On Nov. 10, Fordham and the FBI co-sponsored a special webinar, “Out of the Shadows: Shining a Light on the Next Cyber Threats,” featuring three experts who spoke about recent threats and how ordinary citizens can protect themselves.
“Today as we seek to better conceptualize the threats and adversaries that face us all, none seems to be more global, threatening, and in need of attention than today’s cyber environment,” said the event moderator, Karen J. Greenberg, director of the Center on National Security at the School of Law. “Cyber vulnerabilities stand to affect governments, the private sector, institutions, organizations, and individuals—in a nutshell, all of us.”
The three panelists are leading experts who have dealt with recent hacks. Cristin Flynn Goodwin is the associate general counsel of Microsoft’s digital security unit, where she counters nation-state actors and advanced attacks worldwide. Nowell Agent is a supervisory special agent for the FBI who was instrumental in identifying the Hafnium hack that affected thousands of organizations across the world. Adam R. James is a special agent for the FBI who led the investigation on APT40, a Chinese hacking group that has targeted governmental organizations, companies, and universities.
The panel began with an overview of the current cyber environment. This year, nation-states like China and Russia have been primarily searching for information, said Goodwin.
“We saw China very active in trying to gain information about the incoming administration. We saw Russia looking for shifts in U.S. policy relative to sanctions, defense, and NATO,” Goodwin said, adding that members from both nation-states were successful in gaining intel more than 40% of the time.
One successful cyberattack was the SolarWinds hack, where a group of Russian hackers infiltrated a routine software update from a Texas-based company and gained access to about 18,000 machines. The hackers wanted to know what security teams know about Russian attackers so that they can evade detection, Goodwin said.
She compared the SolarWinds hack to a scene in the movie Mission: Impossible, where Tom Cruise sneaks through the ceiling with wires and cables. But hacks aren’t usually that dramatic, she said. In most cases, a hacker is like a person walking down the street, trying the door knob to each house until they find an unlocked door, she explained. In other words, they try to break into multiple accounts until they find one with an easy password.
“You don’t need Tom Cruise when you’ve left your windows and doors open. And so from a [big company’s]perspective, you have to be ready for the ‘Tom Cruise,’ for the most sensitive of situations. But most of the time, this is diet and exercise. This is really being cyber healthy to make it harder for them to have to work—to call out the A-team, Mission: Impossible, to come in and compromise your environment,” Goodwin said.
This is important because the biggest risk in cybersecurity is literally us—the everyday computer user, said Agent.
“Business email compromise is still the largest loss leader for cybercrime in America,” Agent said. “Most, almost all of that comes from a spear phishing email to an institution.”
Agent urged people to implement multi-factor authentication across all accounts and to ensure that their employees understand how to use it. He recalled someone who once received a text message on their phone and clicked on it, nearly leading to a $40 million loss for that person’s company.
“They didn’t even know what it meant. They thought their administrative assistant was trying to gain access to their account,” Agent said. “They clicked yes, and that gave the actor access to it.”
Special Agent James said that small businesses can better enhance their cybersecurity by reading annual reports like the Microsoft Digital Defense Report—a comprehensive resource from Microsoft security experts that describes the threat environment and how to counter cyber threats—and properly training their employees on how to recognize and avoid cyberattacks.
“You generally have a good information security staff that understands the threats. But like Nowell had pointed out, issues caused by the users are where most of the attacks originate. So pushing down that information in a digestible way to the people that actually may be impacted is what’s really important,” James said.
This special webinar is part of the International Conference on Cyber Security (ICCS), which has become one of the top international events on cybersecurity over the past decade. The 2021 conference was postponed due to the pandemic. The next one is scheduled for July 18 to 21, 2022, in-person.