Chamorro Standard Time: Monday, July 22, 2024 - 09:36 AM

While cybersecurity may appear to be a complicated subject, it is ultimately all about people. The Office of Technology (OTECH) in collaboration with CISA and their partners are focusing on the “people” aspect of cybersecurity. Our website will provide information and resources to help educate Government of Guam employees and the general public to ensure all individuals and organizations make smart decisions – on the job, at home, or at school – now and in the future. Click HERE for more information.

Cybersecurity Awareness Training

The Office of Technology is committed to protecting the confidentiality and security of forty (40) Gov Guam’s Line Agencies’ IT infrastructure, edge devices, networks, and data. Our Chief Technology Officer, Frank Lujan, understands the importance of identifying, securing, and mitigating threat vectors to protect the Government of Guam’s cyber borders and critical infrastructure.


OTECH understands that all Gov Guam users are our first line of defense in our fight against cybercriminals and state threat actors. We all need to do our part to strengthening our cyber defense mechanisms. Even with the purchase of new technology and upgrading our infrastructure, cybersecurity awareness is imperative in deterring data breaches, downtime, and other cyber incidents.


1. Watch (9) Cybersecurity Awareness Training Videos

2. Read all (4) Cybersecurity Informational Flyers

3. Click and read about all (10) most common cyber attacks.

4. Take the Cyber Awareness Quiz

Cybersecurity Awareness Training Videos (Brought to you by

Password Security                           

Phishing and Ransomware

Data Handling                                 

Removable Media

Computer Theft                             


Internet Downloads                         


MultiFactor Authentication Explained

What is Multi-Factor Authenticationi?

Using MFA protects your account more than just using a username and password. Users who enable MFA are 99% less likely to get hacked, according to Microsoft. Why? Because even if one factor (like your password) becomes compromised, unauthorized users will be unable to meet the second authentication requirement ultimately stopping them from gaining access to your accounts.

It goes by many names: Two Factor Authentication, Multi-Factor Authentication, Two Step Authentication, MFA, 2FA. They all refer to using a combination of something we have, something we know, or something we are when confirming we are who we say we are online. Your bank, your social media network, your school, your workplace… they want to make sure you’re the one accessing your information, and more importantly, they want to prevent unauthorized individuals from accessing your account and data.

So, OTECH is taking a step to double check. Instead of asking you just for something you know (e.g., a password) – which can be reused, more easily cracked, or stolen – OTECH can verify it’s you by asking for two forms of information that can identify it’s you:

We are asking for something you know …. like a password or a PIN number, along with

Something you have …. like an authentication application or a confirmation text on your phone.

Two steps are harder for a hacker to compromise. So, prove it’s you with two … two steps, that is.

   10 Most Common Cyber Attacks:

1) Ransomware

Information / Links
What is Ransomware? Ransomware is an ever-evolving form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption. Ransomware actors often target and threaten to sell or leak exfiltrated data or authentication information if the ransom is not paid.
What can I do to prevent a ransomware attack?
What to do when you are a victim of ransomware?

1. See “Section 2” of the ransomware Guide:

2. Immediately call your IT Dept. and email incident details to
Training / Resources:

Cybersecurity in a Flash: Ransomology Training video

2) Phishing and Spear Phishing Attack

Information / Links
What is a Phishing Attack? Phishing attack is the practice of sending emails that appear to be from trusted sources with the goal of gaining personal information or influencing users to do something. It combines social engineering and technical trickery. It could involve an attachment to an email that loads malware onto your computer. It could also be a link to an illegitimate website that can trick you into downloading malware or handing over your personal information.
Link Here
What is a Spear Phishing Attack?Spear phishing is a very targeted type of phishing activity. Attackers take the time to conduct research into targets and create messages that are personal and relevant. Because of this, spear phishing can be very hard to identify and even harder to defend against. One of the simplest ways that a hacker can conduct a spear phishing attack is email spoofing, which is when the information in the “From” section of the email is falsified, making it appear as if it is coming from someone you know, such as your management or your partner company. Another technique that scammers use to add credibility to their story is website cloning — they copy legitimate websites to fool you into entering personally identifiable information (PII) or login credentials.
Link Here
What can I do to prevent a phishing attack?To reduce the risk of being phished, you can use these techniques:

* Critical thinking — Do not accept that an email is the real deal just because you’re busy or stressed or you have 150 other unread messages in your inbox. Stop for a minute and analyze the email.

* Hovering over the links — Move your mouse over the link, but do not click it! Just let your mouse cursor move over the link and see where would actually take you. Apply critical thinking to decipher the URL.

* Analyzing email headers — Email headers define how an email got to your address. The “Reply-to” and “Return-Path” parameters should lead to the same domain as is stated in the email.

* Sandboxing — You can test email content in a sandbox environment, logging activity from opening the attachment or clicking the links inside the email.

3) Man-in-the-middle (MitM) Attack

Information / Links
What is a Man-in-the-middle (MitM) Attack? A MitM attack occurs when a hacker inserts itself between the communications of a client and a server.
Some common types of man-in-the-middle attacks are:

* Session hijacking is where an attacker hijacks a session between a trusted client and network server. The attacking computer substitutes its IP address for the trusted client while the server continues the session, believing it is communicating with the client.

* IP spoofing is used by an attacker to convince a system that it is communicating with a known, trusted entity and provide the attacker with access to the system. The attacker sends a packet with the IP source address of a known, trusted host instead of its own IP source address to a target host. The target host might accept the packet and act upon it.

What can I do to prevent a Man-in-the-middle (MitM) Attack?Currently, there is no single technology or configuration to prevent all MitM attacks. Generally, encryption (hash functions) and digital certificates from certificate authorities provide an effective safeguard against MitM attacks, assuring both the confidentiality and integrity of communications.

4) Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS)

Information / Links
What is DoS? What is DDoS?A denial-of-service attack overwhelms a system’s resources so that it cannot respond to service requests. A DDoS attack is also an attack on system’s resources, but it is launched from a large number of other host machines that are infected by malicious software controlled by the attacker.

Unlike attacks that are designed to enable the attacker to gain or increase access, denial-of-service doesn’t provide direct benefits for attackers. For some of them, it’s enough to have the satisfaction of service denial. Another purpose of a DoS attack can be to take a system offline so that a different kind of attack can be launched. One common example is session hijacking.

There are different types of DoS and DDoS attacks; the most common are TCP SYN flood attack, teardrop attack, smurf attack, ping-of-death attack and botnets.

5) Drive-by Attack

Information / Links
What is a Drive-by Attack?Drive-by download attacks are a common method of spreading malware. Hackers look for insecure websites and plant a malicious script into HTTP or PHP code on one of the pages. This script might install malware directly onto the computer of someone who visits the site, or it might re-direct the victim to a site controlled by the hackers. Drive-by downloads can happen when visiting a website or viewing an email message or a pop-up window. Unlike many other types of cyber security attacks, a drive-by doesn’t rely on a user to do anything to actively enable the attack — you don’t have to click a download button or open a malicious email attachment to become infected. A drive-by download can take advantage of an app, operating system or web browser that contains security flaws due to unsuccessful updates or lack of updates.
What can I do to prevent a drive-by attack?To protect yourself from drive-by attacks, you need to keep your browsers and operating systems up to date and avoid websites that might contain malicious code. Stick to the sites you normally use — although keep in mind that even these sites can be hacked. Don’t keep too many unnecessary programs and apps on your device. The more plug-ins you have, the more vulnerabilities there are that can be exploited by drive-by attacks.

6) Password Attack

Information / Links
What is a Password Attack?Because passwords are the most commonly used mechanism to authenticate users to an information system, obtaining passwords is a common and effective attack approach. Access to a person’s password can be obtained by looking around the person’s desk, ‘‘sniffing’’ the connection to the network to acquire unencrypted passwords, using social engineering, gaining access to a password database or outright guessing. The last approach can be done in either a random or systematic manner:

* Brute-force password guessing means using a random approach by trying different passwords and hoping that one work Some logic can be applied by trying passwords related to the person’s name, job title, hobbies or similar items.

* In a dictionary attack, a dictionary of common passwords is used to attempt to gain access to a user’s computer and network. One approach is to copy an encrypted file that contains the passwords, apply the same encryption to a dictionary of commonly used passwords, and compare the results.
What can I do to prevent a password attack?In order to protect yourself from dictionary or brute-force attacks, you need to implement an account lockout policy that will lock the account after a few invalid password attempts. You can follow these password policy best practices

7) SQL Injection Attack

Information / Links
What is an SQL Attack?SQL (pronounced “sequel”) stands for structured query language; it’s a programming language used to communicate with databases. Many of the servers that store critical data for websites and services use SQL to manage the data in their databases. A SQL injection attack specifically targets this kind of server, using malicious code to get the server to divulge information it normally wouldn’t. An SQL injection attack works by exploiting any one of the known SQL vulnerabilities that allow the SQL server to run malicious code.
What can I do to prevent an SQL attack?In order to protect yourself from a SQL injection attacks, apply least privilege model of permissions in your databases. Stick to stored procedures (make sure that these procedures don’t include any dynamic SQL) and prepared statements (parameterized queries). The code that is executed against the database must be strong enough to prevent injection attacks. In addition, validate input data against a white list at the application level.

8) Cross-site scripting (XSS) Attack

Information / Links
What is a Cross-site scripting (XSS) Attack?XSS attacks use third-party web resources to run scripts in the victim’s web browser or scriptable application. Specifically, the attacker injects a payload with malicious JavaScript into a website’s database. When the victim requests a page from the website, the website transmits the page, with the attacker’s payload as part of the HTML body, to the victim’s browser, which executes the malicious script. For example, it might send the victim’s cookie to the attacker’s server, and the attacker can extract it and use it for session hijacking. The most dangerous consequences occur when XSS is used to exploit additional vulnerabilities. These vulnerabilities can enable an attacker to not only steal cookies, but also log key strokes, capture screenshots, discover and collect network information, and remotely access and control the victim’s machine.
What can I do to prevent an XSS attack?To defend against XSS attacks, developers can sanitize data input by users in an HTTP request before reflecting it back. Make sure all data is validated, filtered or escaped before echoing anything back to the user, such as the values of query parameters during searches. Convert special characters such as ?, &, /, <, > and spaces to their respective HTML or URL encoded equivalents. Give users the option to disable client-side scripts.

9) Eavesdropping Attack

Information / Links
What is an Eavesdropping Attack?Eavesdropping attacks occur through the interception of network traffic. By eavesdropping, an attacker can obtain passwords, credit card numbers and other confidential information that a user might be sending over the network. Eavesdropping can be passive or active:

* Passive eavesdropping — A hacker detects the information by listening to the message transmission in the network.

* Active eavesdropping — A hacker actively grabs the information by disguising himself as friendly unit and by sending queries to transmitters. This is called probing, scanning or tampering.
What can I do to prevent an eavesdropping attack?Data encryption is the best countermeasure for eavesdropping.

10) Malware Attack

Information / Links
What is a Malware Attack?Malicious software can be described as unwanted software that is installed in your system without your consent. It can attach itself to legitimate code and propagate; it can lurk in useful applications or replicate itself across the Internet. Here are some of the most common types of malware:

* Macro viruses — These viruses infect applications such as Microsoft Word or Excel. Macro viruses attach to an application’s initialization sequence. When the application is opened, the virus executes instructions before transferring control to the application. The virus replicates itself and attaches to other code in the computer system.

* File infectors — File infector viruses usually attach themselves to executable code, such as .exe files. The virus is installed when the code is loaded. Another version of a file infector associates itself with a file by creating a virus file with the same name, but an .exe extension. Therefore, when the file is opened, the virus code will execute.

* System or boot-record infectors — A boot-record virus attaches to the master boot record on hard disks. When the system is started, it will look at the boot sector and load the virus into memory, where it can propagate to other disks and computers.

* Polymorphic viruses — These viruses conceal themselves through varying cycles of encryption and decryption. The encrypted virus and an associated mutation engine are initially decrypted by a decryption program. The virus proceeds to infect an area of code. The mutation engine then develops a new decryption routine and the virus encrypts the mutation engine and a copy of the virus with an algorithm corresponding to the new decryption routine. The encrypted package of mutation engine and virus is attached to new code, and the process repeats. Such viruses are difficult to detect but have a high level of entropy because of the many modifications of their source code. Anti-virus software or free tools like Process Hacker can use this feature to detect them.

* Stealth viruses — Stealth viruses take over system functions to conceal themselves. They do this by compromising malware detection software so that the software will report an infected area as being uninfected. These viruses conceal any increase in the size of an infected file or changes to the file’s date and time of last modification.

* Adware — Adware is a software application used by companies for marketing purposes; advertising banners are displayed while any program is running. Adware can be automatically downloaded to your system while browsing any website and can be viewed through pop-up windows or through a bar that appears on the computer screen automatically.

* Spyware — Spyware is a type of program that is installed to collect information about users, their computers or their browsing habits. It tracks everything you do without your knowledge and sends the data to a remote user. It also can download and install other malicious programs from the internet. Spyware works like adware but is usually a separate program that is installed unknowingly when you install another freeware application.

* Trojans — A Trojan or a Trojan horse is a program that hides in a useful program and usually has a malicious function. A major difference between viruses and Trojans is that Trojans do not self-replicate. In addition to launching attacks on a system, a Trojan can establish a back door that can be exploited by attackers. For example, a Trojan can be programmed to open a high-numbered port so the hacker can use it to listen and then perform an attack.

* Logic bombs — A logic bomb is a type of malicious software that is appended to an application and is triggered by a specific occurrence, such as a logical condition or a specific date and time.

* Worms — Worms differ from viruses in that they do not attach to a host file, but are self-contained programs that propagate across networks and computers. Worms are commonly spread through email attachments; opening the attachment activates the worm program. A typical worm exploit involves the worm sending a copy of itself to every contact in an infected computer’s email address In addition to conducting malicious activities, a worm spreading across the internet and overloading email servers can result in denial-of-service attacks against nodes on the network.

* Droppers — A dropper is a program used to install viruses on computers. In many instances, the dropper is not infected with malicious code and, therefore might not be detected by virus-scanning software. A dropper can also connect to the internet and download updates to virus software that is resident on a compromised system.

* Ransomware — Ransomware is a type of malware that blocks access to the victim’s data and threatens to publish or delete it unless a ransom is paid. While some simple computer ransomware can lock the system in a way that is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique called cryptoviral extortion, which encrypts the victim’s files in a way that makes them nearly impossible to recover without the decryption key.
Common malware symptoms:· There is an increase in CPU usage.
· There is a decrease in computer speed.
· The computer freezes or crashes often.
· There is a decrease in Web browsing speed.
· There are unexplainable problems with network connections.
· Files are modified.
· Files are deleted.
· There is a presence of unknown files, programs, or desktop icons.
· There are unknown processes running.
· Programs are turning off or reconfiguring themselves.
· Email is being sent without the user’s knowledge or consent.


We provide IT support services to all Government of Guam line agencies. Please use the following application to submit your service request.

Skip to content