All posts by Ian Burke

Library & Information Technology Services » Post for MiddNotes 2015-10-23 12:15:34

Helpdesk Alerts, ITS, libitsblog, library, LIS Staff Interest, lisblog, Middlebury Community Interest, middpoints, Post for MiddNotes, Post for MiddPoints

ccam

October is Cybersecurity Awareness Month. Join your colleagues from both the Middlebury and Monterey campuses for a presentation and discussion on critical cybersecurity issues including phishing and cracking.

  • On October 29th at 12:30 Eastern time, Information Security will host a Cybersecurity Roadshow.
  • You can join the discussion in Lib105A on the Middlebury Campus or on PolyCom 710205
  • Central Monterey meeting location TBD.

Please join us for this discussion. It is open to students, faculty, staff and the community. Computer security is the responsibility of us all.

For more information call Information Security at 802-349-5805

Security Notification: Ransomware Delivered Through Phishing Attacks

Helpdesk Alerts, ITS, LIS Staff Interest, Middlebury Community Interest, middpoints, Post for MiddNotes, Post for MiddPoints

A year ago the Internet saw a rash of malware known as ransomware. This malicious form of cyber attack is known for infecting a computer and encrypting a drive. The victim is then unable to recover their data until paying a ransom to the attacker. Middlebury, like many other institutions was not immune to this form of attack.

A week ago the FBI announced a new variant on a common form of these attacks known as CryptoWall. This form of ransomware is known to have four methods of infecting a computer.

  • Phishing: the attacker may lure a victim into downloading an infected attachment through a phishing campaign and thereby compromising the drive on their system.
  • Phishing: the attacker lures the victim into clicking on a link to a malicious web site where the victim unknowingly downloads the malicious software onto their system and compromises their drive.
  • Infected ad: the attacker posts and infected ad on a website which a user might click thereby causing the download of malicious software.
  • Compromised website: the attacker compromises a website so when a user visits the website they unknowingly download malicious software and compromise their system.

According to the FBI, by far the most common method of attack is phishing, particularly with attachments in the message.

What you can do to protect yourself:

  • Never open attachments or click links in emails that you do not recognize or trust.
  • Know what a phishing attack is and how to spot one. visit http://go.middlebury.edu/phish or http://phishing.org
  • If you think you have fallen for a phish change your password. then call x2200
  • If you believe you system is compromised, unplug it from the power and the network. Shut it down immediately. Do not worry about saving your work. then call x2200.
  • Backup your data routinely. If you save your data to Middfiles or your home directory it will be backed up automatically.
  • Never disable your antivirus software.
  • Send any suspect emails to phishing@middlebury.edu
  • Only download software from known vendor sites.
  • Don’t click on ads in web sites. Visit vendor websites directly.

Sources:

Open RoadShow on Information Security

LIS Staff Interest, Middlebury Community Interest, Post for MiddNotes, Post for MiddPoints

LIS Information Security and the LIS Security Team will be hosting a lunch time RoadShow on information security and basic ways to protect yourself while working on Internet connected computers. This discussion is open to the full College community. Please join us Aug. 28th at noon in Davis Family Library room 145. For more information please visit: http://www.middlebury.edu/offices/technology/infosec/education/CBT/RoadShow