R-CISC BLOG

The Retail ISAC (R-CISC) Presents our Holiday Guidance Series for Retailers

The Retail ISAC (R-CISC) is pleased to invite all eligible retailers to join in our upcoming Holiday Guidance webinar series designed to arm information security professionals from retail, restaurants, hotels, hospitality, and our partner sectors with actionable insight, strategies, and peer discussion opportunities throughout this most busy time of year! Interested individuals can email events@r-cisc.org for registration details and join prepared to engage and share during these lively, interactive sessions. For more information on the R-CISC email membership@r-cisc.org.

As many of you are aware, on October 21, 2016, a series of distributed denial-of-service (DDoS) attacks against Dyn DNS impacted the availability of a number of sites concentrated in the Northeast US and, later, other areas of the country. Impacted sites included: PayPal, Twitter, Reddit, GitHub, Amazon, Netflix, Spotify, and RuneScape. While the attacks were still ongoing, Flashpoint was able to confirm that at least one portion of the attack was initiated by a Mirai Command and Control server. R-CISC Core/Core+ members and eligable, non-member retailers are invited to join on Wednesday, November 2 from 11-12p pacific/2-3p eastern for An After-Action Analysis of the Mirai Botnet Attacks on Dyn. During this session, Allison Nixon, Director of Research, and Zach Wikholm, Research Developer at Flashpoint, will discuss the anatomy and implications of the attacks. This session is classified TLP:Green and is open to Core/Core+ members and eligible non-member retailers, only. 

Next up, the R-CISC will host a Q3 Threat Briefing on Thursday, November 3 from 10-11a pacific/1-2p eastern to evaluate the retail cybersecurity threat landscape and preparations for the coming holiday season. This interactive session is led by Executive Director, Brian Engle and Research Director, Wendy Nather and includes an overview of Q3 observed threats as well as analysis of observed significant events, current threat trends, and anticipated threats as we approach the upcoming holiday season. The briefing is designed to be interactive, and participants are encouraged to join prepared to share and contribute to the session as we together anticipate the threats that may be in store, along with the priorities for preparing to defend against them in advance of the holiday season. This session is classified TLP:Green and is open to Core/Core+ members and eligible non-member retailers, only. 

The R-CISC is proud to support the information security community in these important conversations and to serve as the conduit for collaboration, information sharing and cooperation among retailers worldwide. We are stronger together.

*The R-CISC leverages the The US-CERT Traffic Light Protocol (TLP)  to specify how and where contributed threat intelligence may be shared. TLP Green indicates that the information  may be passed around a general community, but should not be shared in public. For example, a notification about a phishing campaign affecting everyone who uses a particular POS system could be shared even outside the R-CISC with other retailers, but should not be discussed on Twitter or Facebook where adversaries could see it; nor should it be shared with the media.