Weekly Security Roundup with Clinton Pownall

By Clinton Pownall
 President & CEO
 Computer Business

“Clean-up on Aisle 9 … The Russians Ate Our Lunch.” A bipartisan group in the U.S. Congress has introduced the Cyber Diplomacy Act of 2021 to establish an Office of International Cyberspace Policy within the State Department. The bill also aims to promote American international leadership on cybersecurity,  according to a report in CSO Online. Jim Langevin (D-RI), Chairman of the House Armed Services Committee’s Subcommittee on Cyber, Innovative Technologies, and Information Systems, says the bill is aimed at providing a more robust response to state-sponsored cybercrime, including establishing and enforcing behavioral norms in the wake of the SolarWinds attack. CSO Online quotes Langevin as saying: “The sooner that the State Department can start taking a leadership role, the better. It’s definitely a ‘clean-up on aisle nine’ on our international front. The Russians ate our lunch.”

“Beware: AOL Phishing Email States Your Account Will be Closed.” That’s the headline of a story in Bleeping Computer, which notes that AOL users tend to be older, and are thus prime targets for phishing attacks. Even if you don’t have an AOL account, there are important lessons to be learned here. As we’ve often mentioned, phishing attacks tend to have an urgent call to action, just as this one does: “We don’t want to say goodbye!” the phony e-mail reads. “We noticed you haven’t updated your account information recently, and since your security is our top priority, we plan to close this account as soon as possible. It’s going to take 3 days unless you act soon. Unless you verify this account, it will be closed in 72 hrs.” If a reader clicks on the link they are taken to a page where they are asked to provide their username and password—exactly what the attackers are after. If you, or someone you know, has fallen for this, the article provides guidance on what to do next (including changing your password . . . and if you can’t, it means your account has already been taken over, and you need to contact AOL.)

Applying for Unemployment from Prison . . . a $100 Million Scam. Krebs on Security reports that the U.S. Labor Department’s inspector general found that roughly $100 million in fraudulent unemployment insurance claims were paid in 2020 to criminals who are already in jail. A report from the Labor Department’s Office of Inspector General (OIG), found that “From March through October of 2020, some $3.5 billion in fraudulent jobless benefits—nearly two-thirds of the phony claims it reviewed—was paid out to individuals with Social Security numbers filed in multiple states. Almost $100 million went to more than 13,000 ineligible people who are currently in prison.” Krebs on Security notes that “The OIG acknowledges that the total losses from all states is likely to be tens of billions of dollars.” The article looks at a company called ID.me, that several states are using to thwart such fraud.

Embracing a Zero Trust Security Model. That’s the title of a report recently released by the National Security Agency (NSA). The report provides a good overview of the Zero Trust concept—which in simple terms simply means that end user devices, such as PCs, laptops, iPads and such shouldn’t be trusted even if they are connected to a managed corporate network and even if they were previously verified as being secure. It basically changes former President Ronald Reagan’s Cold War era slogan “Trust but Verify” to “Don’t Trust and Always Verify.” Zero Trust, with its continuous verification, combined with constant security monitoring and granular risk-based access control and other measures is designed to limit the chances of an intruder gaining access, as well as to reduce what they could do once inside a network.

Clinton A. Pownall is the President & CEO of Computer Business Consultants and has been in the IT field since 1990. Pownall served in the U.S. Navy for six years as a Weapons Systems Technician and has a Bachelor of Science in Computer Engineering. Through Computer Business, he was one of the first to pioneer VoIP technology using satellite communications. Pownall serves on several boards and committees and has a strong affiliation with various education groups, local school districts, and served in regional efforts of the Bill & Melinda Gates NextGen Foundation. He serves as a Vice President of the Board of Director for the Orlando Shakes Theater and is heavily involved in the South Lake Chamber of Commerce, West Orange Chamber of Commerce, and the Orlando Economic Partnership.