lifetimes,” says Cahn.

In 2017, New York City had to fight in court to be able to destroy personal documents collected through its municipal ID program, IDNYC. The IDNYC program was designed to especially benefit immigrants in the city, but the process for destroying documents became a major sticking point. Cahn fears a repeat of this issue if New York doesn’t develop a protocol that addresses privacy concerns from the start.

Quentin Rhoads-Herrera, a cybersecurity professional at Critical Start says it’s important to be clear about who gets access to the data in the first place because there’s always a risk of a leak originating with someone who had been granted access to the infrastructure storing the sensitive information.

For its part, the health department says it plans robust protections for the data and people’s privacy.

“The NYC Health Department has been protecting patient confidentiality in the course of its contract tracing for diseases like tuberculosis, measles, and HIV for decades. We feel strongly about our responsibility to protect patient health data in all that we do,” Stephanie Buhle, spokesperson for the NYC Department of Health and Mental Hygiene, said in a statement to City Limits. “Patient health information is also protected by various State and City laws, rules and regulations. New Yorkers are never asked about their immigration status.”

Featured in City Limits | May 7, 2020

Chris Ward speaks with Quentin Rhoads-Herrera of CRITICALSTART to discuss cybersecurity in a time of a pandemic.

In our current time of crisis, it’s a sad fact that there are many taking advantage of distracted governments, businesses, and individuals. With the majority of workforces in the Western world currently working from home, often on insecure networks, and far removed from their typical IT support structure, an increase in cybersecurity threats has reared its head during the COVID-19 crisis.

I recently spoke with Quentin Rhoads-Herrera of CRITICALSTART to discuss trends they have recently witnessed, how the company is helping during the crisis, and cutting through some cybersecurity jargon. You can hear the full interview above.

Disinformation
I spoke with Quentin several weeks ago, and in the weeks since, the disinformation has increased, especially as the crisis took its hold in Europe and the US. During our interview. He mentioned that his team had noticed a rapid ramping up of domain purchases relating to COVID-19 and Coronavirus, and increased Twitter (frequently bot or spoof accounts) activity, spreading incorrect information as fast as the virus itself.

This is not the first time Quentin and his team have had to respond to increased activity, and major events typically trigger a flurry of activity in those corners of the web that many of us live in blissful ignorance of.

For example, when the US announced Space Force there was a rush to register similar domains to cause confusion. Whenever there is a mass of information on a particular topic, there will be an equal amount of disinformation. The announcements of various stimulus packages around the world added to the disinformation campaign, if there is a lot of money involved, you can guarantee that others will attempt to trick people into parting with it, even in a time of crisis.

Though Quentin took pains to point at that with the COVID-19 pandemic, the modern world has never seen a crisis of such a global scale. Equally, the cybersecurity community has never seen a reaction to that at such a scale either.

Phishing Attacks
Many of these fake domains are also used for targeted or mass attacks using Phishing techniques. Many of these phishing attempts promise cures, masks, or “official” information from government bodies, such as the CDC. While the human factor has always been the easiest route for any hack, the added factors of stress, distraction (from working around family members, etc.), and insecure work environments, as I mentioned above, have made it an easier play. Google also recently announced how many (18 million)c false emails they are blocking EVERY day.

Practice Safe Security
Cybersecurity doesn’t change so much in a time of crisis, just that the potential attack vectors change. As with any other time, you should treat any email that isn’t from someone you know (or looks different than it typically does) as potentially malicious. You should make sure you’ve changed the default admin account details on your router, use a VPN, or PGP signing, multi-factor authentication, etc. But we all know that these are not always the easiest tasks for everyone to understand and implement, and even then, malicious parties can lead them astray and cause even more harm.

Lend a Technical Hand
Now, at least a few weeks into the crisis for most countries, I’m sure IT support staff have had many a VoIP call with staff members attempting to help them get set up as securely and simply as possible. This task is made even more difficult by pressures on home internet performance, and other external pressures. I’m sure many of you reading this have helped out relatives, colleagues and friends with IT issues over the past few weeks, and this continues to be a great way tech-minded folks like us can help those around us who are struggling to cope with a lot of unknowns right now.

Another place we can help is by using our know-how and computing power to contribute to projects, such as folding@home (for protein model simulations) or a multitude of hackathons (some specific open source ones too) in local and global areas.

CRITICALSTART has dedicated a proportion of their hash cracking machines that are normally used to test password encryption security to the folding@home project, and even Blockchain miners are starting to switch some of their machines to help.

At the moment, one of the best skills (as developers and other tech-minded folks) we can learn to help others through this crisis is a large dose of patience and understanding.

A Cybersecurity Primer
While we’re on the topic, here are some key terms and concepts.

Team Structure
Cybersecurity companies tend to divide themselves into different teams, loosely around offensive actions (sometimes called a penetration tester) called a red team to find vulnerabilities, and defensive team, called a blue team, to help fix those vulnerabilities.

Managed Detection and Response (MDR)
A newer approach to security practices, where a team helps a client manage their security infrastructure by collecting logs from endpoints such as antivirus and threat detection systems, matching them to a registry of known “good” and “bad” alerts and actions to detect real issues.

This analysis can become quite nuanced, for example, allowing some users to run scripts, such as Powershell or bash scripts, but raising an alert if another user trues the same.

Zero-day
A zero-day is a vulnerability that the world does not know about yet. A vendor may know about it because someone told them about it, a client may know about it because it was found during a client engagement, but nobody else in the world knows about it. Generally, a team helps a vendor patch the issue and ensure that their clients have applied the patch. If the vendor never responds, then a team helps the client work around the patch as much as possible.

Featured in DZone | April 22, 2020

For the first time in National Football League history, draft day is going remote and online. Social media will play a big part in that transition, and teams have to work in that world securely.

In recent years, the NFL turned the day its teams pick their stars of tomorrow into as big an event as any regular-season game. Thousands of fans showed up in cities across the country just to see what college kids their favorite teams would tap for their rosters. Coronavirus made that mega-event impossible, so draft war rooms dispersed from Green Bay to L.A. will send in their picks via video conferencing and keep fans updated via Twitter and other platforms.

In this first (and hopefully only) virus-limited NFL draft night, online security is paramount. Not only are teams afraid of being hacked by third parties ranging from plain old troublemakers to gamblers looking for tips, but they also have to consider the worst-case scenario — another NFL franchise trying to snoop into another team’s personnel plans.

The first pick is now hours away, and the cybersecurity firm CRITICALSTART is offering five tips NFL teams can follow to guard against their draft plans being exposed via vulnerable social media and video networks.

The security steps come off as basic, yet sensible:

1. Leverage both strong passwords and multi-factor authentication for meetings channels.
2. Scrutinize every email.
3. If using Zoom, follow corporate best practices.
4. Tightly manage your social media channels.
5. Scrutinize all your communications.

More importantly, the minds behind  CRITICALSTART insist any home internet user can adopt those same ideas for a household network.

With “stay at home” quarantine orders for the Coronavirus still in effect, locked down individuals and families are using social media to contact the outside world at unprecedented levels — and therefore exposing themselves to hacks just like the NFL. They can make those social media hours safer by taking a good look at the same safety guidelines football’s best brains employ tonight.

Featured in Forbes | April 23, 2020

A hacker could provide entertainment value by disrupting the virtual NFL draft that begins Thursday. Desperation for any sports entertainment shouldn’t make us forget that these things are boring. The few moments of suspense as picks and trades are announced are drowned out by incessant chatter by talking heads and nonstop loops of player highlights.

This draft broadcast with commissioner Roger Goodell announcing picks from his home would be more fun if a hacker interrupted it to make mischief. Just please don’t shut it down completely. It already takes too long.

Such an infiltration would embarrass the NFL but wouldn’t compromise the integrity of the draft itself. There are other potential hacks outside the broadcast that wouldn’t be so harmless for the league.

What if teams, or third parties working for them, remotely hack into the videoconference platforms used by rival teams or even the computers of their personnel? Team officials aren’t allowed to congregate in one room, like usual, so they are scattered about and communicating virtually.

A team that digitally eavesdrops on what’s being said in the virtual draft rooms of other teams obviously would gain an illicit advantage this week. Gaining access to the computers of rival teams would be an edge that keeps paying off. The history of espionage in sports shows that teams are willing to cheat if they think they can get away with it.

The virtual nature of the draft provides hackers an opportunity to cheat without detection. And the popular Zoom videoconference platform that’s used by NFL teams and other businesses has been a target of such attacks.

Vice recently reported that brokers are offering for sell “exploits” that take advantage of vulnerabilities in the Zoom platform. The attack allows hackers to leverage what’s known as “Zoombombing” to infiltrate meetings and possibly access the target’s entire computer system. According to the report, the exploit requires the hacker to be on a call with the victim.

Quentin Rhoads, director of professional services for the cybersecurity firm CRITICALSTART, cautions that so far there’s no proof that the Zoom exploit exists.

“But in security, we are going on the perspective that it might be real, so we have to take it seriously,” Rhoads said. “If somebody were to (use the exploit) they could potentially gain access to all these Zoom meetings without being invited if the meeting I.D. were leaked and Zoom security best practices weren’t being followed. If victims are running Windows, (hackers) could gain local access to machines without the victim knowing it.”

Vice, citing an anonymous source, said the asking price for the Zoom window application exploit is $500,000. The market isn’t hackers looking to snoop on Zoom calls among friends and family. Hackers would be interested in intercepting sensitive conversations and information that businesses want to keep private.

NFL teams have a lot of that. For obvious reasons, the NFL isn’t offering specifics about what security measures it will use for the virtual draft. However, the league said the Microsoft Teams platform, not Zoom, will be used for its communication with teams and vice versa. CRITICALSTART said there have been fewer issues with Teams, but that it’s still possible to hack the platform.

Rhoads’ firm posted tips for NFL teams to safeguard their communication and information. One of them is requiring strong passwords and multifactor authentication to gain access to meeting platforms. An example of the latter is the platform sending users a text message with a code that’s required to gain entry.

“If an attacker decides they want to gain access to your password, they need to kidnap you or find your phone or steal it,” Rhoads quipped.

No NFL team would resort to kidnapping. But we’ve seen how far sports teams will take espionage to gain an advantage.

The NFL punished the Patriots in 2007 for violating NFL rules by taping the Jets’ defensive signals from the sidelines during a game. ESPN reported that New England had a secure room at its facility that contained videotapes of opponents’ signals going back seven seasons. Goodell ordered that evidence be destroyed.

MLB found that the Astros broke the rules by using a video camera sign to steal signs during the 2017 and 2018 seasons. The Astros used the scheme during the 2017 postseason when they won the World Series. MLB fined the Astros $5 million, took away draft picks and suspended general manager Jeff Luhnow and field manager A.J. Hinch.

The schemes executed by the Patriots and Astros required team personnel to be physically present at games. That made those cheating plots relatively easier to detect compared with remote hacking.

NFL teams, like all sports franchises, are paranoid about rivals stealing their information. With the draft now going fully virtual, they have to look out for hackers.

Featured in  Atlanta Journal-Constitution | April 22, 2020

The tax deadline came and went and now is the time when scammers see confusion and opportunity.

“It’s like Christmas for scammers right now. This is as good as it’ll ever get for them,” said Rob Davis, the founder and CEO of Critical Start, a cybersecurity firm. He told Channel 2 Anchor Wendy Corona with a trillion dollars out there for individuals and companies, scammers are out for their share.

“They’re preying on the instincts of good people that maybe are a little bit confused, that doesn’t want to confront the government. If you’ve ever had one of these calls happen to you, they can be pretty intimidating,” said Davis.

His best advice — do not engage. You may get calls, texts, social media messages all aimed at getting you to make contact or click a link and that’s when they strike and steal your information. It’s especially rampant around the normal tax deadline date of April 15th. Some scammers will even send you fake checks.

“It’ll say, ‘Hey if something is wrong on this check call this number.’ The whole goal is to use the check as mechanisms to get you to call somebody so they can steal your information,” Davis said.

Davis warned that the IRS will not text you or aggressively force you to take urgent, immediate action. He also said avoid clicking any links and instead check everything against the IRS.Gov website. “Pause. Take a deep breath. Get some help. Come back to it later. There’s nothing wrong waiting a day. Always be suspicious,” he warned.

The new tax deadline is July 15th and you are not required to file an extension or pay anything until that date.

A recent survey by computer security firm CRITICALSTART showed 66 percent of Super Tuesday voters said they fear the elections aren’t secure — with many believing one of the campaigns would seek to influence the election and others concerned a foreign power, like Russia, might try to interfere.

Jordan Mauriello, CRITICALSTART Senior Vice President of Managed Security, warned that cyberattacks — like denial of service attacks that seek to slow voting computers and other infrastructure through increased traffic — are simple for attackers to pull off and can be difficult to discern from common technical difficulties or other errors.

“Outside of getting honesty from the people who run the infrastructure, there is no way to tell the difference between a technical issue, a bug, an outage, something that is intentionally being disrupted,” he told UPI.

The survey found almost half of voters said paper ballots would make them more confident in the accuracy of elections — and Mauriello acknowledged electronic voting machines, which print bar codes as a mark of accuracy, can be manipulated.

“There’s no way for a human to really validate that a bar code is accurate, so if somebody were to compromise that system and manipulate what it actually writes on the bar code, people would never know the difference.”

Read More

Read Our Survey

Featured in UPI | March 3, 2020

How many times have you typed in the wrong URL? If you’re like us, it happens a lot — but typing the wrong address in your browser and hitting enter can cost you big time.

We all use sites like YouTube and Google, but now, more than ever, criminals are using fake URLs that look like the real ones to steal our identity and more.

“It’s giving them the ability to redirect the large following that these individuals have to their malicious sites. Then they can spread malware phishing campaigns to capture credentials,” said Quentin Rhoads, director of professional services at CRITICALSTART.

READ MORE

Featured in NBC WPIX Pittsburgh | February 26, 2020

Two-thirds of voting-age adults in Super Tuesday states believe the election is vulnerable to foreign interference, a poll by cybersecurity company CRITICALSTART discovered. While most believe their states are trying to address the problem, about half the respondents said they feel more confident with in-person paper ballots, and those who believe their state is secure are 2.3 times more likely to say they would vote on Super Tuesday. Tennessee voters were the most confident, while California and Texas voters were the least.

Read More from Politico

Read Our Report

Featured in Politico Morning Cybersecurity | February 27, 2020

New Survey: 66% of Super Tuesday Voters Fear Elections Aren’t Secure

With less than one week to go before voters in 13 states cast their Presidential Primary Ballots, two-thirds of voting-age adults in Super Tuesday states do not believe their state’s election is secure from hacking or other technological threats. 44% believe one of the campaigns would be responsible for an election hack, while 37% say a foreign government would be the most likely culprit. Other key findings from the survey include:

• 64% believe our elections are vulnerable to foreign interference
• 62% believe their state is at least making an effort to protect against hacking or other technological threats
• 49% say in-person paper ballots would make them more confident in the accuracy of elections
• Voters who believe their state election is secure are 2.3X more likely to vote this Super Tuesday

The survey was conducted on February 24, 2020 and included 1,067 respondents across all 13 Super Tuesday states.

CRITICALSTART CEO, Rob Davis, discusses the security of digital versus paper voting in the 2020 elections in his February 16th interview with FOX5 News – KVVU.

Full Video Transcripts:

They are reminding people there are three more days to vote ahead of the caucus and the Dems says that, so far, over 11,800 people took part in the early vote. Now, we won’t see results from early voting until the 22^nd, which is the day of the caucus itself. The party says they’ll be using a “caucus calculator” on digital devices and a phone hotline to figure out the results. We’re told that only precinct chairs will use the calculator.

This week, we talked to the CEO of CRITICALSTART, a company that helps identify potential cyberthreats. The man we talked to maintains that digital voting can be just as secure as paper voting, as long as it’s planned out correctly. If there’s not enough planning though, either method can lead to inaccurate results.

“Using a Google app, it can be secure, but what we don’t know is: say you are using a Google app, how are people getting access to it? How are they authenticating? To me, the concern I would have is this seems rushed again in an attempt to do something. So I’ll be curious to how that goes out.” – Rob Davis, CEO of CRITICALSTART

Hackers linked to Iran are probing American companies for vulnerabilities, cybersecurity researchers and U.S. government officials say.

The warnings suggest that the next phase of hostilities between the U.S. and Iran, following the Jan. 3 killing of a top Iranian general in an American drone strike, is likely to play out in cyberspace.

The Iranian regime is accused of being behind some high-profile online operations against American targets in recent years.

“Right now what we’re seeing instead is a huge increase in reconnaissance activity,” Jordan Mauriello, SVP of Managed Security at CRITICALSTART, said in an interview with NPR. “Specifically looking for potentially vulnerable servers, data gathering. …They’re kind of preparing the battle plan in the cyberspace.”

READ MORE

Featured in NPR | January 21, 2020