Monthly Archives: March 2015

Wireless Upgrade: Update 3/16/15

The UITS Network Infrastructure team is pleased to announce that we have reached the 75% mark in our wireless upgrade project.  We’ve been busy installing new cabling and new access points to support the new system.  The following buildings are planned for deployment over Spring Break.

  • Jordan Hall
  • Schwob School of Music
  • Corn Center
  • Uthea River Park

The following buildings are planned for cabling install followed by deployment later this Spring and into Summer.

  • Lumpkin Center
  • Student Rec Center
  • Elizabeth Bradley Turner Center
  • Howard Hall (pending construction completion)

We are also working hard to make the on-boarding experience more intuitive and streamlined for all devices.  Stay tuned for further updates on what we’re doing to make the wireless network at CSU second to none.

Ransomware – Scarce But Severe

Over my six years here at Columbus State University (CSU) fortunately we have been blessed with only a few ransomware attacks. In each case however, the price paid by the user was severe and substantial.  The ransomware was either a CrytoWall or a variation, encrypting the users files and demanding payment of approx. $500 – $700 through Bitcoin for the decryption key. Unfortunately, as is the case with most all new generations of ransomware as information security professionals we can only clean up to prevent further infection. The corrupted/encrypted files are lost and to my knowledge the users did not pay the ransom.  There is also the mystery of just exactly how the user became infected with the ransomware.  Below is a great article that is a must read about ransomware!

Read the whitepaper from  Ransomware – Your Money or Your Life Files

Phishing Attacks For CSU and USG On The Increase

Over the last few weeks we have seen an increase in phishing attempts mainly targeting our faculty and staff emails. There have been primarily two that required more extensive information security measures and remediation efforts. We use Google Gmail for all Columbus State University faculty/staff/students.  In reviewing the article below and also the  highlighted “phishing” link this information would provide a better understanding of our email security. I also found this to be a plethora of  great email security information and an invaluable source for helping you protect your email account.

Read the excerpt from Google Online Security Blog

Behind enemy lines in our war against account hijackers

A recent poll in the U.S. showed that more people are concerned about being hacked than having their house robbed. That’s why we continue to work hard to keep Google accounts secure. Our defenses keep most bad actors out, and we’ve reduced hijackings by more than 99% over the last few years.We monitor many potential threats, from mass hijackings (typically used to send lots of spam) to state-sponsored attacks (highly targeted, often with political motivations).This week, we’re releasing a study of another kind of threat we’ve dubbed “manual hijacking,” in which professional attackers spend considerable time exploiting a single victim’s account, often causing financial losses. Even though they’re rare—9 incidents per million users per day—they’re often severe, and studying this type of hijacker has helped us improve our defenses against all types of hijacking.

Manual hijackers often get into accounts through phishing: sending deceptive messages meant to trick you into handing over your username, password, and other personal info. For this study, we analyzed several sources of phishing messages and websites, observing both how hijackers operate and what sensitive information they seek out once they gain control of an account. Here are some of our findings:

  • Simple but dangerous: Most of us think we’re too smart to fall for phishing, but our research found some fake websites worked a whopping 45% of the time. On average, people visiting the fake pages submitted their info 14% of the time, and even the most obviously fake sites still managed to deceive 3% of people. Considering that an attacker can send out millions of messages, these success rates are nothing to sneeze at.
  • Quick and thorough: Around 20% of hijacked accounts are accessed within 30 minutes of a hacker obtaining the login info. Once they’ve broken into an account they want to exploit, hijackers spend more than 20 minutes inside, often changing the password to lock out the true owner, searching for other account details (like your bank, or social media accounts), and scamming new victims.
  • Personalized and targeted: Hijackers then send phishing emails from the victim’s account to everyone in his or her address book. Since your friends and family think the email comes from you, these emails can be very effective. People in the contact list of hijacked accounts are 36 times more likely to be hijacked themselves.
  • Learning fast: Hijackers quickly change their tactics to adapt to new security measures. For example, after we started asking people to answer questions (like “which city do you login from most often?”) when logging in from a suspicious location or device, hijackers almost immediately started phishing for the answers.

Courtesy of Google Security Blog
by Elie Bursztein, Anti-Abuse Research Lead
Posted: Thursday, November 6, 2014