Security Digest Vol. II (Summer 2016)
Welcome to Volume II (Summer 2016 Edition) of the Duquesne University Cyber-Security update. Here are some highlights and exciting initiatives that we wanted to bring to your attention:
The Rise of Ransomware
Recently there has been a rise in Ransomware cyber security attacks. In late March, the United States Computer Emergency Response Team (US-CERT) issued a warning related to new destructive ransomware variants which were targeting individuals, businesses, and universities.
According to US-CERT, Ransomware is a type of malware that infects computer systems, restricting users' access to the infected systems. Ransomware variants have been observed for several years and often attempt to extort money from victims by displaying an on-screen alert. Typically, these alerts state that the user's systems have been locked or that the user's files have been encrypted. Users are told that, unless a ransom is paid, access will not be restored. The ransom demanded from individuals varies greatly but is frequently $200-$400 dollars and must be paid in virtual currency, such as Bitcoin.
Ransomware is often spread through phishing emails that contain malicious attachments or through drive-by downloading. Drive-by downloading occurs when a user unknowingly visits an infected website and then malware is downloaded and installed without the user's knowledge. For Guidance on protecting yourself from Ransomware, please visit the Duquesne University CTS Safe Computing page at http://duq.edu/about/campus/computing-and-technology/safe-computing.
- Backup your data. For departments on campus, the EINSTEIN server is backed up daily and provides the appropriate means for storing your university data. For non-university data, there are a number of cloud backup providers on the market today. Internet2's Net+ program has validated CrashPlan as a solution which also has a personal option.
- Patch and update. Keep your operating system and software up-to-date with the latest patches. Vulnerable applications and operating systems are the target of most attacks. Ensuring these are patched with the latest updates greatly reduces the number of exploitable entry points available to an attacker.
- Protect and secure. Maintain up-to-date anti-virus software and scan all software downloaded from the internet prior to executing.
- Restrict administrator access to computers. In order to install malicious software, users require Administrator access. CTS can assist to evaluate the deployment of "Least Privilege" principle to all systems and services. Restricting these privileges may prevent malware from running or limit its capability to spread through the network.
- Avoid macros from email attachments. Avoid enabling macros from email attachments. If you open an attachment that appears suspicious or comes unsolicited or expected, it is possible that enabled macros in products such as Word and Excel can embed code that will execute the malware on the machine. If you are suspicious about an email attachment, contact the sender by phone to confirm that it is legitimate.
- Avoid unsolicited web links in emails. Phishing attempts often come from email that contains unsolicited Web links. If you don't know the individual and are not expecting the web link, avoid clicking on them. You can often hover over the web link to see the address and if it appears to go to an unfamiliar site, it is almost certainly a malicious site.
Wildfire Browser Alert! You are about to download a virus!
Spyware, malware, and viruses are one of the ways that cyber criminals are able to gain access to sensitive data on your computer. Cyber criminals create websites that download these malicious to your computer when you visit a website. To address this risk and protect our campus assets, CTS is going to be deploying a new layer to help protect you from downloading viruses and malicious software. This new layer of protection includes a next-generation security tool leveraging our firewall that will present a message the indicates that the file has been blocked. It will also provide the name of the file that was blocked.
Here is an example of what this page will look like: