A Message Regarding Ransomware

Below is a message from Steven Frey, SHSU’s Information Security Officer. This is a good time to remind you to exercise good judgement when opening email or browsing the Internet. When in doubt of a message’s or site’s authenticity, please contact the Service Desk at (936) 294-1950 or by email at servicedesk@shsu.edu.

News headlines are referencing a global ransomware attack.  Ransomware is a type of malware that is usually delivered via an email attachment or link to a malicious website.  When this malware is unintentionally activated by a user, it begins to encrypt all the files that the user has access to and then informs the user that they have to pay a ransom in bitcoin (an online currency) to decrypt the files.  Until this is done, the only recourse the user has is to restore the files from a backup if there is one available, or if not, the user unfortunately pays the ransom.  Often times, even when the ransom is paid, the hacker does not decrypt the files.  This is why it is imperative that users backup their data, like IT@Sam does with the SHSU servers.  Previous ransomware attacks against the university that made it past security controls were thwarted by IT restoring files to a previous version, usually from the day before.

A key difference with these ransomware attacks (yes, there are multiple variants from different hacking groups) is that they are not just encrypting files that the user have access to, rather they are exploiting a vulnerability in Microsoft Windows to encrypt all files hosted on every server or workstation that is vulnerable.  Microsoft released a patch for this vulnerability in March 2017.  At that time, IT@Sam patched systems that were know to be vulnerable.

However, on April 14th, 2017, a group of hackers known as The Shadow Brokers released a set of hacking tools that were stolen from the NSA.  These hacking tools contained an exploit for the Microsoft vulnerability, meaning that with a push of a button, anyone could attack vulnerable servers and workstations, even if the user doesn’t have permissions to the files.  IT@Sam decided to take immediate action on all servers to ensure they would not be vulnerable.  This critical updated occurred during working hours and did disrupt a few services on campus last month, but they were quickly rectified.

These current ransomware attacks are using these hacking tools to encrypt all files they can where Microsoft has not been patched.  Many organizations have not yet applied patches and are being negatively impacted.  SHSU takes its security posture seriously, and makes it a point to be better safe than sorry.  IT Security has rescanned the entire campus network, and no servers are reporting as vulnerable to this attack. A handful of workstations are vulnerable and are under investigation.

It is important to practice caution when opening attachments in emails or clicking on links as these are the methods used to begin these attacks.  IT Security has taken the threat intelligence it has at this time to block known email subjects from entering SHSU’s email system and the campus Intrusion Prevention System (IPS) has rules in place to detect and block the malware that is currently known at this time.  However, these can change rather rapidly which is why the IPS system gets updates automatically from the vendor to stay up to date.  No security is 100%, but we will continue to monitor the situation as more information is released and take the appropriate actions to swiftly protect the students, faculty and staff of the SHSU community.

Steven Frey
Information Security Officer, IT Security

 

National Cyber Security Awareness Month Just Around the Corner!

More and more cybercrimes occur every day over the world. Unfortunately, many
people are still unaware of the dangers that lurk just around the mouse click.
It is for this reason that, over the past few years, Homeland Security has made
it a priority to bring cyber awareness to the masses. With the help of various
organizations they are able to reach a vast number of individuals. That is why
SHSU will participate in National Cyber Security Awareness Month with other
organizations across the country.  Read More.

Social Engineering Alert

At least one agency in the Texas State University System has been the target of two attempted social engineering events in the past few weeks. We want to make sure that you are careful with the information that you provide to those that contact your department.

Social engineering is a means of manipulating a person into releasing information or performing acts that will give another person access to secure information. A lot of times the person being manipulated may not realize what is happening until well after the information is given out.

For additional information on this topic including steps to help you avoid being a target, read the July 2012 Cyber Security Tip Newsletter published by the Texas Department of Information Resources. Additional information can also be found on the United States Computer Emergency Readiness Team site.

If you feel you have been the target of social engineering, please do not hesitate to contact IT@Sam to report the issue.

Stay Safe in a Dangerous Online World Part 2

Last month we talked about some ways that you can help mitigate the likelihood of getting a virus, downloading malware or falling prey to a phishing attempt. This month we will touch on a few ways you can protect yourself from a phishing attempt.

For a bit of background on “phishing,” see Wikipedia.

“Phishing is a way of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.”

E-mail and Phishing

E-mail is the main attack route for a phishing attempt, the goal of which is to steal your personal information. To help recognize a phishing attempt use these five guidelines.

  • A non-specific or generic greeting.Internet criminals don’t normally setup mailing lists with users names autoloaded in, so their email messages usually start with:
    • Dear Customer
    • Dear Account Holder
    • Dear PayPal user
  • Fake links. A link in an email can be made to say anything in the text. Place the mouse cursor over the link and Outlook will display the actual link destination. In my example I made a link that displays as the Home Depot website but in reality is a link to the SHSU Homepage.
  • Links to Non-secure login pages. All legitimate login pages will exist on a secure website. To see if the site you are on is secure look at the beginning of the address. Secure sites begin with “HTTPS:” not just “HTTP:”. The S at the end denotes that site as secure. If you are unsure about a page that claims to be secure you can click on the name of the company to the left of the URL address and see who has verified the website. For example SHSU’s SamWeb is located at HTTPS://SAMWEB.SHSU.EDU and we have been verified by GlobalSign as a secure site.
  • Asking for personal information. The entire point of the phishing attempt is get you to give up your personal information (Social Security Number, Credit Card Number, Bank Account, Residential Address, etc.) so that they can either steal your identity or sell your contact information to companies around the world. Every company that you do business with probably already has all of the information that they need from you. If you think it might be a legitimate request for information then look up that company’s contact information online (not from the e-mail they sent you) and call them to confirm.
  • Immediate Needs and Deadlines. Criminals don’t want to wait around for you to send them your vital information so they will put emergency notices and deadlines into their phishing attempts. They will frequently say that an account is going to expire within a few days if you don’t respond or that a service will be terminated and you will have to pay exorbinant reconnect fees. Don’t be fooled by this, take the time you need to verify that this is a real request before you give out any information, and whatever info you do give, do it over the phone and not via e-mail.

Cyber Security Awareness Month Poster Contest

October is Cyber Security Awareness month and IT@Sam is proud to announce that we are hosting a Cyber Security Poster Contest.

We are also issuing a call for judges. If you have experience dealing with cyber security issues, technology issues, or are just interested in becoming a judge please contact Lucrecia Chandler at UCS_LKN@shsu.edu

2011 Poster Contest Entry Requirements

Poster submissions should cover a cyber security problem and specific remedies or actions to combat that problem.

Contestants

  • This contest is open to all currently enrolled students at Sam Houston State University.
  • Students can submit more than one poster.
  • Students must be willing to make minor adjustments if necessary based on feedback from judging committee.

Poster Guidelines

  • Resolution must be sufficient to be printed at a max of 24”x36” without scaling (300dpi minimum).
  • Submissions must be in .jpg format.

Content

  • Content should be targeted for a large audience that will include fellow students along with faculty and staff.
  • Correct spelling, punctuation, and grammar must be used.
  • All content must be original and generic. No brands, vendors, etc.
  • A long shelf life is desirable.
  • Professional (or paid) assistance is not allowed.
  • Sponsorship is not allowed.
  • This contest is to showcase your work to the higher education community. We will license all entries under a Creative Commons Attribution-Non Commercial-Share Alike 3.0 Unported License (http://creativecommons.org/licenses/by-nc-sa/3.0/).
  • Submissions will be featured on the IT@Sam Service Desk Blog, Twitter feed, and Facebook pages along with various Cyber Security related presentations.

Prizes

There will be prizes for the top three posters and an Honorable mention for the fourth place winner. Please stay tuned for an update in a future IT@Sam Newsletter issue about the prizes.