Cybersecurity Blog

Get your security updates, restart your machine – 05/15/17

 

Although the WannaCry ransomware exploited a vulnerability in Windows that had been patched in March 2017, it was still able to bring several organizations to their knees. The culprit? Computers running outdated software that did not have the security patch installed.  As a best practice, all Mount Royal staff and faculty should be installing updates when prompted and be restarting their machines.  This ensures they are always using the most secure software versions and minimizes the risk of a malware attack.

Security isn’t the only benefit of keeping  your machine up to date. Regularly updating your machine keeps it more stable so it crashes less. Also, updating the machine takes less time if it is done regularly.

Yes, I know…it’s inconvenient.  It takes time for the machine to restart and it’s a total pain. Here’s a tip…turn your machine  off at the end of each day and any updates will automatically be downloaded. When you come in the next morning, turn on your machine and go get that morning cup of Joe. By the time you get back, your machine will have installed the updates and be ready to go.

Have you downloaded the updates but can’t restart your machine right away because you are working on a project or running a report? Make sure that when the notification appears asking you to restart your machine that you do so within 24 to 48 hours. Do not continually ignore the prompts and leave your machine vulnerable.

Worried about meeting room or classroom computers? All smart cabinets, classroom computers and meeting room computers are automatically turned on and updated during off hours. As long as no one is logged into the machine, it will be updated. Have any questions? Give the IT Service Desk a call.

 

What you should know about the worldwide ransomware attack – 05/15/17

 

Friday the world was given a sampling of exactly how much damage ransomware can cause.  Cyber criminals released a brand new form of ransomware that had the capability to replicate itself and infect other machines on the same network. This allowed it to spread at a very rapid  rate. The ransomware’s more notable victims were the NHS, UK’s healthcare sytem and the Spanish telecom giant Telefonica. Surgeries were cancelled, ambulances were diverted and services were interrupted.

This ransomware called WannaCry, took advantage of a vulnerability in Windows that had been found by the NSA and then published on Wikileaks. In March, Microsoft issued a patch that effectively eliminated this vulnerability. You may be wondering why millions of machines became infected if this vulnerability was addressed. The answer is two fold.  First, Microsoft has stopped supporting older operating systems such as XP and Vista. That means they do not normally provide security patches for these operating systems.  Second, many users do not install the latest updates.

So how to you keep your data safe from WannaCry and other malware?

  • Backup your files regularly

We are human, at some point we may click on something we shouldn’t. If all your files are backed up, you can restore your system if you are hit by malware.

  • Keep all your applications secure by installing all updates

Programmers are human too. Sometimes their programs are released with vulnerabilities that allow criminals to use the programs for their own purposes. When those vulnerabilities are found, they are fixed with a software update.  If you do not install your updates, you leave your computer vulnerable.

Do you have a XP or Vista machine? You should consider upgrading to Windows 7 or 10. In the meantime, Microsoft has taken the unprecedented step of issuing Vista and XP updates to address the  vulnerability WannaCry exploits.

  • Verify all links and attachments in unexpected emails before opening them

To date the majority of malware is delivered by a user clicking on a link or opening an attachment. Phishing emails are no longer containing, poor graphics, bad grammar or are coming from strangers. More and more attacks appear to come from someone you know, contain relevant content and are slick in their appearance. To truly stay safe, you should contact all senders of unexpected emails containing links or attachments by phone and verify that they actually sent the message.

By following these simple steps, you will avoid the heartbreak of WannaCry.

 

How to Limit the Potential Damage from Stolen Credentials – 05/11/17

 

Another day, another list of Mount Royal emails that may have been compromised. How? The emails were used as usernames to login to external websites/accounts. These external websites then had their user’s login credentials stolen.  This is not a concern if each website has a unique password.  However if you reuse the same username and password combinations for multiple websites, once one is compromised they are all compromised.

As it is not a question of if but when one of your websites has their user’s credentials stolen, how do you minimize the damage?

  • Avoid using your Mount Royal email to login to external websites whenever possible. Some sites require your work email to access their services. However the majority of sites allow you to enter any email address.
  • Create a separate gmail account for logging in to work related websites. New accounts can be created/added from the Google login page.  Once a new account has been added, you can view its inbox on a separate tab giving you access to both your accounts at once.
  • Use personal emails for personal sites. This will save you from embarrassment. When a site has a Mount Royal email in its list of usernames and it gets hacked, we are notified. We really don’t want to know that you have a Neopets account.
  • Use a unique password for every website. Having difficulty coming up with and storing so many passwords? Use a password manager to store and generate passwords.
  • Change your passwords regularly.  A significant amount of time often passes before theft of login credentials is detected giving criminals lots of time to use them before they are changed. Changing your password makes stolen credentials useless.

Don’t enable Excel or Word Macros without reading this – 04/24/17

 

In Microsoft Office’s attempt to make life easier and our work more efficient, they have a handy little tool call a macro.  In its simplest form, a macro allows you to record a series of routine tasks so they can be replicated in an instant using a short cut key. However macros can also be very complicated programs interacting with other applications, making them ideal malware delivery tools for cyber criminals.

For that reason, it has long been a recommendation that macros be turned off or disabled in both Word and Excel. This prevents them from running automatically when a Word or Excel document is opened. As a result, a nasty virus cannot be uploaded onto your machine.

How do you disable macros? In both Word and Excel:

  1. Select File>options>Trust Center.
  2. Click the Trust Center Settings button.
  3. Select Macro Settings from the left menu.
  4. Select Disable all macros with notification.
  5. Click the OK button to exit the Trust Center Settings.
  6. Click the OK button to exit the Trust Center.

Note: Disabling macros in Word does not disable them in Excel and vice versa. You must change the settings in each application.

Once macros have been disabled, whenever you open a document that contains a macro you will be notified and asked if you wish to enable it. Some nice hackers even include detailed instructions on how to do that on the document itself.

DO NOT enable macros unless you know the email sender and have directly confirmed with them that the macros are essential to the functionality of the document. Of course if you have documents that you currently use that contain macros, you can enable them in order to use the documents. Just be aware that with macros enabled, you will not know if a Word or Excel attachment contains a malicious macro until it is too late and your machine is infected.  To prevent unintentional downloading  of malware, it is recommended you call the email sender to verify an attached Word or Excel document is legitimate before you open it.

Note:  This article applies to macros in Word and Excel. If your department uses Access databases that contain macros, they may not function if the macros are disabled. Please talk to your supervisor before you disable macros in Access.

Latest scam: The fake Whatsapp voicemessage – 04/18/17

 

Coming soon to an inbox near you, an email from Whatsapp notifying  you that a voice message is awaiting your response. The email includes a handy Play button so you can listen to the message without having to open Whatsapp.  So thoughtful of them. Of course clicking the Play button loads your computer with malware allowing the criminals to steal your identify or encrypt your files and hold them for ransom.

This is yet another reminder not to click on links/ buttons/ attachments/photos in unexpected emails.  Criminals are getting more and more creative and sophisticated, crafting emails that are getting harder and harder to detect as fake. However, you can avoid becoming a cyber crime victim by simply adopting the practices of:

  • Being fully present when reading your emails.

Criminals count on you being distracted when you read your email. The majority of attacks occur on the day before a long weekend when users are not paying attention to what is in their inbox. They click not because they don’t know better, but because they aren’t paying attention.

  • Visiting known sites or apps directly.

If you receive any kind of notification from any organization or application, visit the site or open  the application directly. If it is legitimate the same information that is in the email will be found on the website or in the application.  Do not trust the email.

  • Calling  people from your contact list to confirm that they sent an email.

If you recognize the sender, do not assume the email came from them. Cyber criminals can hack your contact list and make it look like a trusted friend sent you a nice cat video. Call the sender directly and confirm that they sent the email.

 

 

Android banking malware targets hundreds of apps on Google Play – 04/18/17

 

It has happened again.  Funny Videos 2017 is just one of hundreds of legitimate apps on Google play have been infected with malware. This latest version of malware interacts with the user’s bank and credit card apps, placing a fake login page over the official one.  The fake login page collects the user’s login credentials and gives the cyber criminals full access to the user’s bank account or credit card.

Google has removed the infected apps from Google Play. Unfortunately that doesn’t help the users who fell victim. How do you reduce the possibility of being a victim of an infected app?  Before you download an app:

  • Read user reviews
  • Install anti-virus software on your phone

In addition, don’t download apps that ask for unusual permissions (ie. asking for the ability to change settings). Once an app is downloaded, if your phone start behaving unexpectedly uninstall it immediately. If the behavior continues, perform a factory reset on your phone.

Cyber safety information to share with your family – 04/12/17

Attendees to my Protecting yourself Against Cyber Crime workshop have been asking for the slide deck to share with family and friends. The presentation covers just the basics and includes several slides that allow you to test your ability to spot a phishing email.  Haven’t taken the workshop yet?  Join us on April 18th, registration is through the Employee Training page on MyMRU. Don’t have time for a workshop, complete the online training in Blackboard.

New login screen for Google a privacy concern – 04/07/2017

 

On April 10, 2017 Google will start rolling out a new login screen. It will begin with limited release and then widen until all users are converted over. The new screen will no longer give you the option to Stay signed in. Instead all users will automatically be connected to Google/Gmail/Google Drive with this feature enabled.

Why is this a concern? Well, if you are using a public workstation in the library, a classroom or meeting room and you log out of the workstation you will not be logged out of Google/Gmail/Google Drive. The next user who starts up that workstation and opens Google Chrome will see all of your emails and files on display.

Starting today, we are asking that all faculty, staff and students logout of Google/Gmail/Google Drive before they logout of any computer or device that is not their own.

If you have any questions or concerns, please contact the ITS Service Desk.