The Cybersecurity Newsletter has a new look! – 10/22/21
The cybersecurity awareness program at MRU rebranded earlier this fall. It took us a while, but we have also rebranded the Cybersecurity Newsletter. Gone is the blue background, sections have been reorganized and we have a fancy new header to match our new program branding. We hope it will now be easier to read as well as to find the information that is most useful for you. Look for the new format newsletter to arrive in your inbox on Friday.
If you aren’t a subscriber, now is the time to do so. Get the latest news on current attacks and how to stay cybersafe. Once you subscribe, you can share what you learn with family and friends. Don’t delay, subscribe now.
Firefox’s LinkedIn data breach notification – 10/04/21
If you use Firefox with your Mount Royal email address, you may have received this email in your inbox this morning:
This is a new feature of Firefox. It is important to note however that this “data breach” isn’t really a data breach. If you look closely, it is titled LinkedIn Scraped Data. Also while it says that the “breach” was added to their system October 2, 2021, the so called “breach” actually took place months ago.
What is scraped data? It is when an attacker scrapes publicly available data off of a website. So technically it isn’t a data breach as the attackers didn’t break into any servers. However, it does take a lot of time and skill to gather that much data at once. As a result few people do it themselves. It is much easier to wait for someone else to do it and then buy the data from them.
What do they use the data for once they buy it? They use it to target you with phishing emails and other social engineering attacks. While there is no need to worry about your LinkedIn password or username being compromised, this is a good time to double check exactly what you have posted publicly on LinkedIn. Be wary of any communications referencing that information in the future, someone may be trying to use it against you.
October is Cybersecurity Awareness Month – 09/29/21
It is Cybersecurity Awareness Month!! To celebrate we have several activities planned. As always, the Cybersecurity Challenge will run from October 1 to March 31. This year the Challenge has a new sponsor, WBM! The teams have been reorganized to ensure they are of equal size so the competition should be as fierce as it was last year. Will the Facilities Management team finally be unseated or will they be victorious once again?
The Virtual Treasure hunt that was so popular last year is back with new clues and puzzles. Solve the puzzles and use the clues to find the location of the treasure. Everyone can participate.
We have two new Cybercrime Series talks scheduled as well. Brian Reed from Proofpoint will be discussing insider threats, the horror stories that go with them and how to protect yourself. Jason Kell from Teknologi1 will be discussing attacks to Industrial Control Systems and the repercussion.
Come join in, have fun, earn contest entry codes and learn how to stay cybersafe!
Things to remember now that we are back on campus – 09/08/21
It is hard to believe but it has been about 18 months since we were last all on campus. Whether you are thrilled to be amongst students and colleagues or pining for the solitude of your dining room table, you will have developed different work habits while you were working from home. Now is the time to dust off those old habits again. To help you get back on track, I have a few helpful tips.
Lock your screen
Yes, I know that I was teaching people to keep locking their screens when working from home. However, I know most of you didn’t consider the kids, your spouse or the cat a big threat. Now that we are back, it is time to develop that habit again. When you stand up from your machine, lock it. If you are in a hybrid work situation, keep up that habit when you are home so you don’t forget when you are on campus.
Watch for tailgaters
Don’t let people you don’t know sneak in behind you into a secured area. If a stranger has forgotten their OneCard, send them to security rather than let them in with yours. With everyone masking up again, it is harder to verify someone is who you think they are. If you aren’t sure, send them to security. If you have a visitor coming to campus, meet them outside secured areas and then accompany them to the appropriate office or meeting room. Do not leave guests unaccompanied in a secured area.
Don’t let others use your credentials
If you have guests coming on campus, have them bring their own laptop and connect to MRvisitor rather than logging into a workstation for them. If you are training someone new, contact the Service Desk to get them access to what they need rather than logging into an application for them. Your credentials are for your use alone, not the other 114 people who want to access the network.
Keep storing documents on Google Drive
Even though we are now back at our workstations, it is impossible to know if sometime in the future we will have to return to working from home. Make your life easier, continue to store your documents containing non-sensitive information on the Google Drive. That way you won’t have to scramble should we suddenly get sent home again.
Our cybersecurity awareness program has a new look! – 09/02/21
After 5 successful years, the cybersecurity team is saying goodbye to our superheroes. While they served us well, we recognized that it was time for a change. Our survey let us know that the campus was looking for branding that was more professional but still used simple straight forward messaging. Introducing The Shield.
Look for the new posters, screen slides and stickers as they pop up around campus. We hope you love our new look as much as we do. Let us know what you think in the comments below.
Scammers use subscription renewals to trick you into downloading malware – 08/03-21
A social engineering tactic dubbed Bazacall is making a resurgence. This attack method first appeared in March, 2021. It starts with an email that arrives in your inbox. They use a variety of scenarios, however all encourage you to phone a number to resolve an issue. Their favorites appear to be notifying you that a subscription is going to be renewed or that a free trial is over. Details on the nature of that subscription are often left out, making it more likely that you will call to clear things up.
When you call, the “customer service rep” on the phone directs you to a very realistic website. Sometimes these websites are spoofed sites of real businesses, other times the businesses are completely fictitious. Once you are at the website they walk you through the steps to cancel the subscription, telling you what to click. Everything seems perfectly legitimate until you reach the final step. The last click on the website opens an Excel file that asks you to enable Macros. If you continue to follow the instructions of the “rep”, the malware is downloaded and installed on your computer. The type of malware varies but typically they give remote access to your machine, allowing the attackers to gain access to to other devices on the network.
This phishing attack method is particularly dangerous as the email doesn’t contain any attachments or links which allows it to pass through inbox filters. In addition when you open it, it looks official and innocent. After all what can happen if you just call to cancel a subscription that you don’t want? However once you call, the “rep” is very good at social engineering. He or she develops trust and insists that this is the only way to ensure the charge doesn’t appear on your credit card.
The best way to defend yourself against this type of attack is to recognize that emails with vague information about a subscription being renewed are malicious. Thankfully with this attack you have a second chance to defend yourself. You can refuse to enable Macros when asked. Remember to use your common sense and don’t let yourself be bullied. There is no justification for enabling Excel Macros to cancel a subscription. If it doesn’t make sense, hang up.
Restart your machine and save your data – 07/08/21
With the latest zero day threat PrintNightmare, putting printing on pause across the globe; it has become more important than ever to to keep your devices updated. While there is no update yet available to patch this vulnerability, it is a good idea to make sure your computer is ready when it is released.
The best way to do that is to ensure automatic updates on your Windows machine is enabled. MRU devices are automatically updated when you connect to the network so you don’t have to worry about them. This is a system setting controlled by ITS and it can’t be changed. However, you can mess with automatic updates on your home machine. You can pause them on a Windows 10 machine and turn them off all together on a Windows 8 machine. It is strongly recommended that if you have paused the updates or tuned them off , you enable them again. This ensures that as soon as the patch for PrintNightmare is available, it will be downloaded.
If you have a Windows 7 or older machine, the automatic updates feature is not an option, you will have to check for and download the update manually. For the most part, operating systems of this age don’t receive updates anymore and are vulnerable to attack. Which is why it is a good idea to upgrade to a newer one. The exception is when a really, really nasty vulnerability comes along. PrintNightmare falls into this category. Even Windows XP will receive a patch for this one. However, you Windows 98 and 95 holdouts are out of luck.
To complete the installation process, you have to restart your machine. This is true for MRU devices as well as your home machine. Depending on how your version of Windows is set up, you may or may not be notified that a restart is required. So it is a good idea to restart your machine daily. Daily restarts ensure that you both have the latest security patch downloaded and it has been installed as well. Also, it takes less time to restart a machine that has only one update to install versus one that has five. In just a few minutes you can save hours of heartache. Restart your machine and save your data.
Yes you can test out of your cybersecurity awareness training – 11/22/21
While training for new hires has been live for a while now, we had to hold off releasing the new training for those who are not new to Mount Royal until our content was approved. We finally have approval! We are approaching things very differently this year and want to make sure everyone understands how the new program works before they are enrolled in the training.
So what are we doing differently? The new hires have the same training program we used last year. This ensures everyone who comes to campus knows the basics. This training is now live and ready for enrollment. If you didn’t finish your new hire cybersecurity awareness training last year, you will be re-enrolled in the same program again. However we are aware that taking training on the same subjects every year is getting a bit tiresome. So if you have taken training in the past, you will find a pre-test in your Security Education Platform My Assignments list. The questions in the pre-test are organized into categories. If you get one or more questions in each category wrong, you will be assigned training on that topic. If you get all the questions right, you will not have to do any cybersecurity training.
Unfortunately if you handle payment card data or are a high value target you will still have specialized training modules designed for your role that you will have to complete.
Even when you know how to be cybersafe, small reminders make being cybersafe easier. Starting January 2022, a new Cyber Guys video will be ready for viewing every month. These short 3 to 4 minute videos remind you how to avoid becoming a victim while tickling your funny bone. This is one time you can watch a funny video and not have your boss frown at you.
To view the videos, just login to the Security Education Platform. They will be in your My Assignment list. They are not mandatory to watch but we think they are just entertaining enough that you will want to. Unfortunately if you are a new hire, you will have to wait until next year to see the videos. That little treat is only available to those who have had training in the past.
Remember:
- If you have new hires they can enroll and start their cybersecurity or PCI awareness training right away.
- If you didn’t finish your new hire cybersecurity awareness training last year, you will be enrolled in it again this year.
- If you have completed training in the past, you will take a pre-test to determine what training topics you will be assigned.
We really, really hope that all of you enjoy this new approach to training and find it helps you stay cybersafe. If you have any questions or concerns please contact me at securityawareness@mtroyal.ca and I would be happy to answer any questions.
What exactly is the purpose of your spam folder? 05/27/21
The lowly Gmail Spam folder. It appears to collect nothing but garbage and is routinely ignored. It does however, have a function. It’s purpose is to keep spam and malicious emails out of your inbox while still allowing you to review them. These suspicious emails aren’t automatically deleted as Google recognizes it isn’t perfect and may wrongly identify an email as spam or malicious.
How should you manage your Spam folder? For the most part, it can be ignored. If you find that you are missing an email, you can go looking for it. However, I don’t recommend checking your Spam folder daily. If you are worried about missing emails, then a weekly check should be sufficient.
If you find an email in your Spam folder that you don’t think should be there, don’t move it immediately to your inbox. Open it first and check the banner at the beginning of the message. Google lets you know why the message was put there. If it is because it was marked Spam previously, then it is safe to move to your inbox. If however, it indicates that it contains a malicious link or attachment then leave the email where you found it as Google doesn’t make mistakes identifying malicious emails.
Fortunately, malicious emails found in your Spam folder don’t need to be reported to the IT Security Team. Google is already filtering them from inboxes so we don’t need to alert your colleagues. This saves us from replying to 57.3 million emails. You can simply delete them and get on with your day. Even better, let Google delete them for you. Messages in Spam that are 30 days old are automatically deleted.
MRU community hit by tech support scam – 04/29/21
The tech support scam is back. This week a MRU community member had a virus warning popup on their screen while they were working. The virus warning listed a phone number and appeared to come from Microsoft.
The individual phoned the Service Desk. However, when they couldn’t get through they called the ‘Microsoft’ number in the pop up. The fake Microsoft rep hung up on them when the caller didn’t provide the rep with the information they were looking for. Our MRU community member avoided being scammed simply by not being cooperative. However, had they been dealing with a more patient scammer, this could have gone very wrong very quickly.
This is a reminder if you see a dialog box with a virus warning and a phone number, it is a scam. Most likely there is no virus on your machine. instead, the website that you have visited has been compromised by a hacker to display a fake virus warning to anyone who views it. If this happens to you, close your browser and then open it again. Do not close the pop up. Do not visit that website again.
If you are concerned that your MRU issued device may have a virus, contact the Service Desk. Be patient, they will get back to you. If it is your personal device you are concerned about, run a virus scan. If something appears to be amiss and the virus scan does not find anything, take your device to a repair shop to have it checked.