Archives For April 2014

New Phishing Statistics

John Knights —  April 25, 2014

New studies have found that 1/3 of all phishing attempts last year went after bank accounts or other financial information directly.  From 2012 this is an increase of 8.5% in financial attacks, an all-time high for phishing.  Most of these financial scams pose as a popular organization, and even worse, about half of them use either PayPal, MasterCard, Visa, or American Express’s name to seem legitimate.  Phishing attacks damage these brands reputations and make it harder for the average internet user to distinguish between real emails and scams.  Amazon is also used as a cover in most phishing attacks to fool the receiver, with Apple and E-Bay also being used.

In addition to these, recent phishing attempts have tried to exploit conference attendees by posing as hotels or travel agencies representing the conference organizers. Follow the links and instructions provided on the conference websites for searching hotels and making reservations.

Never trust unsolicited emails or calls for sensitive information. Always be skeptical and cautious when being asked to reply to emails or follow to linked forms that request sensitive information (financial account numbers, credit card numbers, usernames and passwords) because it may be a phishing attempt.  Review our phishing page to help identify malicious communications and forward suspicious emails to abuse@wit.edu before opening any links or giving any information.  It is also important to remember that phishing is not restricted to email, at least a third of phishing attacks last year were deployed via Facebook.  Be aware at all times online especially when handling sensitive information.

Anti-virus software has changed a lot over the past decade, moving from virus scans triggered by a user to comprehensive malware detection in real time.  While an often lengthy scan was once your only option to detect threats, protection is becoming more automated, now happening as soon as you encounter malware or other malicious programs.  The next step in protecting our computers is a breach detection system (or BDS) that can detect any breach in a network of computers and then contain or remediate all the damage within 48 hours.

Current anti-virus software uses signature-based detection to match a current list of threats to the findings of a search or a software that is currently affecting the computer.  Users must keep their anti-virus software updated consistently to combat the latest threats on the internet.  Another big problem right now with anti-virus software is how predictable it is.  The signature based system allows hackers to test their virus on a system with existing software available to the public before a large scale attack.  With a proper breach detection system, any attack will be discovered because detection is not just based on pre-determined signatures, but on reacting to signs of an attack through network traffic analysis and server data.  Ideally, a BDS will stop a threat coming from inside the network, from the cloud, or even on an employee’s mobile phone.  It will then remediate the damage by quarantine, session termination, and other restrictions.

Breach detection systems help keep entire networks secure and more connected.  The Wentworth Technology Services Information Security Office is always looking for better ways to protect the institute and it’s members, broadening our scope protection services will help us with this mission. We employ next generation firewalls to perform these more advanced techniques for malware detection. In addition, there are active and proposed projects for expanding our tools and techniques to improve the security and privacy of your institutional data, feel free to periodically check in on our projects page for more information and status checks on our projects.

As the semester comes to a close , it is important to remember some of the tips we’ve shared over the semester.  Among them are the information security and privacy techniques vital for protecting your sensitive information online.  From choosing the correct Wi-Fi network to staying alert for phishing emails while off-campus, here are the things you need to keep in mind to have a fun and safe summer.

  • Avoid unsecured Wi-Fi and use secured Wi-Fi networks or connect with an Ethernet cable
    • Especially when checking financial or sensitive information on your laptop.
    • An unsecured Wi-Fi network could be a fake proxy or a real network simply compromised by a hacker, who is watching everyone’s activity.
    • Turn sharing settings off if you have to use an unsecured connection
  • Review the signs of a phishing email here
    • Not addressed to you; vague wording
    • Misspelled words or illogical statements
    • Requesting information randomly or urgently
    • Suspicious URL links
  • Stay safe on social networks
    • Restrict your privacy settings so only your friends can see your information
    • Be cautious if your information is requested in any way
    • Know where your information is going to and who can see it
  • Change your password now and stay one step ahead
    • Passwords have to be changed every 180 days
    • Make the fall transition easier by changing your password now
    • Check requirements and change password here
  • Use a virtual private network to work from home and stay secured
    • For Wentworth employees that require VPN access to the campus network when working remotely, please email our Information Security Office to find out more.

The next time you post something on Facebook that anyone can see, you will be greeted by a small blue blast from the past.  A tiny blue dinosaur (article and example from Sophos) now reminds users without privacy settings enabled to read and understand them better before they share information online.  The dino addresses the user by name and hopefully will encourage more people to be safer online.  This is a much needed step towards privacy and transparency for the social network giant.

The cartoon popup is just a test program but is already receiving great feedback and hopefully it will spur more companies to follow suit by making their user’s privacy a bigger priority.  The exact message you will receive is: “You haven’t changed who can see your posts lately, so we just wanted to make sure you’re sharing this post with the right audience. (Your current setting is Public, though you can change this whenever you post.)”. It then gives you different options to limit who can see your post.

 

The Heartbleed Bug

John Knights —  April 11, 2014

What is the Heartbleed Bug

The Heartbleed Bug is a vulnerability that was discovered on April 7th in the code that some servers and websites us for secure communication. The vulnerability directly affects any security connections that utilize OpenSSL. OpenSSL is a mechanism used by some web sites, web service, and servers to establish secure communications between you and the server.

Why does this matter?

If you have connected to a web site or service that has used the vulnerable version of OpenSSL over the last 2 years, there is the potential that the security of that connection was compromised. This is a wide-spread vulnerability as many sites and services use OpenSSL.

What is Wentworth doing?

After this vulnerability was made public, Wentworth Technology Services began running tests against all internet-facing web servers to test for the presence of this vulnerability. None have been discovered as the majority of the servers utilized by the Institute do not utilize OpenSSL. We are continuing our investigation to ensure that all internal servers as well as those used for our externally-hosted services are free of this vulnerability. For any vulnerable server that we find, we will address through applying updates and patches. We will continue to keep you posted through our Information Security website at http://www.wit.edu/dts/security, our security blog at blogs.wit.edu/security, and via Twitter @InfoSec_WIT.

What should you do?

First of all, don’t panic. This vulnerability and how to address it is well known throughout the security community and most sites that are potentially affected by this bug are in the process of fixing or have already done so. A complete list of affected sites is not known. What we encourage you to do is check with the sites that you have a password for. Most sites will have a link or prominent notice indicating what they are doing to address this bug.

Below are some practices we suggest you follow to keep yourself safe:

  • Wait to perform any online banking or transactions with online retailers until they indicate it is safe to do so. After a notice has been posted or emailed to you, reset your password with that site.
  • Reset passwords directly at the site. Be suspicious of any emails you receive requesting you to click on a link that takes you to a password reset page. Although many of them will be legitimate, there is the possibility that it could be a phishing email. Instead of clicking the link, copy and paste the link on the address bar on your browser or go directly to the site and look for their password reset page. (For Wentworth, we encourage users to always go directly to the password reset page that can be accessed through the Information Security site’s home page at the link above.)
  • DO NOT reply to any emails asking for sensitive information, regardless of how legitimate it looks. No reputable site or company should ever ask you to email any sensitive information via email (such as ssn, credit card numbers, or passwords).
  • If you suspect you are receiving any illegitimate emails, please forward them to SPAM@wit.edu.

For any questions, please contact the Technology Service Help Desk at 617-989-4984 or via email at HelpDesk@wit.edu.

For more information on the Heartbleed bug, visit heartbleed.com, posted by the researchers that discovered the vulnerability.