Fileless Malware: A New Threat in the Cybersecurity Field

Published with Permission by:
Lint, James R., “Fileless Malware: A New Threat in the Cybersecurity Field”, In Cyber Defense, 29 June 2017, Web, http://incyberdefense.com/james-lint/fileless-malware-new-threat-cybersecurity-field/

By James Lint
Faculty Member, School of Business, American Military University
Senior Editor for
 In Cyber Defense and Contributor, In Homeland Security

Currently, threats to your computer often involve some type of virus or hostile file. But fileless malware is a new and growing hazard in cybersecurity. Consequently, it presents a danger to companies and individuals.

Fileless Malware Leaves Few Traces on Your Computer

What is fileless malware? Zeltser Security Corporation defines fileless malware as “malware that operates without placing malicious executables on the file system. Though initially fileless malware referred to malicious code that remained solely in memory without even implementing a persistence mechanism, the term evolved to encompass malware that relies on some aspects of the file system for activation or presence.”

The fact that there is no file to detect, similar to a virus, makes fileless malware difficult for your antivirus software to find. It also makes protection against malware more difficult, now and in the future.

Cybersecurity Community Becoming Aware of Fileless Malware Threat

In June, the Cyber Security Awareness Lunch and Learn event in Las Vegas hosted by MJ Computer Concepts featured a speaker from the US Secret Service (USSS).  This was the same Special Agent  who also hosted the USSS Electric Crimes Task Force (ECTF) in Las Vegas.  The speaker at the Task Force meeting was Dr. Anthony J. Carcillo on the topic of fileless malware.

The U.S. Secret Service has two major areas of responsibility. The traditional and best-known mission is the protection of senior executive branch leaders. The older mission for the USSS is financial crimes, which include the prevention and investigation of counterfeit U.S. currency, U.S. treasury securities and the investigation of major fraud. This second mission has the modern USSS involved with modern cybercrimes.

During the Lunch and Learn, by MJ Computer Concepts and the ECTF meeting with Dr. Cardillo both discussed the need to protect your computer system. Both of these speakers had similar comments on the criticality of software updates and backups. The information from Dr. Carcillo was thought-provoking because there is very little information in the public domain about fileless malware.

Staying Informed Is Your Best Protection against Fileless Malware

The United States Computer Emergency Readiness Team (US-CERT) regularly publishes information about cybersecurity threats. Reviewing the US-CERT website is a useful way to learn about current threats. Also, you can sign up for tips and emails on new cyber vulnerabilities.

Failing to Update Software Increases Vulnerability to Attack

Discussions at recent cybersecurity events have shown that there is a common reason why victims are selected and attacked. Hackers commonly exploit security weaknesses in computers with outdated software, because those computers are more vulnerable to attackers. In some cases, computer owners neglected to install software updates to protect their computers and data.

What You Can Do to Improve Your Security

There are simple measures you can take to protect your computer. CNN Money Tech stated, “First, install any software updates immediately and make it a regular habit. Turn on auto-updaters where available (Microsoft offers that option). Microsoft also recommends running its free anti-virus software for Windows.”

Another way to protect your files is to use a cloud-based storage service. Cloud storage companies normally keep all their systems updated with the newest software protection and backups in case of a problem.

There are other ways to protect your computer from an attack:

  • Use a backup program for your personal or business computer.
  • Buy two or more USB hard drives and use them to run incremental backups. Use one USB hard drive at a time and set it to back up your computer files for a week. Then, change to a different hard drive and conduct backups.

If you use multiple drives for backups, valuable files and pictures will remain safer, even if your current drive gets corrupted or attacked by ransomware. The more hard drives you have in your rotation, the more likely it is that your earlier files will not become corrupted.

  • Do not click on a link that you do not recognize or download files from sources you do not know.

Although updating your systems and backing up your files is time-consuming, these computer tasks are necessary to protect you from cyberattacks. With all of the problems that viruses, ransomware and malware create, simple protective measures are worth your time and money.

About the Author

James R. Lint recently retired as the (GG-15) civilian director for intelligence and security, G2, U.S. Army Communications Electronics Command. He is an adjunct professor at AMU. James has been involved in cyberespionage events from just after the turn of the century in Korea supporting 1st Signal Brigade to the DHS Office of Intelligence and Analysis as the first government cyber intelligence analyst. He has 38 years of experience in military intelligence with the U.S. Marine Corps, U.S. Army, government contracting and civil service.

Additionally, James started the Lint Center for National Security Studies, a nonprofit charity that recently awarded its 45th scholarship for national security students and professionals. James was also elected as the 2015 national vice president for the Military Intelligence Corps Association. He has also served in the Department of Energy’s S&S Security Office after his active military career in the Marine Corps for seven years and 14 years in the Army. His military assignments include South Korea, Germany and Cuba, in addition to numerous CONUS locations. In 2017, he was appointed to the position of Adjutant for The American Legion, China Post 1. James has authored a book published in 2013, “Leadership and Management Lessons Learned,” a book published in 2016 “8 Eyes on Korea, A Travel Perspective of Seoul, Korea,” and a new book in 2017 Secrets to Getting a Federal Government Job.”

Cyber Security Professionals Must Prevent Attacks or Be Terminated

Published with Permission by:
Lint, James R., “Cyber Security Professionals Must Prevent Attacks or Be Terminated”, In Cyber Defense, 14 June 2017, Web, http://incyberdefense.com/james-lint/cyber-security-professionals-must-prevent-attacks-terminated/

By James Lint
Faculty Member, School of Business, American Military University
Senior Editor for
 In Cyber Defense and Contributor, In Homeland Security

My recent article, “Cyber Defenders Are Often Not Fired, When Others Would Be” stirred responses from many physical security professionals. The common theme was that there are standards in physical security, but the cyber security problem is too difficult to solve. Cyber defenders, however, know standards and solutions are available.

Cyber Defense Standards Can Be Found

The National Institute of Standards and Technology (NIST) has created a cyber security framework for private sector organizations to assess their ability to prevent, detect and respond to cyberattacks.

The “The Framework, which was created through collaboration between industry and government, consists of standards, guidelines, and practices to promote the protection of critical infrastructure.”

Also, on May 11, 2017, the White House released a Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure.

The United States Computer Emergency Readiness Team, a division of the Department of Homeland Security, (US-CERT) website states that US-CERT “strives for a safer, stronger Internet for all Americans by responding to major incidents, analyzing threats, and exchanging critical cybersecurity information with trusted partners around the world.”

The US-CERT website has numerous publications, alerts, tips, and resources. It is updated daily, and has many ways to be contacted.  Any cyber defenders who have not signed up for the alerts and tips email list are missing good professional development and also timely protection information for their organizations.

Comparisons of Physical Security and Cyber Security

Many physical security personnel are not trained in cyber security, just as many cyber security personnel are not trained in physical security. Training helps both.

Physical security specialists are trained for many different sectors such as government security, security for intelligence facilities, shopping centers, banks, and hospitals. No one is an expert in all of those sectors. The security standards for a Top Secret intelligence facility are much different from those of a hospital. In turn, a hospital security is different than that of a bank.  With all the knowledge needed in these sectors, why would some people think they can also be experts in cyber security/defense?

Cyber Defenders Must Install Updates

Companies that do not upgrade their software are as derelict as those companies that leave a door open to thieves.

On Friday, May 12, the BBC reported an international ransomware attack involving hackers using ransomware called WanaCrypt0r 2.0. As many as 74 countries, including the U.K., U.S., China, Russia, Spain, Italy and Taiwan, were affected. Thousands of computers were locked by a program that demanded $300 in Bitcoin for each hacked computer. But in March Microsoft had issued the first patch to prevent the WannaCry attack.

That means all those companies and officials who were affected by WannaCry Ransomware could have prevented the attack if they had installed Microsoft’s update and upgrades two months earlier.

Why are boards of directors not firing CIOs and senior IT managers who fail to take steps to prevent cyberattacks?  Why are they not firing CEOs who did not ensure that their CIOs and IT managers implemented the Microsoft update patches? Why do they treat cyber security personnel so cavalierly but do not reprimand or fire physical security personnel who make similar errors?

Visual Comparison of Security Physical Holes and Unpatched or Upgraded Networks

If a company does not repair a large hole in its building for two months, wouldn’t that be cause for termination of its security manager? Would that business’s insurance company continue to insure a firm with a large hole in its building?

If you don’t patch a hole in your fence, people will think you are incompetent or lazy. If you leave a large hole in your building you should be fired for cause. Why do we not hold CIOs to the same standard of responsibility? It really is that simple. There will be new innovative hacks in the future. But any security professional who does not deal with existing vulnerabilities should be fired.

About the Author

James R. Lint recently retired as the (GG-15) civilian director for intelligence and security, G2, U.S. Army Communications Electronics Command. He is an adjunct professor at AMU. James has been involved in cyberespionage events from just after the turn of the century in Korea supporting 1st Signal Brigade to the DHS Office of Intelligence and Analysis as the first government cyber intelligence analyst. He has 38 years of experience in military intelligence with the U.S. Marine Corps, U.S. Army, government contracting and civil service.

Additionally, James started the Lint Center for National Security Studies, a nonprofit charity that recently awarded its 45th scholarship for national security students and professionals. James was also elected as the 2015 national vice president for the Military Intelligence Corps Association. He has also served in the Department of Energy’s S&S Security Office after his active military career in the Marine Corps for seven years and 14 years in the Army. His military assignments include South Korea, Germany and Cuba, in addition to numerous CONUS locations. In 2017, he was appointed to the position of Adjutant for The American Legion, China Post 1. James has authored a book published in 2013, “Leadership and Management Lessons Learned,” in 2016 “8 Eyes on Korea, A Travel Perspective of Seoul, Korea,” and a new book in 2017 Secrets to Getting a Federal Government Job.”

WannaCry Ransomware Leads to Discovery of Earlier Hack

Published with Permission by:
Lint, James R., “WannaCry Ransomware Leads to Discovery of Earlier Hack”, In Cyber Defense, 06 June 2017, Web, http://incyberdefense.com/news/wannacry-ransomware-leads-discovery-earlier-hack/

By James Lint
Faculty Member, School of Business, American Military University
Senior Editor for
 In Cyber Defense and Contributor, In Homeland Security

There is a new attack related to the recent international WannaCry (also known as WanaCrypt0r 2.0) hack that occurred between May 12 and May 14. As of May 14, this hack had affected more than 70,000 computers and netted the hackers at least $15 million.

Yahoo Tech News reported that “The new attack targets the same vulnerabilities the WannaCry ransomware worm exploited but, rather than freeze files, [it] uses the hundreds of thousands of computers believed to have been infected to mine virtual currency.”

Bitcoin and other cyber currencies can be mined by allowing your computer to be used to solve math problems. In the past, it has been something that people volunteered to do to earn cybercurrency.

Filipino news source Agence France-Press states, “virtual currencies such as Monero and Bitcoin use the computers of volunteers for recording transactions. They are said to “mine” for the currency and are occasionally rewarded with a piece of it.”

WannaCry Hack Led Researchers to Discover Earlier Malware Attack

ABC News reported that “While investigating the WannaCry ransomware attacks, researchers at the cybersecurity firm Proofpoint stumbled upon another ‘less noisy’ form of malware called Adylkuzz that, the firm says, has likely generated millions of dollars in cryptocurrency for the unknown attackers.” Monero, a cybercurrency, has been named as a target for Adylkuzz.

“I would say the real-world impact of this attack is going to be more substantial than WannaCry,” Ryan Kalember, the senior vice president for cybersecurity at Proofpoint, told ABC News. “Ransomware is painful, but you can restore operations relatively quickly. Here, you have a huge amount of money landing in some bad people’s hands. That has geopolitical consequences.”

Proofpoint identified Adylkuzz attacks dating back to May 2. Those attacks predate the WannaCry attacks, making Adylkuzz the first known widespread use of the leaked NSA hacking tools. It remained undetected for so long, Kalember says, because its impact on users is far less noticeable than ransomware.

“It takes over your computer, but you probably don’t notice anything other than that the system runs really slow,” Kalember said. “Your computer might be mining cryptocurrency for some very bad people.”

Does the US Dominate the Strategic Cyber Battlefield?

The U.S. Army has published doctrine for Army Field Manual 3-12, “Cyberspace and Electronic Warfare Operations.” This manual notes that the U.S. may not dominate the cyber battlefield. The doctrine seeks to upgrade tactics and techniques for cybersecurity, while realizing that cybersecurity is a domain of combat, just as air, land and sea are domains.

Ryan Kalember at Proofpoint and many others have indicated that North Korean-backed hackers called the Lazarus Group might be responsible for the WannaCry hack. This group has been linked to a similar cryptocurrency mining attack in late 2016. However, no final attribution for the WannaCry hack has been determined, because attribution often takes months to complete.

North Korea Could Be Earning Funds from Cyber Attacks

North Korea has suffered sanctions for decades. Pyongyang’s recent actions of increasing construction of nuclear and missile facilities and missile tests have caused other countries to call for increased sanctions.

How is North Korea able to afford its nuclear program? The country could be behind cybercurrency mining.

The cyber battlefield is level with many countries focusing on cyber tools. Some of these countries are experiencing financial difficulties due to sanctions and embargoes.

By turning to cybercurrency, these countries are attempting to solve their financial problems through cybercurrency mining or ransomware. Their actions could be solutions to the diplomatic actions against them. While diplomatic and military tactics controlled rogue nations in the past, they are less effective in today’s cyber environment.

How to Protect Your Computer from Ransomware Attacks

To better protect your own computer, update your operating system often. Microsoft issued the first patch to prevent the WannaCry attack in March 2017.

A second update has been issued to block Adylkuzz. If you do not take care of your computer, you will be at risk. You will be vulnerable to ransomware and other attacks. If your computer’s operating system is running slowly, be sure to update it and your antivirus software at the same time.

Stay secure!

About the Author

James R. Lint recently retired as the (GG-15) civilian director for intelligence and security, G2, U.S. Army Communications Electronics Command. He is an adjunct professor at AMU. James has been involved in cyberespionage events from just after the turn of the century in Korea supporting 1st Signal Brigade to the DHS Office of Intelligence and Analysis as the first government cyber intelligence analyst. He has 38 years of experience in military intelligence with the U.S. Marine Corps, U.S. Army, government contracting and civil service.

Additionally, James started the Lint Center for National Security Studies, a nonprofit charity that recently awarded its 45th scholarship for national security students and professionals. James was also elected as the 2015 national vice president for the Military Intelligence Corps Association. He has also served in the Department of Energy’s S&S Security Office after his active military career in the Marine Corps for seven years and 14 years in the Army. His military assignments include South Korea, Germany and Cuba, in addition to numerous CONUS locations. In 2017, he was appointed to the position of Adjutant for The American Legion, China Post 1. James has authored a book published in 2013, “Leadership and Management Lessons Learned,” in 2016 “8 Eyes on Korea, A Travel Perspective of Seoul, Korea,” and a new book in 2017 Secrets to Getting a Federal Government Job.”

Cyber Defenders Are Often Not Fired, When Others Would Be

Published with Permission by:
Lint, James R., “Cyber Defenders Are Often Not Fired, When Others Would Be”, In Cyber Defense, 01 June 2017, Web, http://incyberdefense.com/news/cyber-defenders-often-not-fired-others/

By James Lint
Faculty Member, School of Business, American Military University
Senior Editor for
 In Cyber Defense and Contributor, In Homeland Security

If a security guard does not make his rounds at night and a door is left open, should he get in trouble with his superiors? Should he be reprimanded? If a robbery occurs because of the open door, should he be fired?

Is it fair then that cyber defenders or information technology security specialists are not fired after a cyberattack?

Cyber defense used to be a safe job after a crisis, if the IT specialists had documented what the company needed to protect itself from a cyberattack and management did not act on those recommendations and purchased the products or services that could have enhanced security.

Cyber Security Is Still Undefinable

Yahoo, LivingSocialFacebook and Twitter spent millions of dollars to protect their networks and data. Yet all were victims of massive cyberattacks. They discovered the truth in the security managers’ words of wisdom that “there really is no such thing as perfect security.”

Any system, building or company can be penetrated. No set of security measures will completely protect against determined cyber hackers. Security continues to evolve based on the threat actors.

If any company used the same security and firewalls today as it did in 2005, even amateurs in the security field would laugh. It would probably be smarter to invest in a welcome mat instead of a 2005 firewall. (There is a possibility that they would cost the same.)

What Cyber Defense Managers and CIOs Need to Do to Protect Their Jobs

In 2013, a credit card breach at Target put 40 million shoppers at risk. In the end, the CEO and the chief information officer lost their jobs. The incident illustrated how a cyber security incident can affect cyber leaders and managers.

The IT Security for Managers website noted that “Target, in fact, passed their compliance requirements several months before the breach occurred, but as evidence now clearly shows, they were not secure.”

To prove its point that compliant does not mean secure, the website recalled a historic tragedy. “[T]he Titanic was actually compliant with the British Board of Trade, which required all boats over 10,000 metric tons to have 16 lifeboats. It didn’t matter how many passengers were on board. Just put 16 lifeboats on. So was the Titanic compliant? Yes. Did compliance avoid a tragedy? No.”

Law360, a LexisNexis company website, reported on an internal probe of Yahoo’s “trio of data breaches believed to have affected at least 1.5 billion users.” The probe concluded that certain senior executives failed to adequately respond to the incident. As a result, Yahoo‘s general counsel resigned and CEO Marissa Mayer’s annual bonus for 2016 was withheld.

Protect Yourself and Your Organization

Documenting company safeguards is critical when corporate executives have to go to court for a breach of contract dispute or for a management hearing for termination. Here is a brief checklist that can help to protect you and your organization:

  • Know where your security response plans and procedures are located.
  • Can you prove you exercised those plans?
  • Did senior managers participate so they knew their responsibilities and can support you?
  • Alternatively, were senior managers notified of the exercises?
  • If not, why not?

Not involving senior managers in cyberattack plans, procedures and resolutions can be a career-ending decision. Cyber defenders should have written documentation to that effect. Every exercise should have a post-action report that shows what was learned, what was performed well, and where the weaknesses in training, equipment and processes were.

Free Information and Government Readiness

The Department of Homeland Security’s “Ready” program has information on before, during and after a cyber incident. The DHS also has information and a monthly newsletter at its Stop. Think. Connect. campaign.

A more technical email list is from the United States Computer Emergency Readiness Team (US-CERT) provides a more technical mailing list.

The information is out there to protect your organization. So stay secure!

About the Author

James R. Lint recently retired as the (GG-15) civilian director for intelligence and security, G2, U.S. Army Communications Electronics Command. He is an adjunct professor at AMU. James has been involved in cyberespionage events from just after the turn of the century in Korea supporting 1st Signal Brigade to the DHS Office of Intelligence and Analysis as the first government cyber intelligence analyst. He has 38 years of experience in military intelligence with the U.S. Marine Corps, U.S. Army, government contracting and civil service.

Additionally, James started the Lint Center for National Security Studies, a nonprofit charity that recently awarded its 45th scholarship for national security students and professionals. James was also elected as the 2015 national vice president for the Military Intelligence Corps Association. He has also served in the Department of Energy’s S&S Security Office after his active military career in the Marine Corps for seven years and 14 years in the Army. His military assignments include South Korea, Germany and Cuba, in addition to numerous CONUS locations. In 2017, he was appointed to the position of Adjutant for The American Legion, China Post 1. James has authored a book published in 2013, “Leadership and Management Lessons Learned,” in 2016 “8 Eyes on Korea, A Travel Perspective of Seoul, Korea,” and a new book in 2017 Secrets to Getting a Federal Government Job.”

Hacking Assistance for Social Oversharing

Published with Permission by:
Lint, James R., “Hacking Assistance for Social Oversharing”, In Cyber Defense, 30 May 2017, Web, http://incyberdefense.com/news/happy-birthday-hacking-assistance-social-oversharing/

By James Lint
Faculty Member, School of Business, American Military University
Senior Editor for
 In Cyber Defense and Contributor, In Homeland Security

For some 40 years, the U.S. military has required all service personnel to wear identity tags, also known as dog tags, which include each soldier’s Social Security Number (SSN). In the recent years, dog tags provide a name, SSN, blood type and religion. All are essential items when soldiers are injured or worse.

Now the Army is changing the dog tag to protect soldiers’ data. It will switch to a 10-digit, randomly-generated number on an as-needed basis, said Michael Klemowski, Soldiers Programs Branch chief, U.S. Army Human Resources Command. The first to get the new dog tags will be those units being deployed into hostile locations.

One reason for the change is that in today’s battlefield, being captured wearing a dog tag with the soldier’s name and SSN could create trouble for the soldier and his family. The enemy is savvy and could use the SSN and the Internet to exploit bank accounts and other personal data.

Even in an organization as tradition-bound as the U.S. Army, change is possible. This switch to a 10-digit dog tag should be an example to other organizations that use or require more privacy data than needed on identification badges or other forms of ID.

Avoid an Un-Happy Birthday by Keeping Certain Data off the Internet

When people post their birthday on social media such as Facebook or LinkedIn, they expect to receive many Happy Birthday greetings for a couple of days before and after their birthday.

There is also the possibility they could have an unhappy birthday, too. Posting a birth date can be used by hackers to reset passwords on email accounts, bank accounts and other personal apps.

Sadly, some websites will ask for your birthday as an identity check. Often, they are not looking to know someone’s age, just what is stated as that person’s age for their inquiry verification. But that information is now in a database.

Cyber Security Defenders Call Birthday Data Vulnerabilities

Professor Herbert H. Thompson asked some of his acquaintances for permission to break into their online banking accounts. The goal was to access their online accounts using the information about them, their families and acquaintances that is freely available online.

He described his hack into a bank account in an article in Scientific American: “In a rare moment of clarity, I simply searched her [university email server] for ‘birthday.’ She made a reference to it on a post that gave me the day and month but no year.”

Thompson’s guess of her birth year turned out to be off by only one year. That was enough to successfully change her passwords, because of the number of attempts allowed on the email system.

Hackers call these attempts guesses; cyber security defenders call them vulnerabilities.

“A birth date, along with a name and hometown, can be used in a formula to recreate your Social Security information,” cyber security expert John Sileo told ABC News. “And, those are three defaults on Facebook.”

Your Birthday Can Lead To Your SSN

“[M]ost of the SSN-related ID theft problems have resulted from institutions that were careless with their record keeping, allowing SSNs to be harvested in bulk,” says ARS Technica. But a “pair of Carnegie Mellon researchers has now demonstrated a technique that uses publicly available information to reconstruct [individual] SSNs with a startling degree of accuracy.”

This came from a 2009 article. Most of us would readily agree that technology has changed a lot since then. The hackers too are much more advanced.

Industry Must Adopt Data Protection Methods Like the Army Has Done

We see the U.S. Army make improvements in data protection. Now we need to see similar improvements in industry. The future is bright for cybersecurity engineers, innovators and inventors. There is a wide-open race to build security safeguards into the programs and devices we use.

About the Author

James R. Lint recently retired as the (GG-15) civilian director for intelligence and security, G2, U.S. Army Communications Electronics Command. He is an adjunct professor at AMU. James has been involved in cyberespionage events from just after the turn of the century in Korea supporting 1st Signal Brigade to the DHS Office of Intelligence and Analysis as the first government cyber intelligence analyst. He has 38 years of experience in military intelligence with the U.S. Marine Corps, U.S. Army, government contracting and civil service.

Additionally, James started the Lint Center for National Security Studies, a nonprofit charity that recently awarded its 45th scholarship for national security students and professionals. James was also elected as the 2015 national vice president for the Military Intelligence Corps Association. He has also served in the Department of Energy’s S&S Security Office after his active military career in the Marine Corps for seven years and 14 years in the Army. His military assignments include South Korea, Germany and Cuba, in addition to numerous CONUS locations. In 2017, he was appointed to the position of Adjutant for The American Legion, China Post 1. James has authored a book published in 2013, “Leadership and Management Lessons Learned,” in 2016 “8 Eyes on Korea, A Travel Perspective of Seoul, Korea,” and a new book in 2017 Secrets to Getting a Federal Government Job.”

Ransomware Escalates To a Near Nation-State Attack in the UK

Published with Permission by:
Lint, James R., “Ransomware Escalates To a Near Nation-State Attack in the UK”, In Cyber Defense, 15 May 2017, Web, http://incyberdefense.com/james-lint/ransomware-escalates-near-nation-state-attack-uk/

By James Lint
Faculty Member, School of Business, American Military University
Senior Editor for
In Cyber Defense and Contributor, In Homeland Security

On Friday, May 12, the BBC reported an international ransomware attack involving hackers using ransomware called WanaCrypt0r 2.0. The BBC stated, “There have been reports of infections in as many as 74 countries, including the U.K., U.S., China, Russia, Spain, Italy and Taiwan. Computers in thousands of locations have apparently been locked by a program that demands $300 in Bitcoin.”

CNET reported, “The ransomware attack that hit 16 National Health Service (NHS) hospitals in the U.K. and also hit up to 52,000 devices across other countries using an exploit called the WanaCrypt0r 2.0 ransomware. The majority of the new malware was targeting Russia, Ukraine and Taiwan, Avast Threat Lab team lead Jakub Kroustek said.”

WanaCryptor 2.0 Attack’s Impact on UK Hospitals

Multiple hospitals in the NHS pushed information via social media to the local population to contact their hospitals before traveling to determine if those hospitals were open for operations. The NHS is the government-run, major medical system in the U.K., so hackers have only one system to breach and install ransomware.

The advantage to the American healthcare system is that we have multiple hospital systems. While there have been major hacks against a few major U.S. hospitals and insurance companies, it is more difficult to penetrate all of these unconnected systems.

If the U.S. healthcare system were to migrate to a single health system like the NHS, the security of our healthcare system would require more safeguards. But these multiple healthcare systems provide some additional security for patient data; the competition provides some additional security.

Ransomware Could Escalate into Strategic Attacks on the US

It is possible that the use of ransomware could escalate and ransomware could be used for strategic attacks against the United States. Imagine the potential of ransomware that attacks an entire sector of a country, such as healthcare and hospitals.

For example, what if there was a ransomware attack that affected both a hospital’s computer system and its interconnected phone system? In the U.K., you must contact the hospital before bringing in a patient for treatment. Patient care would be unnecessarily delayed as the problems with that hospital’s computers and phone system were solved.

Although a hospital’s managers could theoretically shut down uninfected computer and phone systems to prevent ransomware infections, that security measure would be self-defeating and would replicate the impact of a ransomware attack. Without access to phones or health records, hospital employees would have difficulty doing their jobs properly.

Ransomware Attacks Could Impact Strategic Actions and Confidence in Government

Taking major hospital systems offline and causing hospitals to tell their patients not to go to specific hospitals causes a public lack of confidence in government systems. Patients become worried and uneasy when they are told that their health data records are unavailable and “the hospital is not in control of your personal health records at this time.”

In Latin American insurgencies in the 1980s, the goal of insurgents was to destabilize countries and make the population unsure that the government can protect them. The same type of impact could happen with a strategic cyberattack or strategic ransomware.

Potential Solution to the WanaCrypt0r 2.0 Ransomware Attack

Microsoft released a patch in March for the vulnerability that the WanaCrypt0r 2.0 ransomware exploits. Unfortunately, many computer systems have not been updated. This lack of action could leave a legal avenue for customers to sue for damages caused by the company’s negligence in performing software updates.

Long-Term Impact of WanaCryptor 2.0 Ransomware Attack

The WanaCrypt0r 2.0 ransomware attack that impacted so many countries could end in a multitude of ways. As the attack is investigated, we may see that the attack was caused by criminals trying to make money. But if the attack involved a nation-state intent on destroying other countries’ computer systems and holding systems for ransom, this situation could become more serious and potentially lead to war.

The news that some of the ransomware demands payments in small sums of $300 to $600 to restore access indicates this attack is a criminal matter. The scope and impact of the WanaCrypt0r 2.0 attack is wide.

But the WanaCrypt0r 2.0 ransomware attack may have one positive outcome. With the number of countries involved in this latest ransomware attack, there may be an increase of cooperation between law enforcement agencies across the world on cyber crimes.

About the Author

James R. Lint recently retired as the (GG-15) civilian director for intelligence and security, G2, U.S. Army Communications Electronics Command. He is an adjunct professor at AMU. James has been involved in cyberespionage events from just after the turn of the century in Korea supporting 1st Signal Brigade to the DHS Office of Intelligence and Analysis as the first government cyber intelligence analyst. He has 38 years of experience in military intelligence with the U.S. Marine Corps, U.S. Army, government contracting and civil service.

Additionally, James started the Lint Center for National Security Studies, a nonprofit charity that recently awarded its 45th scholarship for national security students and professionals. James was also elected as the 2015 national vice president for the Military Intelligence Corps Association. He has also served in the Department of Energy’s S&S Security Office after his active military career in the Marine Corps for seven years and 14 years in the Army. His military assignments include South Korea, Germany and Cuba, in addition to numerous CONUS locations. In 2017, he was appointed to the position of Adjutant for The American Legion, China Post 1. James has authored a book published in 2013, “Leadership and Management Lessons Learned,” a book published in 2016 “8 Eyes on Korea, A Travel Perspective of Seoul, Korea,” and a new book in 2017 Secrets to Getting a Federal Government Job.

Cyber Warfare: Could It Be in Our Future?

Published with Permission by:
Lint, James R., “Cyber Warfare: Could It Be in Our Future?”, In Cyber Defense, 20 Apr. 2017, Web, http://incyberdefense.com/james-lint/cyber-warfare-future/

By James Lint
Faculty Member, School of Business, American Military University
Senior Editor for
 In Cyber Defense and Contributor, In Homeland Security

Last week, the Army published a new and unclassified document, Army Field Manual 3-12Cyberspace and Electronic Warfare Operations. However, it appears that U.S. cyber superiority is not as dominant as we believe.

The foreword of FM 3-12 says that in the past decade, “U.S. forces dominated cyberspace and the electromagnetic spectrum (EMS) in Afghanistan and Iraq against enemies and adversaries lacking the technical capabilities to challenge our superiority in cyberspace.” Unfortunately, this manual also gives bad news, stating “However, regional peers have since demonstrated impressive capabilities in a hybrid operational environment that threaten the Army’s dominance in cyberspace and the EMS.”

What is the significance of this statement? It means that not just the leading powers of Russia and China can impact our dominance of cyberspace, but smaller countries such as North Korea, Iran or similar economically inferior countries have the opportunity for cyber warfare as well.

Cyber Warfare Today Is Cheaper for Smaller Countries

The world has changed and many countries are investing in the brainpower needed for the relatively cheap weaponry of cyber. For example, the M1 Main Battle Tank per unit cost was $6.21 million in 1999. Now, the price of 10 cyber warriors (formally called geeks two decades ago) is much more cost-effective.

Cyber warfare can cause damage to defense and civilian infrastructures. Countries with smaller budget can now have field forces that can hurt the U.S. population and slow military deployments.

In the past, cyber warriors would have been a source of comedy, but not today. While M1 tank operators are well known for their swagger, now it’s the hackers who can do major operational or strategic damage while the tank operators can only influence a tactical battlefield.

Examples of Strategic Hacking

Ukraine has been the target of two large power disruptions in 2015 and 2016, which impacted a total of 100,000 to 225,000 people. The 2015 attack alone affected 225,000 people; a pro-Russian group called Sandworm was the suspected attacker. These hackers denied people heat during a cold Ukrainian winter.

The Sony Corporation hack in 2014 cost Sony $35 million in information technology repairs. If this attack had occurred in a government or military organization, the cost would be equally high. Imagine an attack on government or military research and development site. The price could easily climb to the cost of the Sony hack and could influence future national security and combat superiority at the same time. An attack on government organizations isn’t only expensive; it can have a huge effect on a country’s future.

US Readying Its Ability to Fight Cyber Wars

U.S. cyber leaders and the U.S. uniformed forces’ cyber commands are growing their cyber-fighting capabilities. With the publication of this new cyber field manual, the U.S. military has clearly recognized that cyber is a warfighting domain.

About the Author

James R. Lint recently retired as the (GG-15) civilian director for intelligence and security, G2, U.S. Army Communications Electronics Command. He is an adjunct professor at AMU. James has been involved in cyberespionage events from just after the turn of the century in Korea supporting 1st Signal Brigade to the DHS Office of Intelligence and Analysis as the first government cyber intelligence analyst. He has 38 years of experience in military intelligence with the U.S. Marine Corps, U.S. Army, government contracting and civil service.

Additionally, James started the Lint Center for National Security Studies, a nonprofit charity that recently awarded its 45th scholarship for national security students and professionals. James was also elected as the 2015 national vice president for the Military Intelligence Corps Association. He has also served in the Department of Energy’s S&S Security Office after his active military career in the Marine Corps for seven years and 14 years in the Army. His military assignments include South Korea, Germany and Cuba, in addition to numerous CONUS locations. James has authored a book published in 2013, “Leadership and Management Lessons Learned,” a book published in 2016 “8 Eyes on Korea, A Travel Perspective of Seoul, Korea,” and a new book in 2017, Secrets to Getting a Federal Government Job.”

Ransomware Could Escalate into Strategic Attacks on the US

Published with Permission by:
Lint, James R., “Ransomware Could Escalate into Strategic Attacks on the US”, In Cyber Defense, 10 Apr. 2017, Web, http://incyberdefense.com/news/ransomware-escalate-strategic-attacks-us/

By James Lint
Faculty Member, School of Business, American Military University
Senior Editor for
 In Cyber Defense and Contributor, In Homeland Security

After writing a series of articles on ransomware, I started thinking about how ransomware could be used in a strategic attack nationwide, rather than the attacks we’ve seen so far on business and personal computers. While a hospital’s $17,000 payout to ransomware thieves is considered big news, the consequences of a national ransomware attack on U.S. computers would be even more devastating.

Taking the tactical attack to the next logical level means a strategic attack that is bigger in impact and payout. Remember, the 9/11 Commission Final Report stated that the “most important failure” leading to the attacks was “one of imagination.” It concluded, “We do not believe leaders understood the gravity of the threat.”

Former New Jersey Governor Tom Kean, the chairman of the 9/11 Commission, said: “[The attackers] penetrated the defenses of the most powerful nation in the world. They inflicted unbearable trauma on our people, and at the same time, they turned the international order upside down.”

Are we again failing to use our imagination? What would be the worst scenario involving ransomware, a relatively new and growing hackers’ tool in 2016-17? This type of thinking sounds like a depressing way to make a living, but that is what our nation’s intelligence analysts must think about and anticipate. Thinking in the same way as an enemy requires special training, and that training must continually improve.

What If Hackers Were Able to Control a Vital US Installation?

Joseph Marks, writing in NextGov, discussed the potential of hackers holding government infrastructure hostage. “If hackers were able to seize the controls of a critical infrastructure asset such as a dam or airport where they could cause major property destruction and loss of life, the ransom demand could be huge, [McAfee Chief Technology Officer Steve] Grobman said, and there’s a good chance the asset owner or the government would have to pay up.”

What would happen if the attack came from someone other than a conventional criminal hacker? Suppose the attacker was a nation-state or terrorist group that took control of a major dam and demanded that the U.S. government pay a ransom to prevent an area or town from being flooded? What if a small country wanted money to turn the electricity back on in New York City after an outage caused by ransomware?

In March 2016, Bloomberg Technology reported, “Hackers linked to the Iranian government launched cyber-attacks on some four dozen U.S. financial institutions and a flood-control dam north of New York City in forays meant to undermine U.S. markets and national security, according to federal prosecutors.”

Beginning in 2011, Iran-based hackers targeted the New York stock exchange, NASDAQ, Bank of America Corp., JPMorgan Chase & Co. and AT&T Inc. “One of them gained unauthorized remote access to a computer controlling the Bowman Avenue Dam in Rye, New York, for about three weeks beginning in 2013, according to the indictment,” the article reported.

The hackers were thought to be working for the Tehran government and the Islamic Revolutionary Guard Corps, a well-disciplined military organization. Following the indictments, the United States placed sanctions on Iran.

Now Is the Time to Prepare for a Strategic Ransomware Attack

Hackers have been indicted in China and sanctions have been levied against North Korea for hacking. A number of countries have already studied our networks. Most of the focus has been on the tactical ransomware on businesses and people. It does not take a lot of imagination to see the potential impact of a strategic attack on our nation’s infrastructure.

The impact of a strategic attack is huge. Now is the time to prepare for a ransomware attack from a wily enemy, its aftermath and crisis management. Let’s not be guilty of another “failure of imagination.”

About the Author

James R. Lint recently retired as the (GG-15) civilian director for intelligence and security, G2, U.S. Army Communications Electronics Command. He is an adjunct professor at AMU. James has been involved in cyberespionage events from just after the turn of the century in Korea supporting 1st Signal Brigade to the DHS Office of Intelligence and Analysis as the first government cyber intelligence analyst. He has 38 years of experience in military intelligence with the U.S. Marine Corps, U.S. Army, government contracting and civil service.

Additionally, James started the Lint Center for National Security Studies, a nonprofit charity that recently awarded its 45th scholarship for national security students and professionals. James was also elected as the 2015 national vice president for the Military Intelligence Corps Association. He has also served in the Department of Energy’s S&S Security Office after his active military career in the Marine Corps for seven years and 14 years in the Army. His military assignments include South Korea, Germany and Cuba, in addition to numerous CONUS locations. James has authored a book published in 2013, “Leadership and Management Lessons Learned,” a book published in 2016 “8 Eyes on Korea, A Travel Perspective of Seoul, Korea,” and a new book in 2017 Secrets to Getting a Federal Government Job.”

Handling An Ransomware Attack When It Happens

Published with Permission by:
Lint, James R. & Kim, Dr. Yoohwan, “Handling An Ransomware Attack When It Happens”, In Cyber Defense, 05 Apr. 2017, Web, http://incyberdefense.com/james-lint/handling-ransomware-attack-happens/

By James Lint
Faculty Member, School of Business, American Military University
Senior Editor for
 In Cyber Defense and Contributor, In Homeland Security                

Co-Authored by Yoohwan Kim, Ph.D. 
CISSP, CISA, CEH, CPT Associate Professor Computer Science Department University of Nevada Las Vegas

This is the fifth article in a series on ransomware. 

When you have a ransomware attack on your computer system, your first reaction will be: Can the attack be stopped? Although you want to scream, “Do something!,” this is only effective if you have a business with an IT team that has kept up with ever-changing developments in the ransomware industry and can properly manage the ransomware attack. In some businesses, this type of data loss also destroys their intellectual property and reputation.

You can also ask your employees if they made backup copies of your business data. If they did, then you have an advantage against the attacker. A backup system is also useful in recovering data, even though you might not initially want the extra cost.

If you do not have the luxury of your own IT team and there are no backups of your data, then you have a decision to make: Pay the ransom or lose your files permanently.

After an attack is initiated, it takes some time for the ransomware to encrypt all of your files. By the time the ransom notice pops up on your computer or in your system, it is too late to thwart the attack.

Still, all may not be lost, especially if you do not wait to be attacked.

Mitigating Damage from a Ransomware Attack

There are several actions you can take to handle a ransomware attack. These steps will help you to detect when ransomware first infects your computer and to minimize the damage ransomware causes.

Discovery Tactics

  • Call in a ransomware expert to find a list of previously known ransomware programs and the types of telltale files associated with those ransomware programs. The expert can search for these files in your computer and eliminate them. This technique may work for older, more established ransomware programs. However, note that this search is only good until one of your employees clicks on a link in a ransomware email later.
  • Have the expert scan your system to find other telltale ransomware files that don’t normally belong in your computer system. For example, “ransom.exe” could be an example of a ransomware file.
  • Keep large junk files such as a large, picture-loaded PowerPoint in the C:\ directory and open it often to see if the images are still present. In some ransomware programs, the images will be gone after the PowerPoint has been encrypted and you can more quickly detect when your computer is under attack.

Delay and Recovery Tactics

  • If you accidentally clicked on a link that downloaded ransomware to your computer and it appears your machine is starting the encryption process for ransomware, try to change the file extensions of your computer files so that they won’t attract the ransomware. For example, a .pdf file extension could be changed to .myp to hide the file from a ransomware search and encryption. Some system owners can also write an emergency script, but this type of script needs to be prepared in advance.
  • You can also try using a ransomware recovery tool. However, the tool may or may not be effective depending on the age of the ransomware program that infects your computer.
  • Try to delay the attack, which can take up to 12 hours to fully encrypt and lock up a large computer system. Ransomware scans files from your C:\ drive, and it encrypts files in alphanumeric order. Large junk files in your C:\ directory will help slow down the attack on good, useful files and give yourself more time to cope with the situation.

It is important to remain calm, even though it is not easy to stay calm during an attack. When an attack happens, you may not be able to shut down your computer through the Ctrl-Alt-Delete keys or by accessing the control panel, so it is easy to become frustrated.

Also, remember that it is important to keep up with ransomware’s evolution. Ransomware code writers are smart people who change their ransomware programs to negate techniques to slow them down.

Other Ways to Prevent and Recover from Ransomware Attacks

The simplest prevention method is to back up your files before you have any problems. If your backups are done correctly, you can return to normal operations with 95% or more of your files. The best technique is to back up multiple versions of your files over time, so you can recover files not affected by malware or ransomware.

External hard drives are also vulnerable to ransomware attack. So if you have an external hard drive, only connect it to your computer when you’re backing up your files. By keeping your external hard drive disconnected from your computer whenever possible, you prevent the ransomware from jumping into your hard drive.

If you have multiple drives with multiple versions of your files, then you may be able to go to another backup system to restore your files. Ideally, your backup system should be off-site in case of fire, which could destroy your computer and backup files.

DVD-ROMs can also be used for backing up your files. Although DVD backups require more disks due to larger hard drives, they do offer reliable storage that can’t be affected by ransomware because users normally take a DVD out of the computer after use. Additionally, DVDs are easy to move to another site for storage. Some businesses and professionals such as attorneys even keep them in a bank safe deposit box.

Network automated storage is another backup plan that must be set up by an IT professional. However, it is a business cost that must be maintained.

Cloud storage services are an option, depending on the storage service’s version capability. If a cloud provider only offers the ability to store one version of your files, there is a possibility that the ransomware will jump into the files on your cloud’s server.

Larger cloud storage companies, such as Google Drive, Dropbox, Amazon, Backblaze and CrashPlan, keep multiple versions of your files. The file history is usually available as well.

One exception is Microsoft OneDrive, which does not currently allow you to have a file history and is therefore not good for countering ransomware. (Note: OneDrive for Business does have a file history system for recovering older versions of files.)

Prevent Ransomware from Ruining Your Day

When ransomware attacks your computer or your system, it’s going to be a bad day. How bad that day is depends on how well you’ve backed up your files beforehand and whether or not those files are securely stored off-site.

Backing up your files is good insurance against ransomware and also helpful if your office is affected by fire or flooding. While it costs money, time and effort to back up your files and maintain your security, the extra security leaves you with greater peace of mind.

Stay secure!

[Related articles: Ransomware Targets Continue to Pay Hackers

Ransomware: Its History and Evolution

Ransomware Is Everywhere, So Protect All of Your Electronic Devices

Ransomware: Its Aftermath and Payment Process]

About the Authors

James R. Lint recently retired as the (GG-15) civilian director for intelligence and security, G2, U.S. Army Communications Electronics Command. He is an adjunct professor at AMU. James has been involved in cyberespionage events from just after the turn of the century in Korea supporting 1st Signal Brigade to the DHS Office of Intelligence and Analysis as the first government cyber intelligence analyst. He has 38 years of experience in military intelligence with the U.S. Marine Corps, U.S. Army, government contracting and civil service.

Additionally, James started the Lint Center for National Security Studies, a nonprofit charity that recently awarded its 45th scholarship for national security students and professionals. James was also elected as the 2015 national vice president for the Military Intelligence Corps Association. He has also served in the Department of Energy’s S&S Security Office after his active military career in the Marine Corps for seven years and 14 years in the Army. His military assignments include South Korea, Germany and Cuba, in addition to numerous CONUS locations. James has authored a book published in 2013, “Leadership and Management Lessons Learned,” a book published in 2016 “8 Eyes on Korea, A Travel Perspective of Seoul, Korea,” and a new book in 2017, Secrets to Getting a Federal Government Job.”

Dr. Yoohwan Kim is an Associate Professor in the Department of Computer Science at the University of Nevada Las Vegas (UNLV). He received his Ph.D. degree from Case Western Reserve University in 2003 in the area of network security (DDoS attack mitigation). His research expertise includes secure network protocols, unmanned aircraft systems (UAS) communications and cyber-physical system (CPS) security. He has published over 90 papers in peer-reviewed journals and conferences, and has six patents granted or pending. His research has been sponsored by Microsoft Research, the U.S. Air Force, Naval Air Warfare Center, Oak Ridge National Laboratory, National Security Technologies and the National Science Foundation. Before joining UNLV, he had broad experience in the IT industry as a management information system consultant at Andersen Consulting (now Accenture), a database programmer at Cleveland Clinic Foundation, a software engineer at Lucent Technologies and his own start-up company. 

Ransomware: Its Aftermath and Payment Process

Published with Permission by:
Lint, James R. & Kim, Dr. Yoohwan, “Ransomware: Its Aftermath and Payment Process”, In Cyber Defense, 31 Mar. 2017, Web, http://incyberdefense.com/james-lint/ransomware-aftermath-payment-process/

By James Lint
Faculty Member, School of Business, American Military University
Senior Editor for
 In Cyber Defense and Contributor, In Homeland Security

Co-Authored by Yoohwan Kim, Ph.D. 
CISSP, CISA, CEH, CPT Associate Professor Computer Science Department University of Nevada Las Vegas

This is the fourth article in a series on ransomware. 

After a ransomware attack, you must assess the damage to your system. You also need to explore payment methods.

If your antivirus software has stopped working or has been deleted by the attacker, it is too late to protect your computer system. Often, a hacker is quick to take control of your antivirus protection in hopes of using your computer as a spam bot or to spread viruses to new victims. Both of these actions may add to the income of hostile actors, but they may also use your machine or contact list to spread ransomware.

Operating System Programs Often Stop Working after Ransomware Attack

When a computer has been taken over by ransomware, some operating system programs often become inoperable. The Ctrl-Alt-Delete keyboard sequence for rebooting your computer will not work, which prevents you from bypassing the ransomware.

In addition, you may not even be able to access your computer’s control panel. There are many different types of ransomware, but these examples are some of the activities you will lose when a hacker takes control of your computer system.

The machine will no longer allow you to boot up from safe mode to degrade the ransomware or to bring in tools to negate the ransomware’s effects.

Ransomware blocks operating system updates. As a result, a software manufacturer cannot install updates with improvements to render the ransomware ineffective.

Ransomware also removes Windows rollback points, preventing you from resetting the computer to a time before the ransomware attack.

How Victims Pay Ransomware Attackers

Ransomware attackers are commonly paid through digital cryptocurrencies; Bitcoin is the best-known and most widely used method for a ransom payment. The system is allegedly secure without an intermediary.

Hackers favor Bitcoin because its payments are believed to be hidden from police or Treasury officials. This is how Bitcoin became so popular in the ransomware community.

Alternative Payment Venues

Ransomware attackers have also tried to get funds via Amazon gift cards, Apple iTunes gift cards and many other cards. But most hostile actors return to Bitcoin because criminals find it reliable and secure.

A few ransomware operations require a SMS (text) or a call to a premium mobile phone number. This could quickly result in a phone bill of $200 to $1,000. Some of those incoming phone numbers are then sold to phone scammers.

Ransomware Attacks Cause Time-Consuming Disruptions that Victims Want to Quickly Stop

Hostile actors depend on creating havoc. When your computer gets hit by ransomware, your day and schedule are destroyed. You quickly learn how much of your computer system you no longer control.

A ransomware attack can affect a system as large as a hospital, which might pay as much as $17,000 to unlock the system. It can also affect a single computer whose owner gets a bill for $50. Even police stations have been among ransomware’s victims.

The ransomware attackers normally set a ransom price that is cheaper and easier than hiring computer security experts to fight the ransomware. The cost benefit analysis for businesses often relies on paying the ransom promptly and getting back into operation.

Time is money, and cyber hostile actors understand this principle. It is no wonder that most targets have chosen to pay a ransom to regain control of their systems.

[Related articles: Ransomware Targets Continue to Pay Hackers, Ransomware: Its History and Evolution, and Ransomware Is Everywhere, So Protect All of Your Electronic Devices]

About the Authors

James R. Lint recently retired as the (GG-15) civilian director for intelligence and security, G2, U.S. Army Communications Electronics Command. He is an adjunct professor at AMU. James has been involved in cyberespionage events from just after the turn of the century in Korea supporting 1st Signal Brigade to the DHS Office of Intelligence and Analysis as the first government cyber intelligence analyst. He has 38 years of experience in military intelligence with the U.S. Marine Corps, U.S. Army, government contracting and civil service.

Additionally, James started the Lint Center for National Security Studies, a nonprofit charity that recently awarded its 45th scholarship for national security students and professionals. James was also elected as the 2015 national vice president for the Military Intelligence Corps Association. He has also served in the Department of Energy’s S&S Security Office after his active military career in the Marine Corps for seven years and 14 years in the Army. His military assignments include South Korea, Germany and Cuba, in addition to numerous CONUS locations. James has authored a book published in 2013, “Leadership and Management Lessons Learned,” a book published in 2016 “8 Eyes on Korea, A Travel Perspective of Seoul, Korea,” and a new book in 2017, Secrets to Getting a Federal Government Job.”

Dr. Yoohwan Kim is an Associate Professor in the Department of Computer Science at the University of Nevada Las Vegas (UNLV). He received his Ph.D. degree from Case Western Reserve University in 2003 in the area of network security (DDoS attack mitigation). His research expertise includes secure network protocols, unmanned aircraft systems (UAS) communications and cyber-physical system (CPS) security. He has published over 90 papers in peer-reviewed journals and conferences, and has six patents granted or pending. His research has been sponsored by Microsoft Research, the U.S. Air Force, Naval Air Warfare Center, Oak Ridge National Laboratory, National Security Technologies and the National Science Foundation. Before joining UNLV, he had broad experience in the IT industry as a management information system consultant at Andersen Consulting (now Accenture), a database programmer at Cleveland Clinic Foundation, a software engineer at Lucent Technologies and his own start-up company.