Cybersecurity Blog

Issues with the PhishAlarm button? Clear your cache – 11/03/20

 

 

This week the phishing training program resumed.  This gave everyone a chance to use the new PhishAlarm button to report the suspicious emails.  For most of you, it worked great!. For some of you, not so much.

As the PhishAlarm button is a browser based tool  (it works through your web browser), it can act up when your browser acts up. This is true for all browser based tools. When this happens it can usually be remedied by clearing your cache.

Your cache is where images and content are downloaded and stored. Your browser does this to save time loading a web page. The first time you visit it, it will load some key information into your cache. The next time you visit that page, instead of downloading it from the internet again, it goes to the cache and loads it from there. This makes the webpage load much faster. This is true whether the page is a just a boring website or a web based application.

So the next time the PhishAlarm button gives you an error message or any other web based application gives you trouble, clear your cache.  It will empty all the information stored there and download it from the Internet again.  This basically resets the application and it usually starts working. For details on how to clear your cache, check your browser’s help files.

Happy Reporting!!

Hackers targeting educators – 11/04/20

 

 

There is a new phishing attack that is taking advantage of the widely acknowledged technology issues facing students, families, and educators. It is targeting educators, using infected attachments that masquerade as student assignments.  The attachments contain ransomware that encrypts your files and locks you out of your devices until the ransom is paid.

In this type of attack, the hackers pose as a parent or guardian submitting a student’s assignment on their behalf. They claim that the student was unable to upload the document due to technical issues. The emails are very emotional and are designed to tug on the heart strings of the educator.

The subject lines the attackers have been using are:
• Son’s Assignment Upload
• Assignment Upload Failure for [Name]
• [Name]’s Assignment Upload Failed

Here is an example of the types of emails being used.

 

Often the attachment is a Word document . Once you open it, you are asked to  “enable editing” and “enable content”. If you do, the ransomware is loaded onto your device.

This attack is very targeted, using contact lists available on the school’s websites to determine who to send emails to. Although the attackers are currently focusing on K through 12 schools, it is expected it will move to post secondary institutions next.

To avoid these types of attacks:

  • Only accept assignments submitted through regular channels.
  • Do not open an attachment unless you check the sender’s email address and know who the email is coming from.
  • Verify the sender actually sent the message whenever possible.
  • Do not enable content or editing on Word documents unless you are 100% certain of the sender’s identity.
  • Do not enable macros on Word or Excel documents unless you have talked to the sender of the email to verify it is safe to do so.

If you are unable to contact the sender and aren’t sure of the legitimacy of an email, report is using the PhishAlarm button or by forwarding it to cybersecurity@mtroyal.ca.

 

Cybersecurity Challenge 2019/2020 Winners – 10/29/20

The 2019/2020 Cybersecurity Challenge wrapped up on September 30 last month. A big congratulations to Stephanie Spencer in Continuing Education! She is the winner of the $250.00 gift certificate to Best Buy! Have fun shopping Stephanie.

The winner of the Golden Superhero Award is once again the Facilities Management team. Congratulations team for an outstanding effort! Here is the gang in their COVID glory,

From left to right: Jason Philipchuk- Facilities Management Office, Carol Hartwick – Environmental Services, Garry Berge – Building Operations.

 

A huge thank you to everyone who participated! It was the best year ever for the Challenge. That said, this year’s Challenge is shaping up to be a close race. For the first time in three year’s, the Facilities Management team is not in first place and the top four teams are running neck and neck. Who will be the winner next year? Tune in on March 31, 2021 and find out!

 

Check the sharing permissions on your files stored on the Google Drive – 10/21/20

With the move to working from home, many of our business processes have changed. For example, documents that we used to save on the J: drive have had to be moved to the Google Drive to ensure everyone has access to them. However unlike the J: drive where everything saved on it is viewable only by your colleagues in your department, the Google Drive allows you to share a single file or a whole folder with anyone. To quote Winston Churchill

Where there is great power there is great responsibility…

It has come to our attention that many of you are struggling with this power. We have found there are many documents sitting in the Google Drive that are viewable by anyone with a Mount Royal email address that really shouldn’t be. Submitted student assignments, job offer letters and lecture recordings are just some of the documents that are viewable by the entire MRU community.

We appreciate that you are doing the best that you can with what you have. We have all been thrown into a working situation that none of us were expecting. In the middle of which, Google decided to change its file sharing dialog box. So even if you were familiar with how to share files, you have had to relearn it.  Throw in Shared Drives and it is no wonder so many documents are viewable by the wrong people.

If you have read this far and are thinking, “I know how to share files, I am sure that no one has access to them who shouldn’t”, please take a moment to check the sharing permissions on your files that contain sensitive information. As I said before, Google has changed their Sharing dialog box and we have oodles of sensitive documents that are viewable by the whole campus. You may think that your documents are secured, but they may not be. Don’t assume, check.

If on the other hand you have read this far and tears of frustration are streaming down your face, I come with a message of hope. File sharing is easy once you understand a few key concepts.

The Google Drive is one massive server

When you save or create a document on the Google Drive, you are placing it on a huge server that the whole world has access to. You only see the files and folders that you have been given permission to see.  By default that is all the files and folders you create. The same is true for anyone else who uses Google Drive.  So when you create or save a document to the Drive, is it unviewable by anyone except you until you share it with someone else.

A document has the same sharing permissions as its folder

When you save or create a document in a folder, it takes on the sharing permissions of the folder.  To help you keep track of which folders you have shared and which you haven’t, Google gives you a confirmation dialog box to remind you that the document you are creating in a folder will be shared.

It also gives you one when you move a document to a folder that is shared.

Unfortunately, it does not give you a reminder when you upload a file into a shared folder. How do you remember which folders are shared and which aren’t? It can be confusing. A neat little trick I use is color coding. I color all the shared folders red. That way I can quickly and easily see which folders are viewable by others and which are only viewable by me.

Any folder in the Shared with me section may be viewable by others

When someone shares a document with you, it appears in your Shared with me section of your Google Drive.

Any folders found here were not created by you. If they are shared with you, they likely are shared with other people as well. Before you create or add a file to one of these folders, check its sharing permissions so you know who will be able to access your document.

Documents in Shared Drives may be shared with people who are not members

When Shared Drives first came out, they were called Team Drives and only people who were members of the Team could access the documents. Google has updated this feature. Along with a new name, you can now share folders and files in the Shared Drive with people who are not Team Members.  Once again, this makes it challenging to determine which folders are shared with who. Unfortunately you cannot change the color of the folder icon in Shared Drives. Instead, ask all Team Members who create folders to put SHARED in the folder title if it is shared with people outside the Team.

The fewer people that have access to a document, the more secure it will be

Only share a document with the entire Mount Royal community or everyone who has a link, if that document really needs to be accessible by all those people.  There is no need to share a contact list with the whole campus when only your department needs access to it. Don’t share a recording of your lecture with the whole campus if only your students need to access it. As soon as you open up document access to a large audience, you start to loose control over its contents. Before you know it, you have people contacting you asking for more information about about a topic that they should have no knowledge of.  Keep your documents secured, only share them with those who absolutely must access them.

I hope that this information has cleared up some of the confusion around safely sharing files on Google Drive. For details on how to share files, visit the Google Drive Help webpage.

 

It’s Cybersecurity Awareness Month! – 10/02/20

 

 

Welcome to another Cybersecurity Awareness Month (CSAM)!!  Although we can’t meet in person, we do have a full list of activities that you can participate in.

Cybersecurity Challenge 2020/2021

The Challenge is back with several improvements.  As before, you earn contest entry codes by participating in cybersecurity activities. Each entry gets you one chance to win a $250 Best Buy gift certificate from Cisco Systems Canada.  However the contest now runs from October 1, 2020 to March 31, 2021. This should prevent Challenge fatigue while still ensuring everyone has the opportunity to participate.

The teams have also been updated. They are now only 100 members in size. As all the teams are the same size, the leaderboard will display the actual number of entries rather than percentages. Lastly, the sharing of codes officially became against the rules. If you don’t participate and enter a code, you will be disqualified from the Challenge.

Virtual Treasure Hunt

To replace our Hack the Room activity, we have a virtual treasure hunt. Bluebeard has hidden a chest full of crypto currency. Solve the clues, collect contest entry codes and find the treasure. Everyone who finds the treasure is entered into a draw for a $100 Amazon gift certificate courtesy of WBM Technologies.

The Cybercrime Series

Come join us for tales of cyberhorror. The Cybercrime Series looks at cybernightmares and how to prevent them. We have two scheduled for October.

  • Cybersecurity: Are our graduates ready for the new economy? – Angele McAllister
  • The Cybersecurity Monster Manual: Stopping things that go “hack” in the night – Michael McDonnell

Double codes for completing training in October

To encourage you to complete your cybersecurity training, we are offering two contest entry codes for completing your training this month.

Our regular activities

Keep an eye out for our regular activities as well.  Participating in them earns you contest entry codes for the Challenge. You can subscribe to the newsletter, show off your cybersecurity sticker, join us in the Cybercafe or complete your training.

 

Which email address to use when – 09/15/20

 

 

Who would have thought that 2020 would have everyone who can, working and taking classes from home? In a few short weeks we had to find a workspace, navigate chaos at home  and learn a whole new set of skills. In the shuffle, it is easy to have work/school seep into our home life and vice versa.  While it is normal to have this happen occasionally, as a general rule you should make sure you are using your email accounts appropriately. Here are a couple of tips that will help you sort through the work/school/home mess.

Use your MRU email only for work/school purposes

While this was a good idea before the pandemic, it is even more important now. Criminals know our home networks don’t have all the security bells and whistles that are on our corporate networks.  Attacks are on the rise as they look for vulnerabilities. One of those is using your MRU email for personal purposes.

The more places you use your MRU email address the greater the chances you are going to reuse passwords and expose yourself to credential stuffing. As we are notified when your MRU email address has been used for a login credential of a breached account provider, we sometimes find out more about your personal life than we would like.  Save us both the risk and embarrassment. If an account is for personal use, use your personal email address for your username.

Don’t use your personal email address for work/school

Since we have begun working at home, it feels like I have responded to 55.1 requests to view Google documents. The requests have come for quick reference guides, user manuals, registration forms, you name it. Every time I have had to reply with…

This document is only viewable by those with a Mount Royal email address. Please login to your Mount Royal email to access the document.

It gets mighty tiresome. I don’t know who the requester is unless they use their Mount Royal email address.  For that reason, I do not grant non MRU email addresses access to documents. Everyone on campus should be following this protocol.

As important as it is to use your work email address to access documents, it is even more important for attending Google Meetings. Don’t make your meeting host guess who you are or whether you should be attending. Make it clear you are supposed to be participating by using your Mount Royal email address.

When you must use your MRU email address

To access some accounts, you must use your Mount Royal email address as a username. In these instances it is especially important to use a unique password.  It prevents criminals from gaining access to your email by using a password that they have stolen from another account provider.

By following these simple rules you will decrease your vulnerability to cyberattacks, protect your privacy and make your colleagues, instructors and students lives easier. Happy days for everyone!

 

Workshop and Cybercafe held next week 09/17/20

 

 

Next week we have two events being held. September 22, 2020 is the Protecting yourself against cybercrime 2021 workshop from 2:00 pm  to 3:30 pm.  This is a great opportunity to complete your mandatory training and ask as many questions about cybersecurity as you like.

If you are not able to make the training but still would like to discuss cybersecurity, join us for the Cybercafe on September 24 at 3:00 pm. For 30 minutes you can ask all your burning cybersecurity questions. Our Security Administrator will be joining us, so the questions can get as technical as you like.  While you can ask anything you like, I will also be presenting a current news item as a topic of discussion. Check back on September 23 to see what that topic will be.

See you there!

Don’t take candy from strangers – 09/16/20

All malware is not created equal.  This week a particularly devious piece landed in an MRU inbox.  It was wrapped up in a zip file attachment. Here is what the malicious email looked like:

 

 

This malicious email is hard to identify as it contains a previously sent email thread. Interestingly enough, there is no human behind this email. It was sent by malware. When it gets on your machine it picks an email in your inbox and replies to it. Sending a copy of itself to an unsuspecting recipient.

The email is generic enough to work with pretty much any email. However it is the vagueness that flags it as suspicious.  The other tell is the sender’s email address. Because this is malware and not a person sending out the email, the sender’s email address is incorrect.

If you decide to click and open the attachment, you see an Excel spreadsheet with this in the first cell.

 

 

If you missed the other two red flags, this one is your last chance to dodge the bullet. This very official looking graphic is asking you to enable editing and content to be able to “decrypt” the document  It is also telling you what type of device to use to view it.  Anytime you have this kind of instruction given to you to view a document, close it immediately and report it.

The instructions are not there to enable you to view the document. They are there to ensure the malware can be installed and will function.  By asking you to enable editing and content, it is bypassing the safety controls we have in place to prevent the running of macros. It is not “decrypting” anything.  If you can’t open a document just by clicking on it, consider it a threat.

This is another reminder how important it is to check the sender’s email address before you open an attachment or click on a link.  If you recognize it, contact the sender using another method and confirm that they sent the email. If you don’t recognize it, don’t click. You wouldn’t take candy from a stranger, you shouldn’t take attachments from them either;  no matter how enticing they are.

 

 

Using Jabber on your computer? You need to update, NOW! 09/10/20

 

 

Cisco has released an update to their Jabber for Windows application. This update fixes a critical vulnerability that would allow an attacker to potentially execute arbitrary code on your computer without requiring any action on your part while the application was running in the background.

If you use Jabber for Windows please update it immediately. The Jabber for Windows update can be downloaded here.  Enter your MRU login credentials when prompted to gain access to the download. Although Jabber for Mac has not been effected, it is still a good idea to keep it updated. The latest version can be downloaded here.

If you are only using Jabber on your iphone or Android smartphone, you are not affected by this vulnerability. For more details, read the Latest Hacking News article.

 

File management when working from home – 08/25/20

 

 

I know it is hard to believe, but it has been five months since all of us were sent home to work and attend classes. Being jettisoned into a working from home environment with little preparation has its challenges. With the lines between work/school and our personal lives being blurred, it is normal for our file management to become a little chaotic.  The introduction of the new VPN service in the middle of all that certainly didn’t help.  I helped over 51 people transition to GlobalProtect. Now that things have calmed down a bit and it is apparent we are going to be working from home for the foreseeable future, I thought a few file management tips would be helpful.

Give everyone their own profile on shared computers

Not everyone has the ability to have a separate computer for every member of the family. Often we have to share with others in the household. By creating a separate profile for each person, you limit what they can access. To use the computer they login to their profile which is secured with a password. What applications they can use and what documents they have access to depends on which user profile they are logging into. While this doesn’t completely protect your data, it does limit the damage that can be done. You can find more information on setting up user profiles on How To Geek.

Use a different browser for work

Keeping your work/school and personal life separate is not easy when you are using the same computer for both. If you have a personal Gmail account, you have seen how easy it is to accidentally send an email to your boss/instructor with your personal email address and save that report you were working on in your personal Google Drive. Both confuse your colleagues/instructors into thinking you are a hacker trying to gain access to the network. As well it makes it difficult for you to find things.

By using a separate browser for work/school, all your work bookmarks are in one easy to find place. In addition when you send an email or save a document, it will be your Mount Royal email and Google Drive login credentials that will be auto-filled rather than your personal ones.

Save your documents in Google Drive or the MRU Network

When we are in a hurry, it is easy to click the Save button and then put that document on the default drive. Unfortunately, that is often the C: drive or your desktop. If your hard drive crashes, the files will be lost unless you back them up onto another drive. In addition, if you are an employee due for a new machine, you will lose any data stored locally. Remember, IT Services does not back anything up when they replace your machine.

Make your life easier, save files on your MRU Google Drive. If you find the Google Drive too onerous to use, download Google Drive File Stream. It will add a G: drive to file explorer allowing you to save and open documents just like you do with the C: drive. A Mac version of Google File Stream is also available.

If you don’t like using the Google Drive, you can download files from the MRU network using Webfiles. Once your work is done, don’t forget to upload them back onto the network.  Remember files left on your C: drive or desktop are vulnerable. Don’t leave them there.

Limit access to shared documents to those with a Mount Royal email address.

If you are sharing documents with colleagues, instructors or students; limit who can access them by choosing to share them with those who have a Mount Royal email address or a specific email address. This ensures that even if someone outside of the University community gets a hold of the link, they cannot access the document.

If someone requests access to this document later on, deny them access and remind them to use their Mount Royal login credentials to view it. This prevents hackers who are using a generic Gmail account from impersonating a colleague, instructor or student and tricking you into giving them document access.

If you have VPN access don’t download files to your home machine

Some employees need VPN access to remote in to their MRU workstation. If you have this type of access, you are working with sensitive data. That data must stay on the Mount Royal network. Do not download it to your machine at home.

Remember to give yourself a pat on the back

We are all working in less than ideal conditions trying to deliver ideal results. I hope these tips make that a bit easier.  Don’t forget to give yourself a pat on the back for doing a great job. You rock!