Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
DoJ Indicts 9 Iranians for Hacking into Hundreds of Universities, FERC, Dept. of Labor, Others
Oldest First  |  Newest First  |  Threaded View
Page 1 / 2   >   >>
enhayden1321
50%
50%
enhayden1321,
User Rank: Author
3/25/2018 | 7:27:11 PM
Universities Have More Intellectual Property than Industry
Excellent article, Kelly!

Many people hear about intellectual property theft and assume it is an attack on a company/industrial giant, etc.  However, as your article shows, the attackers are going after the leading-bleeding edge research at universities.

This is particularly troublesome since many universities do not make cybersecurity a top issue in order to maintain an "open" environment.  Also, much of the research at universities -- especially in such Advanced Physics Labs, etc. -- are funded by the US Government.  Hence, even more of a target for the attackers and nation states.

Again, a useful article and I hope this helps universities boost their cybersecurity programs and practices.

Ernie Hayden
Kelly Jackson Higgins
50%
50%
Kelly Jackson Higgins,
User Rank: Strategist
3/26/2018 | 10:00:33 AM
Re: Universities Have More Intellectual Property than Industry
Thank you for sharing your insight, Ernie. I agree. Universities have valuable IP that foreign adversaries would benefit from obtaining. There are so many moving parts in academia, so "locking down" that traditionally and culturally open environment is a huge challenge for these institutions. This Iranian nation-state group isn't the first and only to go after universities, so this is only the tip of the iceberg.
ANON1253650992530
50%
50%
ANON1253650992530,
User Rank: Apprentice
3/26/2018 | 11:19:17 AM
Re: Universities Have More Intellectual Property than Industry
Not sure that I completely agree with the statement that many universities do not make cybers3ecurity a top issue in order to maintain an open environment. As a Asssociate Director responsible for securrity infrastructure I acan attest that significant effort and money is expended attempting to protect our environment.

The challenge to a large degree is how sharp the spear phishing point is... Despite considerable effort to educate our community of 50,000+ users. We conssitently discover compromised accounts daily. Our PaloAlto firewalls are constantly pummeled with probes that are filtered into the bit-bucket. Devices that include large capital and operating expense. This just represents one line of defence, what is the acceptible economic balance as far as $ spent to protect the campus vs $ spent towards pedagogy?

Security to a large degree is inversely porportional to ease of use. Unfortunately in very large organizations with decentralized governance implementing change that improves security but reduces the perception of "easy to use" is difficult.

Technologies such as multi-factor authentication present defensive strategies as far as phishing is concerned. Scale of roll out (50,000+ users), cost, and resistance to change (user complexity) all present difficult challeges.

 

 
ANON1253650992530
100%
0%
ANON1253650992530,
User Rank: Apprentice
3/26/2018 | 11:20:01 AM
Re: Universities Have More Intellectual Property than Industry
Not sure that I completely agree with the statement that many universities do not make cybers3ecurity a top issue in order to maintain an open environment. As a Asssociate Director responsible for securrity infrastructure I acan attest that significant effort and money is expended attempting to protect our environment.

The challenge to a large degree is how sharp the spear phishing point is... Despite considerable effort to educate our community of 50,000+ users. We conssitently discover compromised accounts daily. Our PaloAlto firewalls are constantly pummeled with probes that are filtered into the bit-bucket. Devices that include large capital and operating expense. This just represents one line of defence, what is the acceptible economic balance as far as $ spent to protect the campus vs $ spent towards pedagogy?

Security to a large degree is inversely porportional to ease of use. Unfortunately in very large organizations with decentralized governance implementing change that improves security but reduces the perception of "easy to use" is difficult.

Technologies such as multi-factor authentication present defensive strategies as far as phishing is concerned. Scale of roll out (50,000+ users), cost, and resistance to change (user complexity) all present difficult challeges.

 

 
ANON1253650992530
50%
50%
ANON1253650992530,
User Rank: Apprentice
3/26/2018 | 11:21:20 AM
Re: Universities Have More Intellectual Property than Industry
Not sure that I completely agree with the statement that many universities do not make cybers3ecurity a top issue in order to maintain an open environment. As a Asssociate Director responsible for securrity infrastructure I acan attest that significant effort and money is expended attempting to protect our environment.

The challenge to a large degree is how sharp the spear phishing point is... Despite considerable effort to educate our community of 50,000+ users. We conssitently discover compromised accounts daily. Our PaloAlto firewalls are constantly pummeled with probes that are filtered into the bit-bucket. Devices that include large capital and operating expense. This just represents one line of defence, what is the acceptible economic balance as far as $ spent to protect the campus vs $ spent towards pedagogy?

Security to a large degree is inversely porportional to ease of use. Unfortunately in very large organizations with decentralized governance implementing change that improves security but reduces the perception of "easy to use" is difficult.

Technologies such as multi-factor authentication present defensive strategies as far as phishing is concerned. Scale of roll out (50,000+ users), cost, and resistance to change (user complexity) all present difficult challeges.

Ed Gibson
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
3/27/2018 | 8:01:34 PM
31 terabytes
31 terabytes is huge number or research papers, most of those researches would be public at one point I would assume anyway.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
3/27/2018 | 8:03:53 PM
Re: Universities Have More Intellectual Property than Industry
the attackers are going after the leading-bleeding edge research at universities. That is really interesting for me too. They were after knowledge obviously.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
3/27/2018 | 8:05:20 PM
Re: Universities Have More Intellectual Property than Industry
This is particularly troublesome since many universities do not make cybersecurity a top issue in order to maintain an "open" environment That might be because university are open system in general, they want to release research results to get credit.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
3/27/2018 | 8:07:38 PM
Re: Universities Have More Intellectual Property than Industry
Universities have valuable IP that foreign adversaries would benefit from obtaining. That is true, everybody is after new knowledge wherever it is obviously.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
3/27/2018 | 8:10:03 PM
Re: Universities Have More Intellectual Property than Industry
There are so many moving parts in academia, so "locking down" that traditionally and culturally open environment is a huge challenge for these institutions. I agree, university would like to keep systems open to public to spread the knowledge.
Page 1 / 2   >   >>


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Enterprise Cybersecurity Plans in a Post-Pandemic World
Download the Enterprise Cybersecurity Plans in a Post-Pandemic World report to understand how security leaders are maintaining pace with pandemic-related challenges, and where there is room for improvement.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-23478
PUBLISHED: 2021-09-22
Leo Editor v6.2.1 was discovered to contain a regular expression denial of service (ReDoS) vulnerability in the component plugins/importers/dart.py.
CVE-2020-23481
PUBLISHED: 2021-09-22
CMS Made Simple 2.2.14 was discovered to contain a cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Field Definition text field.
CVE-2020-23469
PUBLISHED: 2021-09-22
gmate v0.12+bionic contains a regular expression denial of service (ReDoS) vulnerability in the gedit3 plugin.
CVE-2021-21991
PUBLISHED: 2021-09-22
The vCenter Server contains a local privilege escalation vulnerability due to the way it handles session tokens. A malicious actor with non-administrative user access on vCenter Server host may exploit this issue to escalate privileges to Administrator on the vSphere Client (HTML5) or vCenter Server...
CVE-2021-21992
PUBLISHED: 2021-09-22
The vCenter Server contains a denial-of-service vulnerability due to improper XML entity parsing. A malicious actor with non-administrative user access to the vCenter Server vSphere Client (HTML5) or vCenter Server vSphere Web Client (FLEX/Flash) may exploit this issue to create a denial-of-service ...