Research & Education Networks Information Sharing & Analysis Center – Page 4 – Cybersecurity Higher Education News for Alliance Members and the Public

Breaking a Botnet: Microsoft, Health-ISAC Talk Taking on ZLoader

Posted on May 17, 2022 by Jennifer Pacenza

In mid-April 2022, Microsoft, Health-ISAC (H-ISAC), and Financial Services-ISAC (FS-ISAC) disrupted a malicious Zloader botnet variant. Tomorrow, REN-ISAC will host a webinar featuring Rich Boscovich (Assistant General Counsel-Digital Crime Unit/Malware Analysis & Disruption Team, Microsoft) and Errol Weiss (Chief Security Officer, H-ISAC) to discuss ZLoader, Microsoft’s disruption techniques, and what you can do to participate in future botnet disruptions actions.

Watch the Webinar Recording (member login required)

ZLoader or Zbot refers to a family of malware that installs trojans onto computers and systems, bringing them under control of an attacker’s botnet. The botnet targeted for takedown used a web of devices in businesses, hospitals, schools, and homes around the world to steal and extort money. In addition, the botnet was being monetized with access-as-a-service and malware-as-a-service being sold to other malicious groups like Ryuk, DarkSide, and BlackMatter.

Microsoft, H-ISAC, and FS-ISAC collaborated to create a sinkhole to redirect the malicious ZLoader domains where they are isolated and contained. The sinkhole also enables security researchers to analyze ZLoader’s activity providing more insight into its tactics and techniques.

Being a REN-ISAC Peer Assessor with Hal Stone

Posted on May 2, 2022 by Jennifer Pacenza

The REN-ISAC Cybersecurity Peer Assessment Program enables colleges and universities to get an unbiased assessment and actionable recommendations from cybersecurity experts specializing in the higher education sector. But what is it like to be a peer assessor?

Hal Stone knows. Hal is one of the highly experienced, cybersecurity professionals in REN-ISAC’s cadre of assessors and Chief Information Security Officer (retired) for Clemson University. Hal took time out of his busy schedule to give us some insight into his experience as an assessor.

(more…)

REN-ISAC Presentations and more at the EDUCAUSE Cybersecurity and Privacy Professionals Conference

Posted on April 26, 2022 by ctconron

Staff from the Research & Education Networks Information Sharing and Analysis Center will present on a number of topics at this year’s EDUCAUSE Cybersecurity and Privacy Professionals Conference, May 3 – 5 in Baltimore. We’ll be hosting an informal meet and greet at the Baltimore Marriott Waterfront Hotel Lounge/Bar (see below) and staffing an information table for those interested in learning more about membership benefits from the REN-ISAC.

The Cybersecurity and Privacy Professionals Conference is a valuable forum for connecting with higher education information security and privacy professionals. This event gives participants a chance to network and discuss information security and privacy trends and current issues with peers and solution providers. The conference will feature just-in-time content to help higher education cybersecurity and privacy professionals address the current challenges facing their institutions

We look forward to seeing you there!

Tuesday, May 3, 2022

8:30 am – 12 pm: Wrangling an Ever-Changing Landscape: Cyber Insurance, Ransomware, and Your Security Posture (separate registration is required)

Susan Coleman Snyder, Michael Davis, Amy Starzynski Coddens, Krysten Stevens

6:30 pm: REN-ISAC, OmniSOC, SANS Meet & Greet – Baltimore Marriott Waterfront Hotel Lounge/Bar

Join us for conversation, catching up, networking, and more.

Wednesday, May 4, 2022

9:15AM-10 am: Creating Connections and Breaking Down Barriers with the Business Information Security Officer Role

Amy Starzynski Coddens

How OmniSOC and REN-ISAC Joined Forces to Meet the Log4Shell Threat

Michael Davis, Krysten Stevens

11:45AM-12:45 pm: This Job Feels Just Right: Finding Your Niche in Cybersecurity

Krysten Stevens, Amy Starzynski Coddens

1:45PM-2:45 pm: Welcome to the Higher Education Cybersecurity and Privacy Community from EDUCAUSE, Internet2, and REN-ISAC

Susan Coleman Snyder

Thursday, May 5, 2022

10:30AM-11:30 am: FBI, REN-ISAC, and CISA Threat Briefing – Sponsored by Armis

Krysten Stevens

Meet the 2022 REN-ISAC Steering Committee

Posted on April 21, 2022 by Jennifer Pacenza

The REN-ISAC Steering Committee is key to our community’s growth. They provide guidance and oversight for REN-ISAC’s strategic direction, serve our members through committees and task forces, represent REN-ISAC at professional events, and help disseminate information about REN-ISAC products and services.

After holding our 2022 Steering Committee elections, new committee members Russel Fulton, Jodi Ito, and Joel Rosenblatt joined Michael Corn, Allison Henry, and Dave Robinson as our six member-elected leaders.* Get to know your elected REN-ISAC representatives.

(more…)

Finding a Professional Community at Women in Cybersecurity

Posted on March 28, 2022 by Jennifer Pacenza

When I imagine professional conferences, I see people in their business suit best trying to impress others with their knowledge and prestige. This impression may be influenced by more academic conferences than I can count. So when I signed up to represent the REN-ISAC at my first Women in Cybersecurity (WiCys) conference, I was expecting to learn a lot from the professional sessions, as well as feel that subtle pressure to stifle my quirky, punky tendencies and be on my best professional behavior.

However, at WiCys 2022 in Cleveland, I found a lively community of diversity and acceptance. I met people of all races, gender identities, ages, abilities, and professional levels and backgrounds. The power Doc Martens I insisted on wearing fit right in with the variety of personalities and clothing styles.

I bring up clothing because it is an expression of a person’s individuality and identity. It was so refreshing to be in a professional atmosphere where people, especially women, are not trying to squash their personalities into a business suit. Here professionals of all varieties could just be themselves, filling the space with contagious energy and easy camaraderie.

The conference sessions also embraced the diversity of the WiCys community while empowering attendees to create positive change. Dr. Latanya Sweeney’s (Harvard Kennedy School of Government) opening keynote highlighted technology’s role in creating a technocracy, a society where inherent bias in technology impacts everything from perceptions of hirability to voting numbers to proposed bail amounts. Despite the negative effects, Dr. Sweeney inspired us all with hope. “We have opportunities to save the world,” she said.

Jen Easterly’s rockstar performance also empowered and inspired. Easterly, the Director of the US Cybersecurity Infrastructure Security Agency (CISA), made an impressive entrance backed by squealing rock guitars and raucous applause. Dressing in bell-bottom jeans, a t-shirt bearing the Ukraine flag, and a smart tan blazer, Director Easterly became, for me at least, a model for women in the cybersecurity field. She was animated, knowledgeable, and a badass rebel who owned her uniqueness on the stage by celebrating her love for AC/DC and her dreams for a more equitable cybersecurity profession.

I was starstruck. I have never had a cybersecurity fangirl crush until that moment. I wanted to go out and buy a dozen Jen Easterly posters and plaster my office with them as I did with the rock icons of my high school years.

I came to WiCys to present “It Takes Many Sailors to Move this Ship,” a session where two colleagues and I would admit that our professional backgrounds were way outside of cybersecurity. Prior to my time at WiCys, I was so nervous to discuss my strange professional path from Shakespeare to cybersecurity, but in that welcoming environment, our presentation seemed like just a fun conversation with friends.

In addition to stellar keynotes and accepting community, the conference included sessions on professional development, application privacy, cloud security, diversity and inclusion, and even a role-playing game-inspired tabletop exercise. The sessions were creative, intelligent, and accessible

WiCys was the most accepting and welcoming conference experience I’ve ever had, and I would highly encourage anyone, especially those feeling nervous about attending or presenting at a cybersecurity conference, to embrace your unique perspective and share it with the WiCys community. I did, and I enjoyed every minute of it.

Three women standing in front of a pair of purple and blue wings. — (From left to right) Joanna Grama, Amy Starzynski Coddens, and Jennifer Pacenza (author) commemorating a great presentation and WiCYS 2022.

Indiana Executive Council on Cybersecurity selected as a nominee for TechPoint’s Mira Awards

Posted on March 21, 2022 by ctconron

REN-ISAC’s Joseph Potchanant serves as advisor to council

TechPoint recently announced that the entire Indiana Executive Council on Cybersecurity (IECC) has been nominated for the Community Impact Award for the 23rd annual Mira Awards. The Community Impact Award honors those individuals and organizations who have gone above and beyond to support the advancement of Indiana’s tech community.

Joseph Potchanant, director of member services and support at the Research and Education Networks Information Sharing and Analysis Center (REN-ISAC), along with four other distinguished cybersecurity leaders from Indiana University are advisors to the work of the council, which includes more than 250 advisory members.

“Joe brings his professional expertise to bear in new ways to benefit the REN-ISAC and the State of Indiana,” said Kim Milford, REN-ISAC executive director. “His work with the IECC is an excellent example of how he can analyze threats and collaborate with others to reduce them.”

“I’m honored to be a part of such important work and proud of the council’s efforts in cybersecurity,” said Potchanant. “Information sharing and the operational collaboration of the IECC with Indiana University and the REN-ISAC are vital to our collective efforts in protecting Higher Education and Research Institutions.”

About the IECC

Led by the Indiana Department of Homeland Security, Indiana Office of Technology, Indiana State Police, and the Indiana National Guard, the Indiana Executive Council on Cybersecurity is made up of government (local, state, and federal), private-sector, military, research, and academic stakeholders to collaboratively move Indiana’s cybersecurity to the Next Level. With 35 Council members and more than 250 advisory members, the Council completed a comprehensive strategic plan and delivered it to Governor Holcomb in September 2018. The Council is continuing in its work in achieving the goals and deliverables of that plan; an achievement that has positioned Indiana as a leader in implementing a cybersecurity program that serves all Hoosiers. Here is a list of the 2022 IECC Advisory Members.

About TechPoint and the Mira Awards

TechPoint brings together Indiana’s tech companies, philanthropies, government, universities, and talent to create opportunity. TechPoint’s programs connect talent with jobs, internships, and educational programs in tech to accelerate their growth and fill the increasing number of tech jobs in Indiana. The Mira Awards are the state’s largest, best known and most prestigious technology awards, and the annual gala celebrates the “The Best of Tech in Indiana.” Winners will be announced on April 23, 2022.

REN-ISAC team to lead panel at Women in Cybersecurity Conference (WiCyS 2022)

Posted on March 16, 2022 by ctconron

REN-ISAC team members Jen Pacenza and Amy Starzynski Coddens will lead a panel discussion, along with Joanna Grama from the Vantage Technology Consulting Group, at this year’s Women in Cybersecurity Conference (WiCyS 2022) on March 19 at 12 noon.

Their panel topic, “It Takes Many Sailors to Move this Ship: Populating the Cybersecurity Workforce with Talent from Diverse Backgrounds” will explore the power of diversity in creating effective cybersecurity teams.

Panel Abstract:

The term cybersecurity conjures up visions of hoodie-wearing hackers in dark rooms or funky crime lab assistants who magically find the missing piece of evidence with a tap of a few buttons. Securing networks, devices, and data adequately and sufficiently requires much more than a single, mythical hacker. The smart, efficient, and innovative security team is multidimensional and professionally diverse. Creating this kind of team requires more than information technology experts; it requires policy experts, business analysts, communicators, event coordinators, grant writers, and, of course, engineers, system administrators, networkers, and lab assistants with their magical evidence-finding skills.

This session will be led by former lawyers, educators, and writers whose career paths all took the strange yet rewarding turn toward cybersecurity. Through an open conversation, participants will come away with a better understanding of how various backgrounds and professional experiences can benefit a cybersecurity organization. The session will enable attendees to understand the professional diversity needed to create smart, adaptive security teams; fulfill organizational needs and goals, and encourage career satisfaction and employee retention.

What is ransomware and what can be done about it?

Posted on March 14, 2022 by ctconron

Ransomware is malware (malicious software) that individuals or criminal organizations use to encrypt files on computer networks. Most ransomware attacks extort large sums of money from victims in return for decrypting files, restoring access to those files, and promising not to publicly disclose potentially sensitive stolen data.

Higher education institutions are an enticing target because of the sensitive data they hold and because there is a diverse group of individuals in the community who may have different practices regarding their own online actions regarding safety and security. Using phishing emails and stolen credentials to gain access to IT networks, hackers using ransomware steal sensitive information and encrypt access to vital data and systems.

In such an attack, individuals, companies, or institutions have few options. These include paying the criminals (which may or may not ensure restored access), attempting to unencrypt the data themselves (which can be nearly impossible), or restoring the data from backups they have made. In addition, it is not always easy for institutions to pay ransom in cryptocurrency.

Colleges and universities are a target

According to EDUCAUSE, malicious hackers often target a college or university’s most valuable data in a ransomware attack. Sensitive research data or student information (social security numbers, addresses, and birthdates) are high-value targets. Criminals might also target system controls. For example, ransomware can be used to encrypt and lock down identity databases, resulting in a denial of service (DoS) attack that keeps other applications from using that database. Data and systems that could impede business functions are another popular target for ransomware attacks.

Smaller universities and colleges, as well as those that do not place a strong emphasis on research, are excellent targets for cyberattacks of this nature because they may lack resources to protect from cybersecurity attacks. Whether or not an institution thinks its data is important, criminals certainly do.

Any actions to prevent ransomware attacks should be at both the institutional and individual levels. While institutional security is a high-level approach outside the purview of individuals, everyone can practice smart ransomware threat prevention.

Preventing ransomware attacks

The FBI and US Cybersecurity Infrastructure Security Agency recommend the following:

• Update your operating system and software.

• Implement user training and phishing exercises to raise awareness about the risks of suspicious links and attachments.

• If you use Remote Desktop Protocol (RDP), secure and monitor it.

• Make an offline backup of your data, and practice using it.

• Use multifactor authentication (MFA).

How the REN-ISAC can help

Ransomware events can be highly disruptive to college campuses. Not only can they lock IT systems and threaten sensitive data, but they can also interrupt the campus facilities systems controlling electronic locks, research storage, and residence hall and classroom climate control. In addition, it is possible for threat actors to compromise IOT devices such as cameras and smart devices, which can represent a risk to privacy

To prepare for this kind of complex threat, the REN-ISAC offered workshops featuring hands-on scenarios that enabled participants to analyze and mitigate the risks and challenges of a ransomware attack.

We have published a Final Report of the best practices, areas of improvement, and persistent challenges discussed during all seven workshops. Because of the workshops’ unique enterprise approach to risk management, this report gives you access to expert knowledge from a variety of functional offices and a broad selection of institutions in Australia, Canada, and the U.S.

If your higher education institution or research network is Interested in hosting a REN-ISAC workshop on ransomware for your institution, please contact us.

Tension in Ukraine: Mitigating Effects on Higher Education

Posted on February 23, 2022 by Jennifer Pacenza

As tensions continue to escalate between Russia and Ukraine, we as information security professionals need to take immediate steps to review, test, and upgrade our incident response practices in preparation for a possible nation-state-sponsored attack.

To help research and education institutions prepare for the challenges ahead, REN-ISAC has created “Tension in Ukraine: Mitigating Effects on Higher Education.” This advisory provides tactics and resources for protecting your organization’s people, data, facilities, and daily functions.

You will find:

• useful tactics for preparing and mitigating attacks against organizational systems

• information on how to help protect international students, faculty, and staff, as well as their data

• a large collection of helpful resources to enable you to move forward on the suggested actions

REN-ISAC is here to help during these uncertain times, and we will work to provide timely, relevant, and actionable information as this situation develops. If you have questions or suggestions for how we as a community can better prepare for this situation, feel free to contact REN-ISAC Member Services and Support.

Ransomware attacks presentation by REN-ISAC at OmniSOC Con conference

Posted on February 18, 2022 by ctconron

Kim Milford, Executive Director, REN-ISAC, and Krysten Stevens, Director of Technical Operations, REN-ISAC, will speak this coming Tuesday, February 22, 2022, as part of the 4th annual OmniSOC CON Conference held by OmniSOC. Their session will be moderated by Amy Starzynski Coddens, also from the REN-ISAC.

Their topic “Ransomware: Threats & Mitigations,” will explore how ransomware continues to be one of the most dangerous threats in protecting technology and data. Because it continues to evolve in how it is used as a fund-raiser for criminal organizations and how the technology works, it keeps its victims guessing as to defense and eradication. This presentation will focus on the current threats and provide guidance on protecting against ransomware attacks.

OmniSOC was founded by five Big Ten Academic Alliance member schools to reduce the time from the first detection of a security threat to campus mitigation. Today, OmniSOC’s members include higher education institutions of all sizes, both public and private. OmniSOC regional R&E network members include I-Light and SoX, and OmniSOC also provides cybersecurity to the nation’s greatest research through its ResearchSOC service, the National Science Foundation (NSF) Security Operations Center. Major NSF clients include the National Radio Astronomy Observatory, GAGE/UNAVCO, and the Gemini Observatory.

OmniSOC operates as part of Indiana University in conjunction with the formidable experiences and capabilities of the Global Network Operations Center (GlobalNOC). It also makes use of threat intelligence insights from the Research and Education Networking Information Sharing and Analysis Center (REN-ISAC).

The Research & Education Networks Information Sharing & Analysis Center (REN-ISAC), founded in 2003, is a higher education and research network cyber-threat information-sharing alliance. The REN-ISAC is composed of approximately 700 member institutions with over 3,000 member representatives. Our team of cybersecurity experts works in service to, and in coordination with, global research and education institutions, partners, and sponsors to provide timely cybersecurity news reports, alerts and advisories, and analysis of cybersecurity threats and mitigation solutions.

The REN-ISAC is one of a number of Information Sharing and Analysis Centers that serve critical infrastructure owners and operators to protect their facilities, staff, and others against cyber and physical security threats and other risks. ISACs gather, evaluate, and communicate actionable threat information to their members, as well as tools for risk mitigation and resiliency. ISACs have a broad reach across their sectors, disseminating essential information and maintaining sector-wide situational awareness.