How secure is your data connection at home? Do you trust the Wi-Fi at your local coffee shop or library to keep your laptop safe? Have you ever worried about malware, injections, or other issues for your browsing experience? If you arent fully certain that youre protected and safeguarded against hacking and malicious websites, its time consider a VPN service.

Fortunately for you, were in the middle of a semi-annual sale at the AG Deals Store which lets you save an additional 30% on the already-low prices. Thats right, an extra 30% just because you came around at the right moment!

Weve gathered up ten of the most popular VPN services and solutions in the store with short descriptions and prices. To save that extra money, simply enter coupon code ANNUAL30 at checkout. Use that money to thank yourself for taking the right steps today.

For a limited time you can use that coupon code on all apps and software in the AG Deals Store.

Enhance your browsing, content viewing, and gaming experience with BulletVPN. BulletVPN servers provide a reliable and secure service to protect your traffic from eavesdroppers at home or while on the move.

With industry-standard encryption protocols, they offer high-quality connections and use premium grade carrier lines to provide the fastest possible speeds online. BulletVPN is compatible with Windows, Mac, Android, and iOS. $38.99 $27.29

The internet is crawling with trackers designed to harvest your personal information sometimes for things as innocent as understanding what ads to display on the web for you, sometimes for far more nefarious purposes. Regardless, web tracking ranges from innocuous to deeply serious, and its more important than ever to take precautions to ensure your internet security.

Disconnect blocks trackers and malware across your entire device, allowing you to browse up to 44% faster, using up to 39% less bandwidth, and greatly improve battery life. $19.99 $13.99

In todays age of hackers and spies, its absolutely essential to protect your browsing activity by using a VPN. FastestVPN offers a smart, easy-to-use service for all devices including Windows, Mac, iOS, Android, Smart TV, and your router. As the name implies, this high-powered VPN operates with 99.9% uptime and gives you access to more than 200 high-speed servers around the globe. Plus, with a NAT firewall, ad blocker, anti-malware software, and a strict no logging policy, FastestVPN is extremely committed to your online security. $24.99 $17.49

These days, we keep so much of our personal information stored in accounts we log into on our computers. While quick and convenient, this luxury also brings with it vulnerability. Keeping your bank accounts, credit card numbers, photos and videos, and so much more sensitive information safe should be a top priority.

Cybersecurity has never been more important than it is now in our digital world. How do we make sure all of our information is secure? With a solid VPN. Ivacy VPN allows you to browse with ease and without the stress of worrying about a cyber attack. $39.99 $27.99

Offering HYDRA protection, SlickVPN provides you the most secure connection possible, completely masking your traffic from anyone, anywhere who might try to observe your online activities. Youll go anonymous and nobody will see your real IP address.

In addition to encrypted connection and privacy, SlickVPN gives you unthrottled speed so you can enjoy your online freedom in the smoothest and most reliable level possible. SlickVPN has gateways in over 45 countries, with over 125 gateways available. No matter where you are, SlickVPN is nearby to keep you safe. $19.99 $13.99

Originally posted here:
Semi-Annual Sale: Save an extra 30% on these great VPN deals - AndroidGuys

What we got was neither the unbridled promise of digital cooperation nor a fiery cyber apocalypse. Instead, todays cyber reality seems simultaneously less scary and more of a hot messa series of more frequent, less consequential attacks that add up not to a massive Hollywood disaster but rather to a vaguer sense of vulnerability. This can make it hard to understand whats going on and how bad it really is. Are all these high-visibility cyber events more of the same, or are we living through a new era of cyber warfare?

In some ways, the events of the past few months arent that surprising given the trajectory of cyber activity over the last decade. Theyre the evolution of a steady, somewhat inevitable shift toward using digital tools as a means of international statecraft and political contestation. However, what we are seeing is also subtly different from the way experts had previously thought cyber would affect the international landscape. Over the last decade, authoritarian governments have embraced digital tools and leaned on shadowy gangs of cyber criminals to do some of their dirty work, while the pandemic has made the world reliant on the internet and created a rich world of targets for those seeking money and leverage. As a result, cyberspace may be less apocalyptic than predicted, and more like a termite infestation, eating at the very foundations of our increasingly digital societies. The good news, though, is that the long-sought international consensus on appropriate uses of cyber means within foreign policy may be finally coming togetherwhich means theres hope that todays cyber disorder may eventually abate.

Its true that Russian cyber espionage, cyber criminals, Chinese intellectual property theft and private actors in cyberspace have been with us for years. Hackers affiliated with the Russian government have long used Ukraine as a testbed for hacks on critical infrastructure and governance and military capabilities, all while the Kremlin looked aside at burgeoning cyber criminal activity. Over the past few years, Xi Jinpings China has also built up its cyber capabilities, embarking on large-scale espionage hacks (like the 2015 Office of Personnel Management data exfiltration) and courting widespread economic sanctions for its illicit efforts to steal intellectual property via cyberspace.

At the same time that Russia and China became more capable and more audacious in their cyber campaigns, non-state actorswho have always played an outsize role in cyberspacewere changing the balance of power in the cyber spyware competition. Companies like the Emirati-based DarkMatter recruited talent from across the globe (including former NSA employees) to develop cutting-edge software that can track targeted users phones, monitor their communications and even geolocate them. These commercially created spyware applications were then provided to governmentsmany authoritarianto track dissidents, journalists and international leaders. Most notably, claims have been made that the assassination of Jamal Khashoggi was linked to spyware that the Israel-based NSO group provided to Saudi security officials, who purportedly used it to monitor Khashoggis movements and influence the investigation after the murder (both the Saudi government and NSO deny their involvement).

So, to an extent, Russian-linked ransomware attacks, the collective callout of China for the Microsoft hack and the revelations about the NSO group are more of the same. But theres also something new going on.

First, the geopolitical context in which cyber battles are fought has changed fundamentally. The early Obama administration was relatively restrained in cyberspace, relying on deterrence, limited sanctions and efforts to establish cyber norms through the United Nations. This approach changed under Trump, whose foreign policy adopted a zero-sum view of the world, characterized by great power competition, trade wars and transactional relationships with allies. Accordingly, the Trump administrations cyber efforts put more focus on defending forwarda more aggressive strategy that emphasizes preemptively entering adversaries networks before they launch cyber attackswhile sidelining efforts to create international consensus on cyber warfare. Meanwhile, the simultaneous rise of personalist regimes across the world ushered in a golden age for digital authoritarianism, with dictators embracing artificial intelligence, disinformation, deep fakes and hack and reveal campaigns to cement their power both domestically and in the fracturing international order.

Add to this digital tinderbox a pandemic that not only drove countries apart (physically and ideologically), but also forced them to become more digitally dependent as they turned to automation, remote work and digital bubbles to protect from the physical threat of Covid-19. As court systems, physicians, classrooms and local governance all went virtual, societies struggling with the pandemic became rich targets for cyber criminals. Ransomware attacks increased exponentially, both in scope and in economic cost.

Pandemic-induced vulnerabilities werent just lucrative cyber targets for criminals. They also created new access points for states looking to add more vulnerabilities to their cyber arsenals. Many of the critical infrastructure companies that went fully digital in response to the pandemic are also potential targets for states like North Korea or Iran that want to coerce the more militarily capable United States. The concern is that these states may use cyber vulnerabilities to attack power supplies, data centers or health and human services as the first salvo in a broader geopolitical crisis. This idea of using cyber attacks against critical infrastructure as signals to deter further escalation has been a major concern for onlookers worried that the uptick in cyber intrusions could not only create economic costs, but inadvertently escalate into violent conflictthus creating exactly the situation these cyber attacks were meant to avoid.

A more competitive geopolitical landscape, the rise of digital authoritarians and Covid-induced vulnerability have helped create a final trend: the blurred line between state and non-state actions in cyberspace. Authoritarian governments have looked aside (sometimes purposefully) as groups of cyber criminals with loose or unclear ties to the state became cyber headliners. North Korea has always used cyber criminal campaigns to generate revenue for the regime. Russia has pursued strategic and willful ignorance about criminal cyber activity originating within its borders, and used cyber criminals as a patsy to avoid retribution for state-sanctioned hacking activities. Even China, which a few years ago made a concerted effort to clamp down on its cyber militia of patriotic hackers, seems to have rediscovered the value of state-sanctioned cyber side hustles. The White Houses recent statement on the Microsoft hack accuses China not just of ignoring cyber criminal activity, but actually contracting such criminals to pursue official foreign policy goals.

Governments are now using cyber criminals the way they use other non-state actorslike maritime militias or un-uniformed special operations forcesto achieve foreign policy objectives without engaging in outright conflict. This murky middle is what international relations scholars call the grey zone. Most directly, states can sanction cyber criminal activity to bring in revenue, use non-affiliated organizations to propagate disinformation, or lean on civilian companies and criminals to create technologies and exploits that states can then buy to use against adversaries. More indirectly, non-state actors can generate chaos, confusion and cost all while introducing enough uncertainty about whos really responsible to dissuade states from retaliating. Scholars have frequently viewed these more shadowy cyber actions as less dangerous than traditional war, but they come with the risk of accidentally pushing too far and escalating into conflict.

So the post-pandemic cyber world has more vulnerabilities, more opportunities for economic and political exploitation, and more actors that blur the line between state and non-state involvement. The convergence of these bad-news trends certainly helps explain the battery of recent cyber headlines. However, there is some reason for optimism. The Biden administrations announcement accusing China of the Microsoft hack noted that an unprecedented group of allies and partners including the European Union, the United Kingdom, and NATO are joining the United States in exposing and criticizing the PRCs malicious cyber activities. This is a remarkable achievement given the difficulty of creating international consensus on what states should and should not do in cyberspace. Outside observers might be surprised to learn just how tough it is for states to agree on something even as basic as what a cyber attack is.

The joint callout of China comes a few months after a UN report signed by 25 countries (including China, Russia, and the US) emphasized the need to prevent cyber attacks on critical infrastructure. While this might seem like an obscure report, it was a diplomatic coup, reflecting a hard-fought, multi-year effort to create consensus among countries about how responsible states should behave in cyberspace. This agreement (and the recent US-NATO-EU statement against Chinese hacking) would not have been possible had pandemic-induced cyber vulnerabilities not galvanized international action. The succession of high-visibility cyber events in recent months, paired with a U.S. administration that is prioritizing cyber threats within its foreign policy, may have provided the impetus for the international community to slowly start agreeing on ways to punish problematic cyber activity.

Cyber attacks on hot dog plants or virtual elementary school classrooms may not look like the dystopian end times Panetta and Clapper warned about. But they insidiously eat away at the foundations of digital economies, societies and, ultimately, state power. Today, with these foundations crumbling, we may not need cyber Pearl Harbor analogies to understand the danger of cyber attacks. But can the U.S. and its now-energized allies build on this momentum to reverse the shifts wrought by authoritarian governments, the pandemic and the rise of non-state cyber criminals? Fingers crossed.

CLARIFICATION: This story has been updated to include a more recent estimate for the number of companies hackers were able to access through the Solarwinds breach.

See the original post here:
Opinion | The Cyber Apocalypse Never Came. Heres What We Got Instead. - POLITICO

In May, Colonial Pipeline Companyannouncedthat it was the victim of a ransomware attack that led to temporary disruption in the delivery of gasoline and other petroleum products across much of the southeast U.S. This cyberattack exemplifies the cybersecurity threats to critical infrastructure that we at GAO have reported on and testified about for many years.

Yesterday, GAOs Leslie Gordonan acting director in our Homeland Security and Justice Teamtestified before the Senate about steps the federal government has taken to address pipeline security, including since the May attack, and what weaknesses remain.

View video clips from her testimony and read on to learn more:

Weaknesses in TSAs efforts

The Transportation Security Administration (TSA) has primary oversight responsibility for the physical security and cybersecurity of pipeline systems. Prior to the cyberattack in May, TSAs efforts included issuing voluntary security guidelines and performing security reviews of privately owned and operated pipelines.

In 2018 and 2019, we identified some weaknesses in TSAs oversight and guidance, and made recommendations, most of which TSA addressed. TSA clarified its pipeline security guidelines, improved performance monitoring, assessed staffing needs, and updated guidance on federal roles and responsibilities. However, as of June, TSA had not fully addressed 2 key weaknesses:

Weaknesses in government-wide efforts

The attack on Colonial Pipeline highlights the urgent need to address long-standing cybersecurity challenges facing the nation. Most systems and networks used today, including those that are part of our nations critical infrastructure, are interconnected with other systems and the internet, and because of this they are vulnerable to cyberattacks.

The federal government must take immediate steps to prevent, more quickly detect, and mitigate the damage of future cyberattacks. In particular, our testimony yesterday highlighted the need for the government to develop and execute a more comprehensive federal strategy for national cybersecurity and global cyberspace. Since 2010, we have made nearly 3700 recommendations to agencies aimed at remedying cybersecurity shortcomings. As of July 2021, more than 950 of those recommendations are not yet implemented. We will continue to assess and report on critical infrastructure cybersecurity protection.

Read more:
Our Testimony to Congress on Efforts to Secure Oil and Gas Pipelines Against Cyberattacks (video) - Government Accountability Office

UABs cybersecurity masters program is preparing a new workforce for a booming field with ever-increasing demand and a shortage of skills. The program has a unique focus on both cyber defense and cyber investigations.

Lindsey Sandlin Photo by: Andrea MabryJust weeks before Colonial Pipeline was devastated by the most high-profile infrastructure cyberattack in United States history in May, the company posted an ad on LinkedIn for Manager, Cyber Security. Colonial was searching for a masters-trained professional who could create and maintain an incident response plan and processes to address potential threats, according to Bloomberg News.

Colonials position, like many others in the hot cybersecurity job market, went unfilled, resulting in a catastrophic shutdown, global headlines and long lines at pumps across the eastern United States.

The stakes are not always this high; but according to the 2021 State of the CIO survey from the publication CIO, cybersecurity jobs are the most challenging IT jobs to fill right now, surpassing AI/machine learning and data science/analytics. The U.S. Bureau of Labor Statistics projects that jobs in the information security analyst category will grow 31 percent (adding more than 40,000 jobs) by 2029, much faster than the average. The pay is attractive as well; the median salary in 2020 was $103,590 per year.

All of this is not news to Nitesh Saxena, Ph.D., professor in the Department of Computer Science and co-director of the Master of Science in Cyber-Security program at the University of Alabama at Birmingham, a joint program of the computer science department and the Department of Criminal Justice.

This is a very popular area with ever-increasing demand and a shortage of skilled applicants, Saxena said. Most of our students go straight into jobs in industry with private companies and government organizations.

Ransomware is clearly an important threat, Saxena said. But our program actually focuses on much broader issues. Our goal is for our students to have holistic experience in cyberattack prevention, detection, forensics and recovery. We graduate lifelong learners who can adapt to address the new challenges that will always appear in this ever-changing area.

Despite the soaring media coverage, ransomware is one of the lower entries on the FBIs 2020 Internet Crime Report. Business Email Compromise, the leading category, totaled $1.8 billion in reported losses in 2020. (Ransomware totaled just over $29 million, although the FBI notes that this number does not include estimate of lost business, time, wages, files or equipment.) More than 30 separate categories of attack are detailed in the Internet Crime Report, from confidence fraud and identity theft to credit card fraud, extortion and corporate data breaches. Overall, internet crime complaints rose 70 percent in 2020 over 2019, with reported losses exceeding $4.2 billion.

Graduates of UABs masters program are trained to make an impact on these staggering figures. One key differentiating factor of UABs program is that it is run jointly with the criminal justice department, Saxena said. It has a typical Cyber Defense track, but also a Cyber Crime Investigations track, which is unique across the entire nation and worldwide.

The Cyber Crime Investigations track enables students to move beyond simply responding to an attack and into determining where it came from and who was behind it, says Jeffery Walker, Ph.D., professor and chair of the Department of Criminal Justice and co-director of the Cyber-Security masters program. This can aid in stopping the attackers before they strike again. Students in the program also have the opportunity to work in the Computer Forensic Research lab at UAB, Walker said: Here they work directly on large-scale cybersecurity projects for financial institutions, corporations and the federal government. This gives them an added advantage when they graduate because they have real-world experience.

Students in the program also have the opportunity to work in the Computer Forensic Research lab at UAB: Here they work directly on large-scale cybersecurity projects for financial institutions, corporations and the federal government. This gives them an added advantage when they graduate because they have real-world experience.

The Cyber Crime Investigations track was particularly appealing to current student Lindsey Sandlin, who has an undergraduate degree in criminal justice with a minor in cyber criminology. The masters program at UAB is ideal for a student like me who wants a combination of both specialties, she said. Sandlin has taken a special interest in digital forensics courses that have trained her in everything from investigating email spam to learning how to examine encrypted phones.

Sandlin also was attracted by UABs designation as a site for the National Science Foundation Cybercorps Scholarship for Service program, which offers stipends of $34,000 per year, covers expenses including education-related fees, professional development and books, and even includes a health insurance reimbursement allowance. In return, students complete an internship with a federal, state, local or tribal government organization in a position related to cybersecurity and work in such an organization after graduation for a period equal to the length of their scholarship.

The NSF pays scholarships for bright students to pursue degrees in cybersecurity, and these students then work for the government in cybersecurity fields, Saxena said. It is a win-win for both students and the government.

Sandlin has already received a job offer and will be moving to Washington, D.C., after graduation in August 2021. I plan on continuing employment within the government working in digital forensics for the long term, she said.

Payton Walker, who earned his masters degree at UAB in 2019, is now pursuing a doctoral degree with Saxena as his mentor. When I started reading about the cybersecurity field, I immediately became interested, Walker said. The idea of working to improve national security was very appealing.

Walker researched UABs masters program and thought it was a good fit. He also was intrigued by the studies going on in Saxenas SPIES (Security and Privacy in Emerging computing and networking Systems) research group. They were working on some very interesting projects that sparked my curiosity about conducting research, including an analysis of how smartphone motion sensors can be used to eavesdrop on private conversations, Walker said. I was able to shadow and work under the lead student on this project, Abhishek Anand, and later expanded on this research area for my Ph.D. work.

Walker, like Sandlin, has earned an NSF CyberCorps scholarship. I chose to pursue a Ph.D. mainly for additional training for the workforce, he said. I would like to work for a federal agency or federally funded research center as a research scientist. Walkers one-year work commitment is deferred while he is finishing his doctorate, but afterward I will be expected to work for a federal agency or other institute that is federally funded, he said. But this is exactly what he wanted, Walker explains. I am most interested in working for the federal government and conducting research to aid national security, he said. Ideally, I would like to work for a federal agency like the Department of Energy in one of their cybersecurity research laboratories and participate in the cutting-edge research that they do.

Walker already has considerable experience in groundbreaking cybersecurity investigations and is a co-author on four publications so far thanks to his work with the SPIES lab. My research focuses on side-channel speech attacks in the vibration domain as well as speech attacks against modern voice-controllable Internet of Things systems, such as smart speakers from companies such as Google and Amazon, he said.

Our students get the chance to contribute to research that is pushing the boundaries of cybersecurity, and they present their work at major conferences and meetings, Saxena said. This is invaluable experience, no matter where they choose to work, whether in industry or in government.

Read more from the original source:
Meet the UAB students training to stop ransomware and other digital threats - UAB News