John Pescatore - SANS Director of Emerging Security Trends
This week’s Drilldown focuses on two items (included below) from NewsBites Issue 40 and Issue 41. The first item covers an online cybersecurity school for teenagers; it is based on a platform and content that SANS has been developing for several years. Cyber Discovery is a gaming-based approach to teaching cybersecurity concepts and details. It is now available in the U.K. for free and in the U.S. for $100 per student.
This approach has proven to be a great way to get kids with the needed kind of analytic skills interested in cybersecurity. A quote by Christopher Boddy, 17-year-old alumnus of Cyber Discovery, captures what is so cool about this initiative: “I was always interested in computers and coding, but not specifically cybersecurity,” he said. “Now I’m taking it seriously. I’ve noticed jobs in the area pay quite well; it’s not a main reason why I’d go into the field, but I certainly see that as a bonus.”
The second item details features that Google is testing in the Chrome browser to block ads that consume too many computer resources. This can be effective in eliminating ads as conduits for denial of service or cryptocurrency mining scams. Chrome has the largest browser share, but it is common to see three browsers in use on PCs and Macs, with each browser delivering different types of content control and risk reduction. The common denominator that all attacks traverse is the internet service provider (ISP), and ISPs continue to routinely transport obviously malicious traffic from attacker to victim. Enterprises should pressure ISPs at contract renewal time to begin filtering known malware and/or spoofed traffic before it reaches the browser.
UK and US Virtual Cyber Schools Open This Month
(May 20, 2020)
Students ages 13-18 in the U.K. and the U.S. have the opportunity to take part in a virtual cyber school that offers more than 200 cybersecurity challenges. The program is government sponsored: free for U.K. residents; U.S. students can participate for $100 a year. No background in computers is expected or needed. One student’s observation: “The most fun I’ve ever had learning, and I had no idea I could be so good at computer science.”
[Pescatore] Great opportunity to take advantage of current crazy times and get your kids, or your companies’ employees’ kids, into the cybersecurity skills pipeline. The gaming aspect is very cool. Much like in the makers movement, the fact that the technology is really a tool versus the entire focus is what attracts and holds types of kids who previously had no interest in computers or networks for technology’s sake.
[Neely] My 13-year-old-self would love this type of opportunity. My present-day-self is thinking of all the friends and family who ask how their kids can get started in cyber security and sending this to them. If they object to the cost, I’ll suggest they also look to the SANS Holiday Hack Challenge website for some fun challenges, reminding them that the past solutions are published if they want a hint.
Read more in:
CNN: Virtual cybersecurity school teaches kids to fix security flaws and hunt down hackers
Gov.uk: New virtual cyber school gives teens chance to try out as cyber security agents from home
U.K. Cyber School: Cyber Discovery Virtual Cyber School
U.S. Sign-ups: https://cyberstart.com
Chrome Is Testing a Feature That Will Stop Ads from Consuming Too Many Resources
(May 14, 2020)
Chrome is testing a feature that will block ads that consume large quantities of computer resources. In the Chromium blog, Chrome Product Manager Marshall Vale writes, “A fraction of a percent of ads consume a disproportionate share of device resources, such as battery and network data, without the user knowing about it.” The feature “will limit the resources a display ad can use before the user interacts with the ad” and display an error message when the ad reaches the consumption limit. The feature is expected to be introduced on the stable version of Chrome toward the end of August.
[Neely] You can enable this feature today with chrome://flags/#enable-heavy-ad-intervention. This approach uses resource consumption, as opposed to Firefox's anti-cryptomining prevention (which relies on blocking known bad domains). Either approach should help to keep browser resource use in check.
[Pescatore] In the recent SANS webinar “Making and Keeping Work at Home Operations Safe and Productive,” Virginia Tech University CISO and SANS Senior Instructor Randy Marchany commented that the dependence on the internet during the pandemic has shown that, in many ways, internet access has become as important as utilities such as water, electricity, etc. Browser vendors are building security and viewing controls into browsers for advertising-laden services, while ISPs that charge for access are doing very little about equal access to and secure delivery of digital services needed by school children, small businesses and so on.
Read more in:
Chromium: Protecting against resource-heavy ads in Chrome
Ars Technica: Chrome will soon block resource-draining ads. Here's how to turn it on now