Last Friday, May 12, the WannaCry ransomware started making its way around the internet, infecting tens of thousands of computers by exploiting a vulnerability in Windows that was patched in March (MS17-010). Several large victims made the news, such as UK’s National Health Service (NHS). The exploit, ETERNALBLUE, was developed by the NSA, but was part of the leak done a few weeks ago by the Shadow Brokers hacking group.
The WannaCry ransomware will encrypt files and demand about $300 to start, increasing to $600 in 3 days. It will also install a backdoor, DoublePulsar, another NSA leaked tool. Since these tools are now publicly available, both the good and bad guys have access to them, which means we will see more attacks in the future.
Your best defense in this case is to ensure your system is patched with all critical and recommended Windows updates. Symantec Endpoint Protection was able to detect the WannaCry infection prior to it being released, however it would have had a different name and you also had to be running Network Threat Protection. The latest versions have this feature enabled, so running the latest version is always the best course of action. (available from the website for staff and students)
Tax Identity Theft Awareness Week
What is Tax Identity Theft?
Do you know the warning signs that an identity thief is using your Social Security number?
What can you do if you’re a victim of Tax Identity Theft?
Get the federal government’s one-stop resource to help you report and recover from identity theft. Get step-by-step advice, sample letters, and other helpful resources. Recovering from identity theft is easier with a plan and identitytheft.gov can help you.
January 28th is Data Privacy Day
October: Security is Everyone’s Responsibility
[October 11, 2016]
October is National Cyber Awareness Month (NCSAM), a time to remind users to exercise safe online behavior and to provide tips on how to do so.
The increase of mobile device usage in our daily lives, from smartphones and tablets to iPads and wearables, allowing 24/7 access to our personal data, increases our security risks. Now more than ever, we must exercise caution and learn how to protect ourselves and our information.
Visit the Information Security Awareness site for lots of security tips, guides, and resources to protect yourself.
Some quick links to get you started:
- General Information Security
- Mobile Security
- Google Email Security
- Browser updates
- Encrypting files
Be safe online!
Ransomware on the Rise
[July 21, 2016]
Ransomware is a serious threat to the integrity of our organization’s data and targeted attacks have increased 300% since 2015. (source: FBI)
Ransomware is a PC or Mac-based malicious piece of software cyber actors use to deny access to systems or data until the ransom is paid. After the initial infection, the ransomware attempts to spread to shared storage drives and other accessible systems. If the demands are not met, the system or encrypted data remains unavailable, or data may be deleted.
Ransomware infects PC or Mac systems through phishing emails, unpatched programs, compromised websites, online advertising and free software downloads.
Ransomware uses RSA 2048 encryption, which would take an average desktop computer 5.4 quadrillion years to crack. (source: Ransomware Hostage Rescue Manual, Adam Alessandrini.)
Ransomware demands payment in the form of bitcoins (BTC), which are an anonymous form of payment exchange and are untraceable. Bitcoins are used for legitimate purposes, however they have also made an increase in ransomware payment possible. There is no guarantee that you will be able to decrypt your files after you pay and there have been cases where payment was given and no key to decrypt the data was received.
- You cannot open your files and the files have an abnormal extension (ie: locky).
- You receive an alarming message with instruction on how to pay to unlock your files.
- The ransomware program threatens you with a countdown until the ransom increases or you will not be able to decrypt your files.
- The ransomware program window cannot be closed.
- You have files named ‘HOW TO DECRYPT FILES.TXT or DECRYPT_INSTRUCTIONS.HTML’.
Disconnect everything (turn off wifi, bluetooth, unplug from the network)
Determine scope of infection (check USB storage devices, mapped network drives, cloud based storage)
- Determine ransomware strain
- Remove ransomware from your infected system
Restore from a recent backup
Try to decrypt your files using a 3rd party decryptor (very unlikely you will succeed)
Do nothing (lose access to your data)
Pay the ransom (no guarantee you will be able to decrypt your data)
- Protect your self in the future
How to protect yourself
- Use anti-virus/malware software
- Keep all your software patched, including third party plug-ins used for websites
- Enable your system’s firewall
- Do not download free or un-signed (untrusted) software
- Do not open attachments or visit links in emails unless you explicitly requested them; visit the website yourself
- Do not respond to phishing emails, which pretend to be legitimate sources and will either send you to another website to gather your information or infect your system
- Backup your data often so you can recover your files
Other Information on Ransomware:
- US-CERT Alert: Ransomware and Recent Variants (https://www.us-cert.gov/ncas/alerts/TA16-091A)
- CSO Online: How to Prepare for and Prevent Ransomware Attacks (http://www.csoonline.com/article/3088066/backup-recovery/how-to-prepare-for-and-prevent-ransomware-attacks.html)
- Ransomware Hostage Rescue Manual (http://resources.idgenterprise.com/original/AST-0148364_Ransomware-Hostage-Rescue-Manual.pdf)
- CSO Online: Tricks that Ransomware Uses to Fool You
- University pays $16,000 to recover crucial data held hostage (http://arstechnica.com/security/2016/06/university-pays-almost-16000-to-recover-crucial-data-held-hostage/)
L&C Information Security Awareness:
Bank of America Alert: Increase in Payment Fraud
[July 21, 2016]
Payment fraud results in illegal activity that takes place when fraudulent transactions are performed under a payment card or account and occurs as a result of account takeover.
Your account may get compromised through targeted phishing emails, ones that look very convincing such as another bank or an executive you know, but instead direct you to a malicious website that steals your account credentials or contains attachments that when opened will infect your computer.
How to Stay Safe:
- Be wary of any urgent or confidential requests. If something looks fishy to you, it probably is.
- Validate by phone any beneficiary or address changes from vendors.
- Alert your back so proper action is taken to stop the transaction or prevent more from occurring, such as wire transfers.
L&C Information Security Awareness:
Critical Patches for Symantec Endpoint Protection
[July 14, 2016]
Symantec released updates for multiple critical vulnerabilities in their Endpoint Protection product affecting both Mac and Windows versions.
IT applied the updates to all managed systems.
Ensure your Symantec Product is up to date!
Get the latest Symantec Endpoint now!
Reminder: Anti-virus software is required in order to access the LC network from dorms, wireless, and other public locations.
Increase in Phishing Emails
[March 7, 2016]
Recently our campus has seen some phishing emails, messages designed to trick you into giving up sensitive information (ie: login and password) by looking like legitimate messages from known sources (ie: L&C College).
Please remember to always exercise caution when receiving such messages. Even if you think it is legitimate, try to go to the page of the service directly instead of clicking on the link provided to you in the email message.
Furthermore, the IRS has seen a significant increase (~400%) in phishing and malware incidents this tax season, including a sophisticated message involving W-2s. The IRS, state tax agencies and the tax industry have now engaged in a public awareness campaign: Taxes. Security. Together.
IRS Security Awareness:
Lewis & Clark Information Security Awareness:
President Signs Cybersecurity Executive Orders
[February 22, 2016]
by Jennifer Ortega
(February 19, 2016) On February 9, 2016, President Obama signed two executive orders intended to strengthen the government’s cybersecurity defenses and protect citizens’ personal information held by government entities.
The Executive Orders created two new entities, a Commission on Enhancing National Cybersecurity and a Federal Privacy Council. The Commission will bring together leaders from the business, technology, national security, and law enforcement communities. They will be responsible for making “recommendations to strengthen cybersecurity in both the public and private sectors while protecting privacy, ensuring public safety and economic and national security, fostering discovery and development of new technical solutions, and bolstering partnerships between Federal, State, and local government and the private sector in the development, promotion, and use of cybersecurity technologies, policies, and best practices.”
The recommendations are intended to address policies that can be implemented within the next decade. A final report is due to the president by December 1, 2016.
The Federal Privacy Council will be composed of chief privacy officers from 25 federal agencies. The Council will serve as a vehicle for federal CPOs to collaborate on best practices for protecting the data about citizens that the federal government collects and maintains.
The two Orders were released along side the administration’s proposed Fiscal Year 2017 budget. This year the administration included $19 billion for information technology upgrades and other cyber initiatives — a 35% increase from 2016 spending levels.
The President also intends to create a new Chief Information Security Officer position for the federal government. This individual will oversee government-wide efforts to modernize cybersecurity and related information technology.