NJCCIC’s ‘Alice in Cyberspace’ Conference Nurtures Women’s Interest, Representation in Cybersecurity; NJCCIC Warns SMTP Smuggling Could Allow Spoofed Emails; US Officials Warn of Possible Hizballah Attack on American Soil

The New Jersey Cybersecurity and Communications Integration Cell, a division of the New Jersey Office of Homeland Security and Preparedness, held its third “Alice in Cyberspace” conference Jan. 12 to enhance women’s interest in cybersecurity while increasing participation in a field where females have historically been under-represented. More than 300 women attended the free, six-hour conference at Kean University. “Studies indicate that women make up less than a quarter of the global cybersecurity workforce,” said NJOHSP Director Laurie Doran. “While cybersecurity capabilities and awareness improve daily, the threat and sophistication of cyberattacks are keeping pace. Diversity and women’s unique perspectives are advantageous to any career field, but especially in the cybersecurity realm.” Adding to the networking element of the event, conference attendees partook in an on-site career fair where representatives from both public- and private-sector organizations provided cybersecurity career guidance, industry insights, education and potential job opportunities.

Conference speakers included:

• Cybersecurity & Infrastructure Security Agency Senior Policy Manager Lauren Zabierek
• Hetherington Group President Cynthia Hetherington
• Cloud Security Alliance Board member Alexandra Tarabour
• CrowdStrike Solutions Engineer Nina Padavil
• Kean University Director of the Center for Cybersecurity Stanley J. Mierzwa
• SpaceX Security Engineer Swathi Parthiba
• NJCCIC Director Michael Geraghty
• NJCCIC subject matter experts

Researchers have determined that sending spoofed emails while still passing sender policy framework alignment checks is possible by exploiting interpretation differences using a technique called Simple Mail Transport Protocol smuggling. The researchers found potential cases for both inbound and outbound mail servers. This technique exists due to the different interpretations of where a message’s data ends, potentially allowing a threat actor to include other text or commands below what the server considers the message data, which may facilitate email sender spoofing to convince the email recipient that a trusted entity sent the message. The New Jersey Cybersecurity and Communications Integration Cell recommends users exercise caution with all emails received, even when they pass security checks such as SPF alignment. The NJCCIC also encourages users to review the SEC-Consult blog post for additional details on SMTP smuggling. For more information, visit the NJCCIC website.

U.S. intelligence officials cautioned the public Jan. 10 that there may be an increased risk of Lebanese Hizballah militants attacking Americans in the Middle East and potentially in the U.S., as tensions escalate due to the terrorist group’s recent assault on Israel. The Iran-backed militant group is most likely to target U.S. military or diplomatic personnel in the Middle East before setting its sights on American soil, according to four officials who did not provide details on what types of attacks Hizballah might undertake. While individuals inspired by ISIS and al-Qa’ida have carried out lone offender attacks in the U.S. and Europe, Hizballah has an expansive international network which gives the group the ability to use operatives to carry out an attack in the U.S. Hizballah began firing rockets at Israel shortly after HAMAS launched its Oct. 7 attack to divert Israeli forces away from Gaza. Secretary of State Antony Blinken, noting the “profound tension in the region,” said, “This is a conflict that could easily metastasize.” Other proxy groups, including Harakat-al-Nujaba, an Iraqi paramilitary group, have launched nearly 130 attacks on American troops in Iraq and Syria since Oct. 17.