We recently made a policy change requiring M365 users to log into their accounts on a more regular basis. This change helps protect everyone by strengthening our defenses against evolving phishing and business email compromise threats.

Why are we asking users to re-authenticate via MFA every 12 hours?

The risk: token theft

• When you log in to M365 (or many other cloud services) and complete all your steps (password + MFA), the system issues you an authentication token (think of it as a “key” that says you’re already good-to-go).

• If an attacker manages to steal that token (via phishing, malware, “man-in-the-middle” web proxies, etc.), they can use it to log in as you — often without needing to redo the MFA step, because the token already says, “MFA done”.

• Once that token is in attacker hands, the attacker can roam around your account for as long as that token is valid, access resources, exfiltrate data, or set up persistence — all whilst “looking like you”.

• This is especially relevant in cloud-first environments like yours (and ours) because of how often people stay logged in, use multiple devices, remote access, etc.

• Even though MFA dramatically improves security (it’s still extremely important) the fact that token theft bypasses the “did you do the MFA step just now?” check means we still need additional layers of protection.

Why a 12-hour MFA prompt helps

• By forcing a re-authentication every 12 hours, you shorten the “window of opportunity” an attacker has if they steal (or replay) your token. meaning: if someone steals your “key”, they’ll lose access once the token expires or you’re forced to ask for a fresh check.

• It essentially adds a time-bound checkpoint: you’re re-asserting the identity, doing MFA, renewing the session. this reduces session-lifetime risk.

• It also reinforces best-practice behavior for users: you’ll see the prompt, you re-authenticate, which helps you remain engaged and aware of your access sessions.

• In alignment with “zero-trust” mindset: don’t assume “once logged in, you’re forever trusted” — instead assume “we’ll periodically re-check you”.

• Combined with other controls (device compliance, location restrictions, conditional access, session monitoring) your overall risk decreases significantly.

What you as a user should know & do

• Keep your MFA device (phone/app) secure: don’t hand it over, don’t approve push notifications you didn’t expect.

• Be extra cautious with links/emails asking you to “login” or “re-enter your credentials”. token-theft phishing works by proxying your login and capturing the token behind the scenes.

• If you see a login prompt (or MFA approval) when you didn’t initiate one, treat that as potentially malicious.

• Log out when you’re done, especially on shared/public devices; avoid leaving “always logged in” enabled.

• Use managed/compliant devices for work access whenever possible, avoid unmanaged personal devices if policy allows.

• If you suspect unauthorized access, report it immediately so the token/session can be revoked.

What this policy is not

• It’s not a sign of mistrust in you, it’s a security precaution applied universally to help protect your account, your data, and our collective systems.

• It’s not the only control we’re using, but it’s a meaningful one. We also use other controls: conditional access, device compliance, monitoring, etc.

• It doesn’t mean you’ll be constantly bothered, 12 hours is a balance between usability and risk mitigation.

Links for additional reading

https://learn.microsoft.com/en-us/security/operations/token-theft-playbook

https://techcommunity.microsoft.com/blog/microsoft-entra-blog/how-to-break-the-token-theft-cyber-attack-chain/4062700

https://frsecure.com/blog/token-theft-attacks-mfa-defeat/

Hacker’s Brief 10/24/2025

Week 4 of National Cybersecurity Awareness Month! Join CyberWyoming and UWIT on Oct 28 for a chilling hour of real Wyoming cyber stories and tips to stay safe online. Register or check out the Scary Cyber Stories webinar here: https://cyberwyoming.org/scary-cyber-stories-from-wyoming-a-halloween-webinar/

Automatic Calendar Invites: A Laramie resident reported discovering an unsolicited calendar entry claiming a PayPal payment to Bitcoin had been completed, attributed to someone named Kevin Skinner. The user noted the increasing creativity of these scam attempts, which appear designed to trick people into believing fraudulent transactions have occurred. CyberWyoming Note: Be cautious of unexpected calendar invites or notifications, especially those claiming financial transactions. Never click links or provide personal information from such entries. If you are concerned, consider disabling automatic calendar event additions from email or unknown sources.

Feeling Pressured?: A Big Horn resident received a scam text from an unknown number claiming they were gifted a “KynPower pressure washer” and asking for $8 shipping via a suspicious link (dismaxx domain). CyberWyoming Note: This is a classic advance-fee scam, designed to trick recipients into paying small amounts of money for a fake prize or service. Never click links or provide payment information in unsolicited messages, especially if they appear to offer free gifts or seem urgent. Be sure to block the sender’s number, report the message, and delete it immediately.

GoFundMe’s 1.4M Unauthorized Nonprofit Pages: In late 2025, GoFundMe automatically created roughly 1.4 million donation pages for U.S. 501(c)(3) nonprofits without their consent, using public IRS data and partner feeds like PayPal Giving Fund. These pages, appearing official, often went unnoticed by nonprofits, depriving them of donor data, brand control, and stewardship opportunities while introducing confusing default fees, including tips of 15–17% and a 5% recurring-donation surcharge. The surge of pages also created SEO (website searching) conflicts, diverting traffic from nonprofits’ official sites and potentially misleading donors. Nonprofits and advocacy groups, including the Wyoming Nonprofit Network and National Council of Nonprofits, expressed concern over consent, transparency, and operational burden, highlighting that the initiative forced organizations to claim, manage, or remove pages just as year-end fundraising peaks. GoFundMe responded by promising to remove default tips, improve brand control, and enhance communication, but critics argue these updates fail to address the fundamental issue of unsolicited page creation and its impact on nonprofit autonomy. As a nonprofit ourselves, the CyberWyoming Alliance started the steps to disable the GoFundMe page that was set up without our knowledge or consent. While we are still not able to completely delete it, we ‘claimed’ the page, disabled its visibility, and removed any personally identifiable details that GoFundMe added to it. Learn more about this and how to claim and disable your nonprofit’s page: https://nonprofitnewsfeed.com/news/1-4-million-donation-pages-without-permission-created-by-gofundme/

Shutdown Sparks Spike in Recruitment Scams: During the 2025 government shutdown, an estimated 6,000–7,000 federal workers in Wyoming are furloughed, leaving many without pay for over two weeks. Employees report intense stress, financial strain, and reliance on mutual support, as they navigate unpaid bills, childcare, and basic necessities. The uncertainty and delayed paychecks have led to some employees quitting, heightening operational gaps. This environment of financial vulnerability and desperation creates fertile ground for increased recruitment/job scams, as scammers often target individuals under economic pressure with offers that seem urgent or lucrative but are fraudulent. The combination of uncertainty, stalled federal work, and furloughed workers’ need for income likely makes such scams more probable right now. These scams typically involve email or text messages claiming to be from legitimate employers, sometimes with official-looking invitations for virtual interviews. They often push for

sensitive personal or financial information, like Social Security numbers or bank account details, before any real interview occurs. Red flags include emails from personal accounts rather than corporate ones, recruiters who insist on personal information upfront, and online searches revealing complaints or scam reports about the company or recruiter. For more information on how to spot and report job scams, go to ftc.gov/jobscams.

– Government Shutdown information brought to you by WyoFile https://wyofile.com/furloughed-federal-workers-struggle-hang-on-help-one-another/

Amazon Outage Disrupts Global Services: On Monday, Amazon Web Services (AWS) resolved a major internet outage caused by a problem with one of its core database products, which had left millions of users worldwide unable to access popular websites and apps. The disruption, which began around 3 a.m. ET, affected services ranging from Snapchat, Roblox, Fortnite, and Apple Music to Amazon’s own Ring cameras, Prime Video, and Kindle, as well as platforms used by airlines, banks, and government agencies. AWS traced the issue to an internal network subsystem that monitors server load balancers, leading to widespread service interruptions despite partial mitigations earlier in the day. The outage highlighted the vulnerability of cloud-dependent businesses and critical digital infrastructure, with social media users, media outlets, financial services, and secure messaging apps like Signal all reporting issues.

– Brought to you by NBC News https://www.nbcnews.com/news/us-news/amazon-web-services-outage-websites-offline-rcna238594

MS-ISAC and CISA Patch Now Alert: MS-ISAC and CISA Patch Now Alert: The Multi-State Information Sharing and Analysis Center (MS-ISAC) or the Cybersecurity & Infrastructure Security Agency (CISA) has published a patch now (update your software) alert for Oracle products. If you use these products, make sure the software is updated.

Data Breaches in the News: Verisure, Prosper, PeopleGuru, Vocus ISP Dodo, and Envoy Air (subsidiary of American Airlines). Note: If you have an account with these companies, be sure to change your password and consider placing a credit freeze on your accounts through the three credit reporting agencies: TransUnion, Experian, and Equifax.

Please report scams you may experience to phishing@cyberwyoming.org to alert your friends and neighbors.

Other ways to report a scam: ● Better Business Bureau Scam Tracker: www.bbb.org/scamtracker

● Wyoming Attorney General’s Office, Consumer Protection o Email ag.consumer@wyo.gov o Complaint form https://attorneygeneral.wyo.gov/law-office-division/consumer-protection-and-antitrust-unit/consumer-complaints ● File a complaint with the Federal Trade Commission at www.ftc.gov/complaint ● Report your scam to the FBI at www.ic3.gov ● Get steps to help at www.IdentityTheft.gov

● Reported unwanted calls to the Federal Trade Commission’s Do Not Call Registration. Online at https://www.donotcall.gov/report.html or call 1-888-382-1222, option 3 ● Office of the Inspector General: https://oig.ssa.gov/scam-awareness/report-the-scam/

● If you believe someone is using your Social Security number, contact the Social Security Administration’s (SSA) fraud hotline at 1-800-269-0271.

● AARP Fraud Watch Network (any age welcome) Helpline 877-908-3360 ● IRS: report email scams impersonating the IRS to phishing@irs.gov or https://www.irs.gov/privacy-disclosure/report-phishing

● Call the Wyoming Senior Medicare Patrol (SMP) for assistance with potential Medicare fraud, abuse, or errors at 1-800-856-4398

Victim Support: The AARP Fraud Watch Network and Volunteers of America (VOA) created a new, free program to provide emotional support for people impacted by a scam or fraud, called ReST. Visit www.aarp.org/fraudsupport to learn more about the free program and register.

2025 Predictions & 2024 Recap

A Look into the Future of Identity Crimes and Cybersecurity

The Identity Theft Resource Center (ITRC) has released its 2025 predictions, shedding light on the evolving landscape of identity crimes and cybersecurity. The report points to critical discussions around policy changes, resource reductions, and the growing struggles faced by victims, who are left with fewer avenues for support. As we look to the future, reflecting on 2024 provides a valuable perspective on the trends shaping this space.

2024 Predictions Recap

Prediction 1: AI and Compromised Data Fueling Fraud

Reality: AI’s role in crafting fraudulent documents far exceeded expectations. Criminals leveraged generative AI to create false medical records, death certificates, and accident reports, significantly boosting phishing scams and insurance fraud. Government reports reveal an 85% rise in compromised insurance accounts since 2022.

Prediction 2: Data Breaches Driving Biometric Adoption

Reality: A record number of identity crimes led to widespread adoption of biometric verification tools. Over one-third of victims faced hurdles proving their identity, and 74% of people used biometric authentication in 2024.

Prediction 3: State-Level Privacy Laws Prevail

Reality: True to predictions, 20 states enacted comprehensive privacy and cybersecurity laws, filling the void left by Congress’s failure to pass national legislation.

Prediction 4: Privacy Concerns over Biometrics

Reality: Mixed results. While legislative attempts to block biometric use failed, public apprehension persisted. Despite 90% of surveyed individuals consenting to biometric verification, 62% expressed serious concerns.

Prediction 5: Emotional Toll of Identity Crimes

Reality: A marginally positive trend emerged as fewer victims reported contemplating self-harm (12%, down from 16% in 2023). However, the financial and emotional impacts of identity crimes remain profound.

2025 Predictions

The ITRC’s 2025 predictions highlight an increasingly challenging environment for identity theft victims, exacerbated by shifting federal priorities and the rise of advanced cybercriminal techniques.

1. Reduced Support for Victims and Cybercrime Prevention
Government resource allocation for victim assistance, cybercrime prevention, and cybersecurity enforcement is expected to dwindle. Federal agencies, including the U.S. Secret Service, may shift focus, leaving multi-national criminal organizations unchecked. This vacuum will likely lead to a surge in identity crimes, leaving individuals and businesses more exposed.

2. Decline in VOCA Fund Resources
The Victims of Crime Act Fund, a critical source of non-taxpayer-funded aid, will shrink as fewer identity crimes are investigated and prosecuted. This will strain victim support programs, reducing the help available to those navigating the fallout of identity theft.

3. Cybercrime Job Market Boom
Cybercriminal organizations are capitalizing on advancements in AI and automation. Accessible tools now allow even non-technical criminals to execute complex attacks. The demand for software testers and other roles in cybercrime is expected to soar, exacerbating the risk landscape.

4. State Regulators Take the Lead
With federal regulations weakening or abandoned, states are stepping up to enforce privacy and cybersecurity laws. While this is good news for state residents, the patchwork of regulations will create confusion and compliance burdens for businesses operating across state lines.

5. Return to Self-Regulation
In the absence of stringent federal mandates, industries will likely revert to voluntary self-regulation. While flexible, these measures often lack the enforcement mechanisms needed to protect consumers effectively. Sophisticated fraud enterprises will exploit these gaps, further eroding trust.

Key Takeaways and 2025 Outlook

The trajectory from 2024 to 2025 underscores a growing divide between the sophistication of cybercriminals and the resources available to combat them. The reliance on state-level regulation and self-policing introduces inconsistencies that can leave individuals and businesses vulnerable. Meanwhile, the integration of AI into criminal operations accelerates the scale and severity of cyber threats.

To navigate 2025 successfully:

• Businesses must invest in robust cybersecurity frameworks, recognizing the risks of fragmented state laws and the limitations of self-regulation.

• Individuals should adopt proactive measures, such as using multi-factor authentication and regularly monitoring accounts for suspicious activity.

• Policymakers need to prioritize a unified approach to cybersecurity and identity theft, balancing innovation with enforcement.

The battle against identity crimes is far from over, and the challenges of 2025 demand vigilance, innovation, and collaboration.

Wyomingites love their Subarus. Whether you’re tackling a snowy mountain pass, cruising the plains, or loading up the skis for a weekend adventure, a trusty Subaru is practically a badge of honor around here. But what if I told you that the biggest off-road hazard for your Outback isn’t a pothole—it’s a cybersecurity pothole big enough to swallow your data whole?

Recently, security researcher Sam Curry uncovered a doozy of a vulnerability in Subaru’s Starlink connected vehicle service. You know, the system that lets you remote-start your car, locate it in a crowded parking lot, or even call for roadside assistance. Turns out, it also had an unintentional feature: a giant back door into customer accounts in the U.S., Canada, and Japan. Oops.

Curry reported the problem to Subaru and it was corrected within 24 hours without a data breach, maintaining the Subaru Equals Love tagline for those of us in cybersecurity.

But, How Bad Was It?

Pretty bad. Curry and fellow researcher Shubham Shah discovered that Subaru’s administrator portal—the one that should have been accessible only to employees—had the equivalent of a “Come on in, make yourself at home!” sign on it. By poking around a subdomain (subarucs.com), they found JavaScript files that revealed a security nightmare: any employee’s password could be reset without a confirmation token. That’s like being able to change the locks on someone’s house without needing a key.

It gets worse. Once inside the admin panel, they found they could modify total access to vehicles;  no owner verification, no alerts, just the digital equivalent of handing over the keys to a stranger. This meant bad actors could have potentially unlocked doors, started engines, and taken off with someone’s beloved Forester without so much as a hotwiring attempt.

But Wait, There’s More!

If this sounds familiar, it’s because similar security flaws have been found in other automakers’ connected car services. Curry previously warned about a bug in Kia’s online services that exposed millions of vehicles to remote hacking. And in 2023, he and six other researchers uncovered vulnerabilities affecting 16 different car brands that could lead to data leaks, remote control exploits, and enough cyber mayhem to make a hacker’s heart race faster than a WRX in sport mode.

What Does This Mean for Wyoming Drivers?

If you own a Subaru, or any connected vehicle for that matter, here’s the takeaway: Your car is now a rolling computer, and just like your laptop or smartphone, it needs protection. Automakers are racing to secure these systems, but as we’ve seen, vulnerabilities still slip through the cracks.

Here’s how you can protect yourself:

• Update, update, update. If Subaru releases a software patch for Starlink, install it immediately. Cybersecurity is an arms race, and patches are your best defense.

• Use strong passwords. If your vehicle service lets you set a password for remote access, don’t use “password123.” Make it strong, unique, and (please) not your dog’s name.

• Enable two-factor authentication (2FA). If Subaru (or any connected service you use) offers 2FA, enable it. It adds an extra layer of security.

• Be skeptical of phishing scams. Cybercriminals love pretending to be your car company. If you get an email asking you to reset your password or log into a strange-looking website, verify it’s legit before clicking anything.

The Road Ahead

Cybersecurity in vehicles is still a developing battlefield. While Subaru (and other automakers) did beef up security, history tells us new vulnerabilities will emerge. The best thing we can do as consumers is stay informed and practice good cyber hygiene.

So, next time you’re heading into the wild Wyoming backcountry, remember: The road may be rough, but your cybersecurity doesn’t have to be. Drive safe, stay secure, and maybe double-check that your car is only answering to you.