Online Security Attacks on Campus
The bad guys never sleep. They’re creative and clever. Cybersecurity, be it physical or digital, is a continual challenge to keep up with the bad guys. Over the past year, the University has been the victim of several attacks and this article will describe them so that we can learn from the events. These particular events involve network-based attacks, phishing campaigns, account compromise and the loss of computer equipment.
A Hostile Internet
Unfortunately, the Internet can be a hostile environment. Computers are good at repetition, and this allows bad actors to automate attacks on their victims. These attacks include trying to break into accounts and scanning to find vulnerabilities and other weaknesses to exploit. The front line of defence for campus against these robotic attacks is a firewall. A firewall allows desired connections and drops undesired or suspect traffic.
Our firewalls drop over 96% of connections from the Internet as being invalid or prohibited connection attempts.
Phishing is a very common means of attack by thieves. The University is a target, just as is any organisation. Recently, phishers have directed three specific campaigns at the University.
The Gift Card scam
In this scam, the attacker sends a fake message to the victim that looks like it comes from their boss. In the email, the victim is asked to buy some gift cards and reply to the email with the activation codes. The email is written so that it looks like the victim’s boss in in a hurry and doesn’t have time to get the cards themselves. Once the codes have been sent, the attacker then uses the codes and drains the cards of money.
This is also a form of spoofing attack, where someone creates an email designed to look like it comes from someone else.
A Scareware attack
In this scam, the attacker will send an email claiming that they have gained access to your computer and have observed you surfing porn. They threaten to expose you unless you pay them, typically using a digital cryptocurrency like Bitcoin. They will often include “proof” of their access by including an old username and password of yours that they found on the Internet.
These messages are fakes, they do not have access to your computer. They simply aim to scare you into paying the money, just-in-case.
The Job Alert Scam
Another recent phishing campaign is the JOB ALERT scam. This is an information-gathering scam, where the sender hopes that you will provide useful information, such as your full name, location and cellphone number.
You may have also heard of ransomware. This is a situation where someone has managed to install malicious software on your computer that prevents access to the data on the hard drive and network shares. Once they’ve locked you out of the files, they display a notice on the screen asking for a cash payment in order to give you the key to access the files.
This is a form of malware, software or applications installed on your device that do things that are undesired or that they are not supposed to do. A common example of this is malware that generates pop-ups.
Thieves are not just looking for money. They’re also interested in access to computer accounts.
Another common security threat on campus is account compromise. An account compromise occurs when an attacker learns the username and password and gains access to an account. Once they can log in, they can abuse the account to send spam, conduct a phishing campaign or try to access resources and steal confidential data.
One use of a compromised University account is the Direct-Deposit Redirection fraud. When an attacker gains access to an account, they send a message to Payroll asking to update the bank information for direct-deposit of the account owner’s paycheque. Then they setup mail rules to hide all messages related to Payroll or banking so that the user remains unaware of the change.
Over the past year, the University has suffered XXX compromised staff accounts, and have learned about YYY uwindsor.ca account credentials released on the Internet.
Loss of computer equipment
Another type of cybersecurity incident is the loss of equipment. This could be a lost or forgotten device, like a phone, tablet or USB key. It could also be theft, where someone breaks in and steals computers, laptops or external hard drives.
While there is a cost to replace the lost equipment, the real risk to the University is the data and information that may be stored on those devices. It could be confidential University documents, private personal information, intellectual property or research data. If personal information is exposed, the University need to report the breach to the Privacy Commissioner of Ontario. This could lead to consequences for the University, such as fines or public notification, which would damage the University’s reputation.
Information, especially personal information, is very valuable. Thieves will steal computer equipment (laptops, phones, tablets, USB keys) not just for their resale value, but also for the information they may contain. The Facebook scandal with Cambridge Analytica last year has shown the world how information is extremely desirable and the fencers of stolen goods in today’s criminal underworld also know how to extract and sell data found on computers.
What do we have to do?
Users of computer equipment need to be aware that there is a mature, organised industry behind cyberthreats and that the University is always a target. Pay attention, be wary when something appears unusual, and double-check and report anything abnormal. Each person’s vigilance makes us all safer. If an attacker has stolen your device, there are steps you can take beforehand to mitigate stealing of data despite the theft of physical property. Using Trusted Platform Module (TPM) technology on smart devices, tablets, laptops and computers ensures those who are validated have access to the device and gives IT staff an extra measure to aid in security. Another measure is Bitlocker, which encrypts the drive volume and can be used with or without TPM. Bitlocker is available on Microsoft Windows and to some extent MacOS. Working in conjunction with IT Services is your best assurance for data safety and shared responsibility of campus protection from cybersecurity threats.