July 16, 2020

Several Prominent Twitter Accounts Hijacked in Crypto Scam

Bank Info Security, July 16, 2020
Kelvin Coleman, executive director at National Cybersecurity Alliance, also believes the security breach points to a Twitter employee whose credentials may have been compromised. "While it's unclear what the source of the ongoing Twitter crypto scam attack is - the size and scale of an operation like this seem to potentially point to an employee's compromised credentials - it's very likely due to something as simple as falling victim to a phishing attack," Coleman says. "This then allowed a single bad actor or group broad access into these accounts from the inside."

July 16, 2020

Biden’s, Apple’s Twitter hacked in cryptocurrency scam

SC Magazine, July 16, 2020
Kelvin Coleman, Executive Director of the National Cyber Security Alliance (NCSA) agreed, said that “while it’s unclear what the source of the ongoing Twitter crypto scam attack is – the size and scale of an operation like this seems to potentially point to an employee’s compromised credentials – very likely due to something as simple as falling victim to a phishing attack – that then allowed a single bad actor or group broad access into these accounts from the inside.”

July 16, 2020

Twitter Confirms it was Hacked in an Unprecedented Cryptocurrency Scam

Threat Post, July 16, 2020
Kelvin Coleman, executive director at National Cybersecurity Alliance, said on Wednesday the size and scope of the account takeovers suggested the account takeovers were tied to an employee’s compromised credentials. He said the attack was “very likely due to something as simple as [an Twitter employee] falling victim to a phishing attack — that then allowed a single bad actor or group broad access into these accounts from the inside. Other platforms should take this as a significant learning experience to ensure a breach to this magnitude doesn’t occur again.”

July 16, 2020

Contact tracing apps need to establish trust to be effective

SD Times, July 13, 2020
Even during normal times these things tend to not be top of mind, Kelvin Coleman, executive director of the National Cyber Security Alliance, explained. “So you can imagine as you rush to create some of these things, security, privacy protocol, probably are still not at the very top of the list,” said Coleman. He explained that it’s a bit of a double-edged sword. There is a case for getting these apps out into the public as soon as possible to help deal with the current situation and prevent as many deaths as possible. “You want to contain it and make sure that people have an opportunity to know that they’re in the vicinity or have been in the vicinity of someone who’s had the virus, and so there is a rush to get it out there,” said Coleman. “But we have to make sure that security and privacy protocols are thought of not second, third on the priority list. It needs to be at the top.”

July 16, 2020

Tech Startups Hemorrhaging Jobs During Pandemic

Channel Futures, July 6, 2020
Daniel Eliot is the NCSA’s director of education and strategic initiatives. He said the pandemic has created an ideal scenario for cybercriminals.“Mass unemployment, combined with hiring freezes, and the fact that a majority of people are spending their time in lockdown on the internet, has created an environment ripe for criminals to take advantage of people who are online and eager to get back into the workforce,” he said. “In these moments of desperation, they are more likely to fall victim to a criminal’s enticing offer. It really comes down to being hypervigilant and doing your research on the opportunity before submitting any information.”

July 16, 2020

Early Covid-19 tracking apps easy prey for hackers, and it might get worse before it gets better

Politico, July 6, 2020
“There’s no denying that contact tracing is integral to tracking and, ultimately stopping, the spread of Covid-19,” said Kelvin Coleman, executive director of the National Cyber Security Alliance, a public-private partnership that works with the Department of Homeland Security. “While the apps are designed to help scale human efforts to do so, they’re also a double-edged sword when seen through a lens of individual privacy and security.”

July 16, 2020

Be prepared: Why you need an incident response policy

TechRepublic, July 1, 2020
Establishing a clear communication strategy is a must for any incident response policy. Daniel Eliot, director of education and strategic initiatives at the National Cyber Security Alliance (NCSA), said clear and comprehensive communication should be a top priority during all security breaches. "Without a clearly articulated chain of command and both an internal and external communications strategy that brings all the right people to the table, the quality of the response gets diminished," he said.