Cybersecurity Blog

Beware, the locked browser tech support scam is back- 03/13/18

Malwarebytes has discovered an old tech scam that has resurfaced.  Hackers are compromising legitimate web sites. When you visit one of these sites, a pop-up appears on your computer telling you that you have a virus and you need to call a 1-800 number. To make it look like there is something wrong with your computer, the browser is locked and doesn’t respond to clicks.

If you call the number, you are asked to download diagnostic software that gives the hackers control of your computer. They then appear to find the virus on your machine and proceed with a hard sell trying to get you to pay to have it removed. In reality there is nothing wrong with your machine.

No software will magically detect issues on your computer without being installed. No browser can detect issues with your computer.  Microsoft does not send out alerts to let you know your computer is not working properly or has been compromised. Anytime you receive an alert of any kind with a support phone number, it is a scam.

The good news is, with this particular scam there is nothing wrong with your computer. All you need to do is shut down your browser through the Task Manager and everything goes back to normal. Just remember not to visit the same website again.

To shut down your browser in the Task Manager:

  1. Press CTRL + ALT + Delete 
  2. Select Start Task Manager
  3. On the Tasks tab, select your browser
  4. Click the End Task button.

Lock your Screen When you Leave the Scene – 02/07/18

Just a friendly reminder to lock your screen EVERY TIME you leave your workstation unattended. In the time it takes to get a print out or go to the kitchen to throw out garbage, your workstation can be compromised. The hackers need less than a minute to access your workstation and load malware that runs in the background. The malware can be present for months, giving the criminals access to the network and our data without you even being aware that it is there.

It is not enough to say, “Well I usually lock my screen but sometimes I forget.” Usually will not keep our network safe. Always will. Join us in the fight against cyber crime. Be a super hero and lock your screen EVERY TIME!

Payroll related phishing email making the rounds – 02/02/2018

Another day, another phishing attack making the rounds. The latest asks you to confirm your identity by clicking on a link and logging in. These emails often refer to  issues with your paycheck or benefits that need to be resolved. Replying to one of these emails and asking for more information results in a very quick and convincing response assuring you everything is on the up and up.

If you ever receive an email asking you to use a link to login to confirm your identify, close the email and login to the site directly using a bookmark or Google search result. If the request is legitimate, you will be able to find it on the official web site.  If you cannot find the information and are still not sure of the email’s legitimacy, contact them by phone or email using contact information taken from their official site.  If you do determine that the email is a phish, forward it to abuse@mtroyal.ca and then report it as phishing to Google.

As always, if you are in doubt contact the IT Service Desk.

 

Why you should worry about cryptocurrency mining – 01/26/18

First things first, what is cryptocurrency? Cryptocurrency is digital currency. The most known is Bitcoin, however others are popping up such as Monero.  How do they work? Well, I found a nifty little video that tells you the basics. It refers to bitcoin but the premise applies to all cryptocurrencies.

Neat huh?  Notice the part where they say it takes lots of computing power and lots of electricity to mine? This is where things get interesting. Criminals have figured out that if they use the computing power of other machines, they can mine more cryptocurrency faster without having to invest in all the computing power or electricity themselves.

Why should you be concerned? More and more malware is mining cryptocurrency. The malware is often hidden on legitimate websites, applications or browser extensions.  Why is this a problem? After all it is just using the processing power of my computer, its not actually doing any real harm is it? Well, no and yes. No it isn’t doing anything malicious like encrypting your hard drive or stealing your data. However, it is wearing out your machine and slowing it down. The more clever mining malware waits until you aren’t actually using your machine to mine. This reduces the chance you will notice that it is actually there, but still wears out the processor, eats up bandwidth and increases your electricity bill. Less clever creations, slow your computer down to a noticeable crawl.

Having millions of other peoples computers mining cryptocurrency for you can be quite lucrative. So much so that some websites have turned from using adware to generate revenue to asking users to lend their computing power. This is just fine if the user knows it happens and consents. It is another thing entirely when its done behind the scenes. Finding out your machine is being used for mining after the fact tends to leave you feeling like you need to take a shower. Its just not nice.

So what can you do about it? First of all, if your workstation seems slow contact the Service Desk. If it is your home machine, check the CPU processes to see if you have any spikes in usage.  How do you prevent the mining in the first place?  The mining software is considered to be malware, so the regular security measures that you take to protect yourself from malware will protect you from crypto mining. Make sure you:

  • Use an Ad blocker
  • Stay away from shady websites
  • Only download software from reputable sites with good reviews
  • Beware of browser extensions

New security vulnerabilities found on everything with a computer processor – 01/08/18

What are they?

New vulnerabilities called  Meltdown and Spectre have been found in computer processors  built after 2009 that allow a program to steal data from your computer system’s memory without your permission or knowledge.  It affects everything that has a computer processor including your computer, tablet, phone and IoT (Internet of things such as a smart thermostat).

Why should I be concerned?

These vulnerabilities have the potential to allow hackers to covertly fetch sensitive information  such as passwords from system memory allowing access to your online banking, social networking accounts and the like. To make matters worse, the attack can be made via your browser.

How is the problem fixed?

As these vulnerabilities are in the main processing chip on the computer, the ultimate fix will be to change the processor codes, the firmware or the chip itself.  However, the problem can be mitigated by modifying how the software interacts with the processor. As a result, software and hardware vendors are currently developing patches for these vulnerabilities.

What is IT Services doing about it?

We are following our standard processes to manage the patches for these vulnerabilities.

What do I have to do?

You do not need to update your workstation, it will be done by the MRU patch management process.  Your regular updates include all required patches. If you have a Mount Royal laptop or device and you aren’t sure that it is getting updated, please visit the IT Service Desk.

Install updates for all your personal portable devices and home machines as soon as they become available.  Make sure that your browser is updated as well. Please note that not all anti-virus programs are compatible with Microsoft’s latest updates. If your machine has incompatible anti-virus software, the Microsoft updates will not be uploaded and your machine will be left vulnerable. Check your anti-virus program’s website to see if it is compatible.

Make sure you visit official/trusted websites to get your updates or use the update feature from within your software.  We do not recommend clicking on links and opening attachments in emails claiming to have a link to the latest updates or patches.  Criminals may take this opportunity to send out fake security patch or update emails with malicious links to try and trick you into downloading their malware.

For more details on the vulnerabilities, check out the sources for this article:

 

Passwords are NEVER to be shared – 12/06/17

I was shocked and extremely concerned to read about UK members of Parliament sharing passwords with their staff.  How could high ranking members of a government, with a gateway into a network containing super sensitive data be so reckless?  Surely no such thing occurs in other organizations? Surely here at Mount Royal University we are much more cautious with our passwords.

I was dismayed to discover that is not the case. Passwords are being shared  between professors and graduate students, between managers and admins, between colleagues and between students .  Why is this a problem?  Just think for a minute of everything that you access with that login information.  Do you really want to give someone else that much information about you?  Do you really want someone else to be able to access EVERYTHING that you have access to? Your password is the keys to your kingdom.  Don’t give it away.

IT Services is very aware that there are many instances where you need to give people access to your email, documents or an application.  Fortunately, we have many tools at our disposal to do that without giving them access to everything else as well.

My favorite password sharing excuse is, “I can never remember my passwords, I need my admin to know them so she can remind me when I forget” . KeePass is a password manager that is easy to use and it will store your passwords for you.  It is installed on every workstation and it requires you to remember only one password. Still challenged? There are many ways to create a password that is easy to remember but very effective. Contact the IT Security Training Analyst if you are still struggling.

If you are currently sharing your passwords or using someone else’s passwords; please stop, change your password and contact the IT Service Desk to discuss your needs. They will be happy to find a solution for you. Keep your data safe, keep your passwords a secret.

Latest Windows update patches 62 vulnerabilities – 10/11/17

 

In past posts I have talked about the importance of keeping your computer up to date by shutting it down each night. This week that is more important than ever. On Tuesday MIcrosoft released its latest updates for Windows, Office and other software which includes patches for 62 different vulnerabilities.

What is so important about patching these vulnerabilities? Hackers have known about some of these for a while and have already created malware that takes advantage of them. Keep your machine secure, shut down your machines this afternoon and get your updates.

Get your security updates, restart your machine – 05/15/17

Although the WannaCry ransomware exploited a vulnerability in Windows that had been patched in March 2017, it was still able to bring several organizations to their knees. The culprit? Computers running outdated software that did not have the security patch installed.  As a best practice, all Mount Royal staff and faculty should be installing updates when prompted and be restarting their machines.  This ensures they are always using the most secure software versions and minimizes the risk of a malware attack.

Security isn’t the only benefit of keeping  your machine up to date. Regularly updating your machine keeps it more stable so it crashes less. Also, updating the machine takes less time if it is done regularly.

Yes, I know…it’s inconvenient.  It takes time for the machine to restart and it’s a total pain. Here’s a tip…turn your machine  off at the end of each day and any updates will automatically be downloaded. When you come in the next morning, turn on your machine and go get that morning cup of Joe. By the time you get back, your machine will have installed the updates and be ready to go.

Have you downloaded the updates but can’t restart your machine right away because you are working on a project or running a report? Make sure that when the notification appears asking you to restart your machine that you do so within 24 to 48 hours. Do not continually ignore the prompts and leave your machine vulnerable.

Worried about meeting room or classroom computers? All smart cabinets, classroom computers and meeting room computers are automatically turned on and updated during off hours. As long as no one is logged into the machine, it will be updated. Have any questions? Give the IT Service Desk a call.