Monthly Archives: February 2022

Top 5 Tax Scams Targeted to Taxpayers

As people across the nation prepare to file their 2021 tax returns, cybercriminals are taking advantage by delivering new scams designed to steal personal information and money from unsuspecting victims. Internal Revenue Service (IRS) scams happens when someone who pretends to work for the IRS contacts you by phone, email, postal mail, or a text message. Thousands of people have lost millions of dollars as well as their personal; information to tax scams, and it’s safe to assume that attackers will continue targeting individuals and businesses this year. Consider the following common scams and best practices to help protect yourself from falling victim to a tax-related scam this year.

Top 5 Tax Scams to Be Aware Of

1. SSN Scams


Taxpayers should be careful of new variations of tax-related scams. In the latest twist on a scam related to Social Security numbers, scammers claim to be able to suspend or cancel the victim’s SSN. Scammers may mention overdue taxes in addition to threatening to cancel the person’s SSN. If taxpayers receive a call threatening to suspend their SSN for an unpaid tax bill, they should just hang up.

Taxpayers should not give out sensitive information over the phone unless they are positive that the caller is legitimate. When in doubt –hang up. Here are some telltale signs of this scam. The IRS and its authorized private collection agencies will never:

  • Call to demand immediate payment using a specific payment method such as a prepaid debit card, iTunes gift card or wire transfer. The IRS does not use these methods for tax payments.
  • Ask a taxpayer to make a payment to a person or organization other than the U.S. Treasury.
  • Threaten to immediately bring in local police or other law-enforcement groups to have the taxpayer arrested for not paying.
  • Demand taxes be paid without giving the taxpayer the opportunity to question or appeal the amount owed.

Taxpayers who don’t owe taxes and have no reason to think they do should:

Taxpayers who owe tax or think they do should:

  • View tax account information online at IRS.gov to see the actual amount owed and review their payment options.
  • Call the number on the billing notice
  • Call the IRS at 800-829-1040.

2. Phone Scams

With the new tax season starting, the IRS reminds taxpayers to be aware that criminals continue to make aggressive calls posing as IRS agents in hopes of stealing taxpayer money or personal information.

Here are some telltale signs of a tax scam along with actions taxpayers can take if they receive a scam call.

The IRS will never:

  • Call to demand immediate payment using a specific payment method such as a prepaid debit card, gift card or wire transfer. Generally, the IRS will first mail a bill to any taxpayer who owes taxes.
  • Threaten to immediately bring in local police or other law enforcement groups to have the taxpayer arrested for not paying.
  • Demand that taxes be paid without giving taxpayers the opportunity to question or appeal the amount owed.
  • Call unexpectedly about a tax refund.

Taxpayers who receive these phone calls should:

  • Record the number and then hang up the phone immediately.
  • Report the call to the Treasury Inspector General for Tax Administration (TIGTA) using their IRS Impersonation Scam Reporting form or by calling 800-366-4484.
  • Report the number to phishing@irs.gov and be sure to put “IRS Phone Scam” in the subject line.

3. University students and staff of impersonation email scams


The IRS warned of an ongoing IRS-impersonation scam that appears to primarily target educational institutions, including students and staff who have “.edu” email addresses. The IRS has received complaints about the impersonation scam in recent weeks from people with email addresses ending in “.edu.” The phishing emails appear to target university and college students from both public and private, profit and non-profit institutions.

The suspect emails display the IRS logo and use various subject lines such as “Tax Refund Payment” or “Recalculation of your tax refund payment.” It asks people to click a link and submit a form to claim their refund.

The phishing website requests taxpayers provide their:

  • Social Security number
  • Name
  • Date of Birth
  • Prior Year Annual Gross Income (AGI)
  • Driver’s License Number
  • Electronic Filing PIN
  • And other personally identifiable information

People who receive this scam email should not click on the link in the email, but they can report it to the IRS. For security reasons, save the email using “save as” and then send that attachment to phishing@irs.gov or forward the email as an attachment to phishing@irs.gov.

Taxpayers who believe they may have provided identity thieves with this information should consider immediately obtaining an Identity Protection PIN. An IP PIN is a six-digit number that helps prevent identity thieves from filing fraudulent tax returns in the victim’s name.

Taxpayers who attempt to e-file their tax return and find it rejected because a return with their SSN already has been filed should file a Form 14039, Identity Theft Affidavit PDF, to report themselves as a possible identity theft victim. See Identity Theft Central to learn about the signs of identity theft and actions to take.

4. Tax return preparer


As people begin to file their 2021 tax returns, taxpayers are reminded to avoid unethical ghost tax return preparers.

A ghost preparer is someone who doesn’t sign tax returns they prepare. Unscrupulous ghost preparers often print the return and have the taxpayer to sign and mail it to the IRS. For e-filed returns, the ghost will prepare but refuse to digitally sign as the paid preparer.

Ghost tax return preparers may also:

  • Require payment in cash only and not provide a receipt.
  • Invent income to qualify their clients for tax credits.
  • Claim fake deductions to boost the size of the refund.
  • Direct refunds into their bank account, not the taxpayer’s account.

By law, anyone who is paid to prepare or assists in preparing federal tax returns must have a valid Preparer Tax Identification Number (PTIN). Paid preparers must sign and include their PTIN on the return. Not signing a return is a red flag that the paid preparer may be looking to make a quick profit by promising a big refund or charging fees based on the size of the refund.

It’s important for taxpayers to choose their tax return preparer wisely. The Choosing a Tax Professional page on IRS.gov has information about tax preparer credentials and qualifications. The IRS Directory of Federal Tax Return Preparers with Credentials and Select Qualifications can help identify many preparers by type of credential or qualification.

No matter who prepares their return, taxpayers should review it carefully and ask questions about anything that’s not clear before signing. They should verify their routing and bank account number on the completed tax return for any direct deposit refund. Taxpayers should watch out for ghost preparers putting their bank account information on the returns.

Taxpayers can report preparer misconduct to using IRS Form 14157, Complaint: Tax Return Preparer PDF. If a taxpayer suspects a preparer filed or changed their tax return without their consent, they should file Form 14157-A, Tax Return Preparer Fraud or Misconduct Affidavit PDF.

5. “Tax Transcript” email scam


The Internal Revenue Service and Security Summit partners recently warned the public of a surge of fraudulent emails impersonating the IRS and using tax transcripts as bait to entice users to open documents containing malicious software, also known as malware.

The scam is especially problematic for businesses whose employees might open the malware because it can spread throughout the network and take months to remove.

This well-known malware, known as Emotet, generally poses as specific banks and financial institutions to trick people into opening infected documents. However, in the past few weeks, the scam masqueraded as the IRS, pretending to be from “IRS Online.” The scam email carries an attachment labeled “Tax Account Transcript” or something similar, and the subject line uses some variation of the phrase “tax transcript.”

The IRS reminds taxpayers it does not send unsolicited emails to the public, nor would it email a sensitive document such as a tax transcript, which is a summary of a tax return. The IRS urges taxpayers not to open the email or the attachment. If using a personal computer, delete or forward the scam email to phishing@irs.gov. If you see these while using an employer’s computer, notify the company’s technology professionals.

The United States Computer Emergency Readiness Team (US-CERT) issued a warning in July about earlier versions of the Emotet in Alert (TA18-201A) Emotet Malware.

US-CERT has labeled the Emotet Malware “among the most costly and destructive malware affecting state, local, tribal, and territorial (SLTT) governments, and the private and public sectors.”

Source: Tax Scams / Consumer Alerts | Internal Revenue Service

2022-02-28T18:01:28-05:00February 28, 2022|
Read More

CISA Urges Proactive Steps to Protect Critical Infrastructure

CISA has released CISA Insights: Preparing for and Mitigating Foreign Influence Operations Targeting Critical Infrastructure, which provides proactive steps organizations can take to assess and mitigate risks from information manipulation. Malicious actors may use tactics—such as misinformation, disinformation, and malinformation—to shape public opinion, undermine trust, and amplify division, which can lead to impacts to critical functions and services across multiple sectors.

Current social factors—including heightened polarization and the ongoing global pandemic—increase the risk and potency of influence operations to U.S. critical infrastructure. CISA encourages leaders at all organizations to review the CISA Insights and follow the guidance to assess risk and increase resilience.

Read the full story: https://www.cisa.gov/uscert/ncas/current-activity/2022/02/18/cisa-insights-foreign-influence-operations-targeting-critical

2022-02-26T15:54:29-05:00February 26, 2022|
Read More

Remain Vigilant as Cyber Threats Intensify

Photo of Mike MicConnell

A message from Cyber Florida Executive Director and former Director of U.S. National Intelligence Mike McConnell:

Fellow citizens: As we watch historic events unfold in Ukraine, I am reminded of Russia’s illegal actions as far back as 2017, when their cyberattack on Ukraine triggered some ‘spillover’ disruptions in cyberspace. While there may be some spillover effects in this instance, our very best assessment is that they will be limited to Ukraine and its immediate environs. Nevertheless, we must all remain vigilant during this time of heightened tension, ensuring that our personal and organizational devices and software are updated and patched, and that we’re all on the lookout for suspicious emails and other malicious attempts to exploit our Nation’s digital dependence. And in that regard, I can assure you that our military, government, and industry cybersecurity personnel are vigilant as always, poised to respond quickly and forcefully to any and all cyber incidents that may affect us. They are up to that task, and we should be thankful for them. In the meantime, our prayers and support are with the Ukrainian people.

2022-03-09T09:55:57-05:00February 26, 2022|
Read More

Ransomware Group Releases NFL Team’s Files

I. Targeted Entities

  • San Francisco 49ers

II. Introduction

Just before the Super Bowl kicked off, and two days after the FBI warned about the cybercriminals, BlackByte leaked what seems to be the 49ers’ team files.

III. Background Information

The 49ers were recently on the receiving end of a BlackByte ransomware attack that temporarily affected the team’s corporate IT network on Super Bowl Sunday.[2] BlackByte is a ransomware-as-a-service (RaaS) gang that leases its ransomware to affiliates who share the ransomware profits; they claimed responsibility for the attack by leaking files allegedly stolen in the assault. The 49ers confirmed the attack to Threatpost the following Monday.[2] The 49ers consulted with third-party cybersecurity firms for assistance and also notified law enforcement. As of Monday, the team was still investigating, but it appears as though the intrusion was limited to the 49ers’ corporate IT network and did not affect ticket systems or systems at the 49ers’ stadium, Levi Stadium.[2] According to Joseph Carson, chief security scientist and advisory CISO at Delinea, it is likely that an affiliate hacked the 49ers, as opposed to BlackByte, given that BlackByte is an RaaS.[2]

BlackByte recently posted some files that seem to have been stolen from the team on a dark website in a file called 2020 Invoices.[2] BlackByte has not made its ransom demands public, nor have they specified how much data they stole or encrypted. Joseph Carson says that the timing of this attack makes this a case of cybercriminals preying on a major event, where attackers can get unsuspecting victims “to click on links, download and execute malicious software or give over their credentials, thinking they are accessing legitimate internet services, resulting in cybercriminals gaining initial access to networks and services.”[2]

The attack comes two days after the FBI and Secret Service released a joint TLP: WHITE cybersecurity advisory saying that BlackByte ransomware had breached the networks of at least three organizations from U.S. critical infrastructure sectors (government facilities, financial, and food & agriculture) in the last three months.[2]

BlackByte was first seen in July 2021 when it started victimizing organizations by exploiting known Microsoft Exchange vulnerabilities to worm its way into environments.[2] BlackByte was successful for a time, scoring wins against manufacturing, healthcare, and construction industries in the U.S., Europe, and Australia, but BlackByte hit a wall when Trustwave released a free decryption tool that allowed BlackByte victims to free their files.[4] BlackByte’s auction site has been considered a house of mirrors because the site claims to contain exfiltrated data from victims, but the ransomware itself doesn’t have the ability to exfiltrate data. This is done, most likely, to scare their victims into obeying their demands.[2]

Erich Kron, security awareness advocate at KnowBe4, focused on the FBI warning about BlackByte’s success in penetrating the critical infrastructure sector, which has been “plagued” by ransomware attacks.[2] Kron says that the critical nature of the systems means that it is imperative that the systems come back online quickly, which increases the likelihood that the victim pays the ransomware. Kron also says that the critical nature of the infrastructure also increases law enforcement attention, but that law enforcement busts have a low success rate, meaning that the groups are willing to take that risk.[2] Kron blames limited budgets, aging equipment, and shortages in cybersecurity staff for making critical infrastructure and many government entities susceptible to ransomware attacks.[2]

IV. MITRE ATT&CK

  • T1590 – Gather Victim Network Information
    Attackers focus on gathering information using ransomware attacked to collect data of the users through network systems.
  • T1027 – Obfuscated Files or Information
    Attackers use tools that download files to systems using encryption keys and store data information through the network of the systems.
  • T1213 – Data From Information Repositories
    Ransomware attacks are used to collect a wide variety of information and data during exchanged between users.

V. Recommendations

  • Phishing Awareness Training
    Users should be informed and educated about new kinds of phishing scams currently being used and ones that have been used in the past. Awareness training should instruct users to avoid suspicious emails, links, websites, attachments, etc. Users should alsobe educated about new types of attacks and schemes to mitigate risk.
    Recommended link: https://www.us-cert.gov/ncas/tips/ST04-014
  • Set Antivirus Programs to Conduct Regular Scans
    Ensure that antivirus and antimalware programs are scanning assets using up-to-date signatures.
  • Malware Monitoring
    Continuously monitor current and new types of malware. Stay up to date on intel and advancements to prevent, defend, and mitigate these types of threats.
  • Strong Cyber Hygiene
    Enforce a strong password policy across all networks and subsystems. Remind users to be wary of any messages asking for immediate attention, links, downloads, etc. All sources should be verified.
    Recommended link: https://us-cert.cisa.gov/ncas/alerts/aa21-131a
  • Turn on Endpoint Protection
    Enable endpoint detection and response (EDR) to stop unknown malware in the product you’re using.

VI. Indicators of Compromise (IOCs)

The link below has been included to assist with the download of some identified IOCs related to this Threat Advisory report. Be on the lookout for these IOCs, as well as anything that looks similar.

https://usf.box.com/s/konq0383pcl8it2pjmfwbvke7bdj9nmb

VII. References

(1) FBI, Secret Service, ed. “Indicators of Compromise Associated with BlackByte Ransomware.” Internet Crime Compliant Center IC3, February 11, 2022. https://www.ic3.gov/Media/News/2022/220211.pdf.

(2) Vaas, Lisa. “BlackByte Tackles the SF 49ers & US Critical Infrastructure.” Threatpost English Global, February 14, 2022. https://threatpost.com/blackbyte-tackles-the-sf-49ers-us-critical-infrastructure/178416/.

Threat Advisory created by the Cyber Florida Security Operations Center.
Contributing Security Analysts: Dorian Pope, Ipsa Bhatt, Sreten Dedic, EJ Bulut, Uday Bilakhiya, Tural Hagverdiyev.

2022-02-24T19:21:01-05:00February 24, 2022|
Read More

Cryptography: a Cybersecurity Love Language


Join Operation K12 and guest speaker Mark Loepker from the National Cryptologic Museum to learn more about cryptography and apply your new knowledge through engaging activities!

2022-02-25T14:35:26-05:00February 24, 2022|
Read More

CyberWorks Applications are Now Open!

The application for the Summer 2022 New Skills for a New Fight Cohort is NOW OPEN!

This intensive 12-week program will prepare students to enter the cybersecurity workforce as Tier 1 Security Operation Center (SOC) Analysts. Priority consideration will be given to transitioning veterans and first-responders. Applications are due on March 22!

learn more
2022-03-02T13:50:13-05:00February 24, 2022|
Read More

Dr. Sasha Vanterpool on CyberWorks Workforce Development Program

Are you interested in joining the CyberWorks workforce development program but not sure where to begin? We spoke with Dr. Sasha Vanterpool, CyberWorks Program Planner Analyst, and asked her to break the program down for us.

To learn more about CyberWorks, click the link below!

LEARN MORE
2022-02-24T12:11:37-05:00February 24, 2022|
Read More

The Path to a Federal Cybersecurity Job


Cybersecurity students: are you interested in a federal cybersecurity career?

Join us on Tuesday, March 8 for the FREE Path to a Federal Cybersecurity Job webinar!

This webinar will discuss the pathway to beginning your career in the federal government and will feature representatives from the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and the U.S. Office of Personnel Management (OPM).

Please note: due to security protocols, this webinar will NOT be recorded or shared online. If you don’t want to miss out on the information shared during the presentation, please plan accordingly!

2022-03-10T13:49:57-05:00February 23, 2022|
Read More

Attackers Target Tax-Filing Service Users

I. Targeted Entities

  • Intuit users

II. Introduction

A phishing campaign is underway with cybercriminals impersonating the popular Intuit software during the tax season.

III. Background Information

Intuit is warning customers of a phishing campaign that threatens to restrict users from accessing their accounts unless they click on a malicious link. These attacks are quickly escalating, and attackers are employing stealthier methods in hopes of tricking users into installing malware or giving up personal data.

Intuit has posted a screenshot of a suspicious email that customers have reported receiving, which the company says, “did not come from Intuit”.[1]

The fake email, which appears to be sent from the Intuit Maintenance Team, informs recipients that their account has been “temporarily disabled due to inactivity” and that it is “compulsory” to restore access to the account within 24 hours.[2] The email claims to warn users of a “recent security upgrade on our server and database, to fight against vulnerability and account theft as we begin the new tax season.” The email directs users to a link (https://proconnect[dot]intuit.com/Pro/Update) and claims that clicking on the link will allow users to immediately regain access to their accounts.[2]

Erich Kron, security professional and awareness advocate at KnowBe4, says that he was not surprised to learn of such an engineered attack on Intuit and expects that more of these attacks will come as we progress through tax season.[2]

Phishers have been vigorously escalating attacks, using more creative ways to trick users into taking the bait and hide their malicious activity. Researchers have reported a flurry of phishing attacks using new tricks and tactics since the end of last year. In just the last week, security researchers have found two novel ways that phishers are targeting victims. In one, Proofpoint researchers saw adversaries using phishing kits that were focused on bypassing multi-factor authentication methods by stealing authentication tokens via man-in-the-middle attacks. The other phishing campaign saw attackers using an under-the-radar PowerPoint file to hide malicious executables that can rewrite Windows registry settings, with the end goal of taking over an end user’s computer. There have also been phishing attacks aimed at stealing credentials using a legitimate Google Drive collaboration feature as well as the “Comments” feature of a Google Doc to trick users into clicking malicious links.[1]

Phishing has been around a long time, and it is a threat vector that will never get old. Only one click is necessary to make a phishing campaign effective for the threat actor. It also remains dangerous because credential stealing from victims is often a gateway attack that provides criminals a way to further engage victims with more attacks, like defrauding people of money or ransomware attacks on corporate networks. It is also difficult for an organization to stop phishing attacks because they rely on human error rather than a compromise of an infrastructure that the organization controls.[1]

Intuit is not providing information about what happens if a user clicks on the link, but the company is warning customers that the link is likely malicious and to refrain from clicking on the link or any attachment sent with the email. If a customer has already clicked on the link, Intuit recommends they delete any resulting downloads immediately, scan their system with an updated antivirus program, and change their passwords.[1]

IV. MITRE ATT&CK

  • T1589 – Gather Victim Identity Information
    Attackers have developed a phishing method where users can be trapped by clicking website links. From those links, users’ private information can be collected
  • T1598 – Phishing for Information
    Users can be trapped into phishing by attackers who use special kits to gather information
  • T1014 – Rootkit
    Attackers have developed multiple kits for phishing purposes. These kits might gain access in user or kernel levels in operating systems, which can give the control of the levels to attackers.

V. Recommendations

  • Phishing Awareness Training
    Users should be informed and educated about new kinds of phishing scams currently being used and ones that have been used in the past. Awareness training should instruct users to avoid suspicious emails, links, websites, attachments, etc. Users should alsobe educated about new types of attacks and schemes to mitigate risk.
    Recommended link: https://www.us-cert.gov/ncas/tips/ST04-014
  • Set Antivirus Programs to Conduct Regular Scans
    Ensure that antivirus and antimalware programs are scanning assets using up-to-date signatures
  • Malware Monitoring
    Continuously monitor current and new types of malware. Stay up to date on intel and advancements to prevent, defend, and mitigate these types of threats.
  • Strong Cyber Hygiene
    Enforce a strong password policy across all networks and subsystems. Remind users to be wary of any messages asking for immediate attention, links, downloads, etc. All sources should be verified.
    Recommended link: https://us-cert.cisa.gov/ncas/alerts/aa21-131a
  • Turn on Endpoint Protection
    Enable endpoint detection and response (EDR) to stop unknown malware in the product you’re using.

VI. Indicators of Compromise (IOCs)

The link below has been included to assist with the download of some identified IOCs related to this Threat Advisory report. Be on the lookout for these IOCs, as well as anything that looks similar.

https://usf.box.com/s/1ep8nc69qn02neaurnll3vd2e2xr5ip1

VII. References

(1) Intuit, ed. “Security Notices.” Intuit Security Center, February 2, 2022. https://security.intuit.com/security-notices.

(2) Montalbano, Elizabeth. “Attackers Target Intuit Users by Threatening to Cancel Tax Accounts.” Threatpost English Global, February 4, 2022. https://threatpost.com/attackers-intuit-cancel-tax-accounts/178219/.

Threat Advisory created by the Cyber Florida Security Operations Center.
Contributing Security Analysts: Dorian Pope, Ipsa Bhatt, Sreten Dedic, EJ Bulut, Uday Bilakhiya, Tural Hagverdiyev.

2022-02-15T13:09:53-05:00February 15, 2022|
Read More

Partner Event: Hack the Port

The Hack the Port Academic Village will consist of onsite and virtual opportunities for participants to exercise their cyber defensive and offensive skills.  The goal is to elucidate the skills needed to understand how industrial control systems are used in a maritime context as part of the national critical infrastructure landscape, but also to inform and exercise the skills of participants using Internet of Things (IoT), information technology systems and software that also connect to industrial control systems.

The plan for the village includes a variety of cyber physical stations that can be used to test skills and understand up close how various industrial control systems and related technologies work.

The village will consist of a multi segmented network that will include various maritime operational technology assets and scenarios, as well as IT and IoT.

Who can participate in the academic village:

  • Students enrolled in a US Cyber Command academic engagement college or university.
  • Students enrolled in a Center of Academic Excellence in Cybersecurity Community college or university.
  • Students enrolled at a senior military college.
  • Students who attend other DoD or service academies
  • Students not part of any of the above programs can still participate and register a team if we have space onsite, and we can accommodate the virtual participants after we seat the participants from the above list.

Cyber Exercise Team structure, logistics and guidelines: 

Each college or university can field a team of 5 participants onsite and a team of 5 offsite participants. The off-site participants can act as open source intelligence gathering and support for the onsite teams but can also engage certain targets that are part of the exercise that are internet facing.

Each team will receive access to the cyber exercise playbook to be published to the event website.  Each team will be required to attend a virtual cyber exercise orientation session with MISI and its technical team prior to the date of the cyber exercise start, March 22-March 25, 2022.

The date and time of the virtual session will be announced to registered and approved teams via email.

All onsite teams must be at the Greater Fort Lauderdale / Broward County Convention Center, located at 1950 Eisenhower Blvd, Fort Lauderdale, FL 33316

Phone(954) 765-5900 no later than 12 noon, Monday, March 22, 2022.

The host hotel offering discounts for conference attendees is the: The Ft. Lauderdale Hilton Marina,  Address1881 SE 17th St, Fort Lauderdale, FL 33316

Phone(954) 463-4000

Registration links to the hotel discount site for the event are available at:  www.hacktheport.tech

Teams can arrive earlier Monday, March 21, 2022, to participate in conference lectures, training and networking events.  On Monday teams will pick up their team badges, and related conference materials.  At the convention center there will be a clearly marked area for all academic teams to verify their registration and get any new updates for the academic village.

Each team will receive a team badge granting access to the Academic Village.

Each team will be directed to their team area on the competition floor.

Each team will bring their own laptops and related equipment needed to participate in the cyber competition.

Cyber Exercise Phases: 

Phase I will require the college teams to compete and achieve the highest scores by successfully achieving the goals for each target in the exercise.

There will be three winning teams based on the team scores.  The teams will then pick members of their team’s that will become red team members for phase II of the exercise.

In phase II the selected red team members will be pitted against a blue team consisting of cyber professionals from the military, civilian agencies and industry.

The blue team may return offensive cyber-attacks against the red team members.

The phase II exercise will result in one winner based on their ability to successfully defend and defeat the red team or the red team’s ability to successfully attack and take down the maritime, industrial control, IT and IoT targets.

Virtual team participation logistics

MISI DreamPort will provide a VPN connection into the exercise for virtual team members provided to MISI DreamPort by Lumens.

Each college can field a virtual team of 5 remote participants.  The maximum virtual participants is 50 for the academic village. Essentially, we can support 10 teams of 5 each for a total of 50 remote participants.

When reviewing the playbook what we have learned from prior exercises is that the offsite team members can help accelerate target penetration by assisting with finding vulnerabilities, product manuals, in the wild exploits and other open source data. But as stated with the VPN connection the remote team can assist in the CTF.

Academic attendees not participating as an active member of a competing team

Attendees not members of the competition team on site can attend as spectators and participate in mini cyber subject matter expert boot camps, conference lectures and keynote addresses and other learning activities.  The same applies to non-participating members of college teams that are virtual.

Spectators must not cross into the designated areas of opposing teams and must remain in the spectator section.

Live Streaming and Play by Play 

The competition will be streamed online to registered attendees and conducted in a gaming style atmosphere with video cameras, sound and lighting and event narrators broadcasting the play-by-play aspects of the cyber exercise to spectators at the event and online.

Cyber Challenge Problem

Students not participating in the cyber exercise can field a team or participate as individuals in the Rossum’s Robot Signatureless ICS anomaly detection US Cyber Command Challenge. Details for the Rossum’s Robot challenge are on the event website at www.hacktheport.tech

2022-04-01T10:16:52-04:00February 14, 2022|
Read More

Hosted by the University of South Florida
4202 E. Fowler Avenue, ISA7020
Tampa, FL 33620
outreach@cyberflorida.org
813-974-2604

Office meetings by appointment only

CONTACT US

PRIVACY POLICY

Copyright 2024 The Florida Center for Cybersecurity. Information on this website is made available for general educational purposes only and should not be used in lieu of obtaining competent legal advice from a licensed attorney or cybersecurity professional with sufficient expertise necessary to address your specific needs. Use of this website does not create any special or fiduciary relationship between you and the Florida Center for Cybersecurity or the University of South Florida.