Cryptolocker virus poses new threat

Posted: November 8, 2013 | Author: | Filed under: Employees, General news, Security, Students | Tags: , , , | Leave a comment

An especially nefarious computer virus is making the rounds, and faculty, staff and students at Eastern are being cautioned to take extra care before opening links in email messages from unknown senders in order to avoid downloading it.

The virus is a form of “ransomware” called Cryptolocker, and unlike other viruses that can be neutralized through the use of restorative software such as Malwarebytes, Cryptolocker cannot be fixed once it locks up someone’s computer – unless the victim is willing to literally pay a ransom to the hackers who deployed it.

Cryptolocker works by encrypting files within an infected computer’s hard drive with an indecipherable level of code that cannot be broken. This locks those files and renders them inaccessible while leaving the computer itself still functioning, said Information Technology Services Assistant Director of Information Security Mike Gioia. After doing so, the virus displays a message from the hackers demanding money, usually a few hundred dollars, within a three- or four-day period of time to have the encryption removed. If the money is not paid, the solution key is destroyed, permanently locking the files. Thus, the virus is referred to as “ransomware.”

At Eastern, one computer was infected with the Cryptolocker virus during Fall Semester. Because it could not be unlocked, its hard drive had to be removed and replaced, and all files on it were rendered inaccessible. “They lost everything,” said Gioia.

Gioia said the Cryptolocker infection usually is disguised as a PDF attachment in an email message that purports to be sent from Fedex or UPS tracking a package shipment. If the link is clicked, the virus downloads from an executable file hidden in the PDF.

“It’s worse than the average virus because your data is pretty much lost,” said Gioia. “You can usually run Malwarebytes to clean up other viruses, but because this is encrypted, it’s either pay the money or rewrite the hard drive.”

Indeed, some victims have paid the ransom and had their files unlocked. “But then you’re giving your credit card number to hackers,” said Gioia.

“The likelihood of recovering files after (an infection) are pretty slim, unless you have a backup of them prior to the encryption,” said ITS Associate Director of User Services Dave Emmerich.

There are few ways of preventing Cryptolocker infections, said Emmerich.

“The current recommendation among many IT pros for preventing it is to utilize a software restriction policy via group policy,” Emmerich wrote in a recent email to ITS staff warning about the virus. “We have been testing the policy in ITS with no noticeable impacts for the past few weeks. The intent was to test here … and implement campuswide. However, a recent computer infection on campus has put us in a position where it would be best if we apply the policy to campus. If an application is impacted, the user will receive a popup window stating ‘Your system administrator has blocked this program. For more information, contact your system administrator.’”

Gioia said files on personal computers should always be backed up to prevent them from being lost. And links and attachments in emails from unknown senders should never be opened.

But he cautioned that the Cryptolocker virus makes such precautions especially critical. “Back up your files and never open attachments from people you don’t know. This is basic security for email,” he said. “Know what you’re opening.”

Stay safe: Social networking do’s and don’ts

Posted: October 4, 2013 | Author: | Filed under: Employees, General news, Security, Students | Tags: , , | Leave a comment

Social networking.

Most people use applications such as Facebook and Twitter to communicate personal information about themselves with family and friends.

They may not realize that they also might be communicating personal information about themselves to criminals, identity thieves, online predators, scam artists – and even potential future employers.

And it might not be the kind of personal communication they want such recipients to know.

“The most important thing to remember is that what you post on the Internet stays on the Internet forever,” said Eastern Illinois University Assistant Director of Information Security Mike Gioia. “It could come back to bite you.”

Those who use social networking sites open themselves to a number of dangers if they reveal too much information. Among them:

– Viruses and malware: Cyber criminals use social networking sites to distribute computer viruses and malware. Click an infected link and you could inadvertently download a virus to your computer. Criminals also use social networking sites to gather private information about users and then employ it in phishing and fraud schemes.

– Identity thieves: If you post too much personal information about yourself, online criminals can harvest your name, address, phone number and other information and use it to steal your identity. Only a few pieces of information are needed to access your financial resources. The large number of people who visit social networking sites also attracts large numbers of scammers.

– Predators: Do you share your class schedule, plans or whereabouts with friends? If you do, you also make them available to sex offenders, thieves and burglars, as well. Knowing your schedule and location makes it easy for someone to victimize you, whether breaking in to your house or apartment while you’re gone or attacking you while you’re out. Don’t make it easy for a Facebook stalker to find you.

– Employers: More employers investigate applicants and monitor current employees through social networking sites. What you post online about yourself may reflect negatively on you, especially if you post photos of yourself exhibiting embarrassing behavior.
Gioia said keeping your personal information out of the wrong hands can be fairly easy if you have a cautious attitude.

His advice:

– Don’t put personal information online in the first place.

– Don’t post your full birth date, address, phone number, etc.

– Don’t hesitate to ask friends to remove embarrassing or sensitive information about you in their posts.

– Use built-in privacy settings. Most social networking sites offer ways to restrict public access to your profile, allowing only your “friends” to view it. Disable extra options and enable only ones you know you’ll use.

Most sites don’t have a rigorous process to verify the identity of members, so be cautious when dealing with unfamiliar people online.

A final tip from Gioia: Research yourself online to see what others may see. Enter your name – inside quotation marks — in Google and do a search. See if there is too much data or embarrassing information about yourself. Also, try searching for any of your nicknames, phone numbers and addresses to see what you find.

“What happens on the Web stays on the Web,” Gioia reiterated. “So be safe and think twice about anything you post online.”

Number of staff and faculty email accounts compromised by phishing attacks down

Posted: September 27, 2013 | Author: | Filed under: Employees, General news, Security | Tags: , | Leave a comment

The number of faculty and staff accounts that have been compromised by phishing scams is down this semester at Eastern.

Five employee accounts were compromised in the month of August 2012, compared to one this year. “Compromised” means an employee responded to a phishing attempt by clicking on a link embedded in a deceptive email, thereby making his email account and its address book accessible to the person who initiated the attack.

“Employees are the ones we’re most concerned about because their accounts contain more sensitive data,” said Mike Gioia, Eastern’s information security officer.

Student compromised accounts were up to nine this year compared to five last year in the month of August.

In 2012, a total of 203 university accounts were compromised, 55 of which were those of faculty and staff, and 148 of which were those of students. Statistics for 2013 are not yet complete, but Gioia expects them to be down, too, both for the month of September and the year.

Gioia credits efforts to educate employees about phishing attacks, as well as technology, for the improvement.

The Information Security unit of Information Technology Services has expanded efforts to educate the campus community about the dangers of phishing.  A portion of the ITS Web page is devoted to this end and is available at http://www.eiu.edu/its/security/Phishing.php. Also, once a phishing attack is reported, Eastern’s network technology allows the deceptive link to be rendered inaccessible, preventing others from clicking it.

Gioia said Eastern never asks employees or students, via email, to provide password or account information.  “No entity on campus will ever ask you or direct you to provide your password or click on a link in an email to change your password,” he said.

Gioia said phishing reflects a “snowball” pattern and affects not just the targeted employee but potentially everyone on the campus network. If users do not learn how to avoid phishing attacks, they are more likely to fall victim to them. That means more compromised accounts, and that means even more attacks being generated through those accounts – a vicious cycle. Conversely, if more users are aware of phishing, fewer accounts will be compromised, leading to fewer attacks.

“We’re here to help,” said Gioia. “Responding to a phishing attempt is just a mistake. If someone is unsure whether they’ve been become the victim of a phishing attack, don’t hesitate to send the suspect email to us (If you receive an email that you feel is a phishing attempt , forward it to the following address: phishing@eiu.edu) or contact us (581-1942) and we’ll take a look at it and work with them.”

 

 

 

 

Five steps you can take to stop data breaches

Posted: September 5, 2013 | Author: | Filed under: Employees, Policies, Security, Tech tips | Leave a comment

Because it is an institution of higher learning, Eastern is a repository of a great deal of personal and financial information for thousands of students and employees. Social Security numbers, names, addresses, telephone numbers, birth dates and other idata – they’re all here, stored on networked computers and servers and therefore potentially accessible to anyone who might want to steal the data.

Data breaches at universities seem to be a regular occurrence. Whether an employee downloading sensitive information or a thief who steals back-up tapes containing financial data, the potential for breaches to occur and for significant fallout in their wake is very real.

University networks are particularly vulnerable because they must be open, carry a lot of data, have many access points and support many portable devices, such as laptops, cell phones and PDAs.

Preventing data breaches, therefore, is the responsibility of every faculty and staff member who works at Eastern. With that in mind, here are five things you can do to prevent such occurrences:

– Make sure information systems are up to date and patched. Hackers use vulnerabilities or holes in coding to gain access. “If we don’t repair these vulnerabilities, it’s kind of like leaving the back door to your house open,” said Mike Gioia, Eastern’s information security officer.

– Don’t store personal and sensitive information on systems if you don’t have to. “Don’t keep it just because it’s convenient,” said Gioia. “Restrict the level of data you have out there.”

– Monitor activity regularly. “Look for odd activity on systems, activity that should not be happening,” he said. “Look at the logs of servers to see who is accessing them.”

– Make sure you require the use of strong passwords to log into systems. “Know who has access to your systems and if it’s appropriate for them to have it,” Gioia said.

– Be aware. “The majority of data breaches are due to human error,” he said. “Have employees know what data is sensitive. Train them as to what they can and cannot release, and teach them about what is appropriate use and what is not.”

How to pick a password

Posted: August 15, 2013 | Author: | Filed under: Employees, Security, Students, Tech tips | Leave a comment

Picking a password for your PantherMail and other online accounts at Eastern is important. If you don’t choose good passwords or keep them confidential, they’re almost as ineffective as not having any password at all. Many systems and services have been successfully broken into because of insecure or deficient passwords, and some viruses have exploited weak passwords by guessing them.

Most people use passwords that are based on personal information and are easy to remember. However, that also makes it easier for an attacker to solve them.

A good method of creating a password is to employ a series of words – a passphrase — and use memory techniques to help you remember how to decode it. For example: The phrase “We like watching Panther basketball” might translate into “WlwPb13!” if you add a number corresponding to the year and a top-row keyboard symbol. Your best defense is to use a combination of numbers, special characters and both lowercase and capital letters. Adding a symbol or two from the top row of your keyboard can thwart “brute force”  — or random character generation — attacks.

At Eastern, in order to meet the requirements of Hitachi ID Management Suite, which is the university’s password control system, passwords must:
-have at least 8 characters
-have no more than 15 characters
-have both upper and lower case characters
-have no more than 12 lowercase letters
-have no more than 12 uppercase letters
-have at least 1 non-alphanumeric characters
-have at least 3 letters
-have a leading letter
-have at least 1 digits
-have at least 1 digits not at the beginning and end
-have no more than 2 pairs of repeating characters
-not be an old password
-Valid punctuation marks are limited to !%*-?:

Here some other things to remember when choosing a password:
-Don’t use passwords that are based on personal information that can be easily accessed or guessed.
-Don’t use words that can be found in any dictionary of any language.
-Develop a mnemonic for remembering complex passwords.
-Use both lowercase and capital letters.
-Use a combination of letters, numbers, and special characters.
-Use passphrases when you can.
-Use different passwords on different systems.

Once you’ve chosen a password that’s difficult to guess, you have to make sure not to leave it someplace for people to find. Writing it down and posting it on your desk, next to your computer, or, worse, taped to your computer, makes it easy for someone who has physical access to your office to obtain your password. Don’t tell anyone your passwords, and watch for attackers trying to trick you through phone calls or email messages requesting that you reveal your passwords.

And don’t forget to change your password occasionally. At Eastern, you are required to change your password once during spring semester and again in the fall, but it’s a good idea to do so yourself even more frequently during the academic year.

Newer Entries →