SEARCH

  • [:en]Recent Posts[:af]Onlangse bydraes

  • [:en]Categories[:af]Kategorieë

  • [:en]Archives[:af]Argiewe

Security

« Older Entries
Newer Entries »

[:en]Phishing and whaling[:af]Phishing en whaling[:]

Friday, February 5th, 2016

[:en]

Recently we gave you some pointers on identifying phishing e-mails. So now that you know all the signs and how to outwit the criminals, there’s another variant – spear phishing. But don’t panic, it’s almost the same, with a bit of a twist.

Spear phishing is an e-mail that seems to be sent from an individual or business you know. Of course it’s really from hackers attempting to obtain you credit card, bank account numbers, passwords and financial information.

These types of attacks focus on a single user or department within an organisation and use another staff member from the organisation’s name to gain the victim’s trust. (Also see our recent article on the incident at Finance.)

They often appear to be from your company’s human resources or IT department, requesting staff to update information, for example passwords or account details. Alternatively the e-mail might contain a link, which will execute spyware when clicked on.

But wait, there are even more fishing comparisons.

When a phishing attack is directed specifically at senior executives, other high profile staff or seemingly wealthy people, it’s called whaling. By whaling cyber criminals are trying to catch the “big phish”, or whale.

phishing

[SOURCE: http://www.webopedia.com]

 
 
 
 

[:af]

Ons het onlangs vir jou `n paar wenke gegee hoe om `n phishing e-pos uit te ken. So noudat jy gereed is om enige krimineel uit te oorlê, het ons vir jou nog `n weergawe van phishingspear phishing. Maar moenie paniekbevange raak nie. Dis amper dieselfde, net ʼn bietjie anders. 

Spear phishing is wanneer ʼn e-pos lyk of dit gestuur is vanaf ʼn individu of besigheid wat jy ken. Inderwaarheid kom dit van kuberkrakers wat probeer om jou kredietkaart, bankrekening, wagwoord en finansiële inligting te aas.

Hierdie tipe aanvalle fokus op ʼn enkele gebruiker of departement binne `n organisasie. Deur die e-pos te stuur vanaf iemand binne die organisasie se e-pos, word jou vertroue gewen en gee hy makliker die inligting. (Sien ook ons berig oor die onlangse insident by  Finansies)

Die e-posse lyk dikwels asof dit gestuur word deur jou menslike hulpbronne of IT-afdeling en versoek gewoonlik dat personeel hulle inligting (byvoorbeeld wagwoorde of rekeninginligting ) opdateer of heraktiveer. Alternatiewelik bevat die e-pos ʼn skakel wat spyware aktiveer indien daarop gekliek word. 

 

Maar dis nie al nie – daar is selfs nog meer visvang-analogieë.

Wanneer `n phishing-aanval direk geloods word op senior uitvoerende hoofde, hoë-profiel personeel of skynbaar finansieël welaf persone, word dit whaling genoem. Deur whaling probeer kuberkrakers een “big phish”, of te wel die walvis, vang.

phishing

 
[BRON: http://www.webopedia.com]

[:]

Email

Tags: , ,
Posted in E-mail, General, Security | Comments Off on [:en]Phishing and whaling[:af]Phishing en whaling[:]

[:en]New cyber crime e-mail targets individuals[:af]Nuwe kubermisdaad e-pos teiken individue[:]

Wednesday, January 13th, 2016

[:en]

Over the past two weeks a new e-mail scam has reared its head on campus. Scammers use contact information, available on the internet, to target individuals at the university.

One example is an e-mail which has been sent to various staff at the Finance department with a request to transfer money. (see e-mail with inactive addresses below)

The e-mail is sent from a gmail address, but the display name is a SU staff member’s name. Since the cyber criminal also saw the contact person’s name on the website (in this case Finance’s website), they address the receiver personally as, for example, Karin.

Similar scams use fax numbers available on the internet and then a fax is sent directly to the contact person.

Do not, under any circumstances, react to these e-mails. It is clearly an attempt to attract your attention and convince you to conduct a financial transaction. Delete and ignore the e-mail.

Report suspicious e-mail to sysadm@sun.ac.za and also read our articles on security on our blog, as well as the fortnightly newsletter, Bits & Bytes.

 

FROM: Stellenbosch University staff member name<example@gmail.com>
TO: Stellenbosch University staff member name<example@sun.ac.za>

Karin, 

Let me know if you can process a same day domestic bank transfer to a client. You will code it to professional services

The amount is R870,000, kindly confirm so i can forward the appropriate beneficiary details to enable instant clearance.

Regards

Sent from my iPhone

[:af]

Daar is die afgelope twee weke `n nuwe tendens op kampus waar kubermisdadigers kontakinligting wat op die internet beskikbaar is, gebruik om individue te teiken.

Een voorbeeld hiervan is `n e-pos wat aan verskeie personeel van Finansies gestuur is met `n versoek vir die oorbetaling van gelde. (sien e-pos onder met onaktiewe adresse)

Die e-pos word gestuur vanaf `n gmail adres, maar die display name is `n US personeellid se naam. Omdat die kubermisdadiger die kontakpersoon se naam ook op die internet (in die geval Finansies se webwerf) kon kry, rig hy die e-pos persoonlik aan byvoorbeeld Karin. 

Soortgelyke gevalle gebruik ook faksnommers wat op die internet beskikbaar is en stuur dan `n faks aan `n spesfieke persoon.

Moet onder geen omstandighede op hierdie e-posse reageer nie. Hierdie is duidelik `n e-pos wat poog om u aandag te trek en te oortuig om `n finansiële transaksie uit te voer. Verwyder en ignoreer dit bloot.

Meld verdagte e-posse aan by sysadm@sun.ac.za en lees ook artikels oor sekuriteit op ons blog, sowel as die twee-weeklikse nuusbrief, Bits & Bytes.

 FROM: Stellenbosch University staff member name<example@gmail.com>

TO: Stellenbosch University staff member name<example@sun.ac.za>

Karin,

Let me know if you can process a same day domestic bank transfer to a client. You will code it to professional services 

The amount is R870,000, kindly confirm so i can forward the appropriate beneficiary details to enable instant clearance.

Regards

Sent from my iPhone

[:]

Email

Tags: ,
Posted in E-mail, Security | Comments Off on [:en]New cyber crime e-mail targets individuals[:af]Nuwe kubermisdaad e-pos teiken individue[:]

[:en]Phishing remains prevalent[:af]Phishing steeds algemeen[:]

Wednesday, January 13th, 2016

[:en]

Attempts to harvest staff’s personal information in order to gain access to bank accounts, remains a thorny issue.

Unfortunately we can’t warn you against every potentially dangerous e-mail, but we can show you what to look for so you don’t fall prey to one of these scams. Look out for these signs:

1. The e-mail is never addressed to you personally – it’s a generic heading. (e.g. Dear client)
2. It asks the receiver to divulge personal information, for example your ID number, password or username.
3. The e-mail asks you to click on a link to “activate” your account. Don’t click on any links in e-mails (unless it’s an official IT e-mail) and also don’t copy and paste it in your web browser.
4. Usually a short time limit is given, for example “within 24 hours”.
5. Make sure the request is official and legal by calling the company and confirming.
6. Do not send sensitive information by e-mail. Legitimate companies won’t ask you to send data by e-mail.

Above all, the best defence is being attentive and cautious. Report suspect email to sysadm@sun.ac.za and also read our articles on security on our blog, as well as the fortnightly newsletter, Bits & Bytes.

[:af]

Pogings om personeel se persoonlike inligting te oes om toegang tot bankrekeninge te kry, bly `n netelige kwessie.

Ongelukkig kan ons nie personeel waarsku teen elke e-pos bedreiging nie, maar ons kan uitwys waarna om te kyk sodat jy nie `n slagoffer word nie. Let spesifiek op die volgende:

1. Die e-pos is nie persoonlik aan jou gerig nie, dis net `n generiese aanhef. (byvoorbeeld “Dear client”)
2. Dit vra persoonlike inligting, byvoorbeeld jou ID-nommer, wagwoord of gebruikersnaam.
3. Dit versoek dat jy op `n skakel kliek om jou rekening te “aktiveer”. Moenie kliek op skakels in e-posse nie (behalwe amptelike IT e-posse) en moet dit nie kopieer en plak in jou webblaaier nie.
4. Daar is gewoonlik `n kort tydsbeperking gekoppel aan die versoek, byvoorbeeld “binne 24 uur”.
5. Maak seker die versoeke is wettig deur die maatskappy se telefoonnommer te skakel en uit te vind.
6. Moenie sensitiewe informasie met e-pos stuur nie. Wettige maatskappye sal nie vra dat jy data per e-pos aan hulle stuur nie.

Bo en behalwe bogenoemde, is die beste veiligheidsmaatreël oplettendheid en versigtigheid. Meld verdagte e-posse aan by sysadm@sun.ac.za en lees ook artikels oor sekuriteit op ons blog, sowel as die twee-weeklikse nuusbrief, Bits & Bytes.

 

[:]

Email

Tags:
Posted in E-mail, Security | Comments Off on [:en]Phishing remains prevalent[:af]Phishing steeds algemeen[:]

[:en]Phishing warning: Survey on peer review[:af]Phishing-waarskuwing: Opname oor portuurbeoordeling[:]

Thursday, November 12th, 2015

[:en]

It’s no secret that you can fake just about everything on the Internet, you can fake job references, fake news, fake academic credentials, and fake science.

Academic journals that distribute important research from universities, such a Stellenbosch have had to deal with a proliferation of fake peer reviews. Scams that mask themselves as academic journals which request payment, to accept and publish papers without any form of peer review whatsoever, are common, but now the peer review process itself is being hacked thanks to third-party services that can be paid to fabricate peer reviews for papers. In many cases, identity theft is also involved, with real scientists often never knowing that their identities have been stolen for the purposes of issuing false peer reviews.

Below is a mail sent to one of our own esteemed researchers, who was solicited to complete a survey about the peer review process. Although seemingly innocuous, a quick check on retractionwatch.com reveals that this particular survey has been flagged as a potential source of identity theft, malware and phishing. Dangerous parts of the mail have been removed.

If you are involved in writing and submitting academic papers and reviewing papers, be aware of the minefield of scammers out there who only want to use your good name and reputation, for their own monetary gain and status.

[ARTICLE BY DAVID WILES]

From: Scholarly Research Survey <scholarlyresearch@dummyaddress.com>

Reply-To: Scholarly Research Survey <noreply@dummyaddress.com>
Date: Thursday, 12 November 2015 at 12:05
To: Dr R.E. Searcher <emailaddress@dummyaddress.com>
Subject: Survey on peer review

   

Dear Dr. Searcher,

We are contacting you because you are the corresponding author on a paper that was published in XXXX-XXXX. We would like to invite you to complete a survey, which is about the attitudes of researchers to peer review and scholarly publishing in general. It should take no longer than 8-12 minutes of your time.

This study is being conducted on behalf of a major publisher whose identity will be revealed at the end of the study as we do not wish to bias responses. Your results will be kept confidential and used only for research purposes.

To begin the survey, please click on the link below (or paste it into your browser):

Click here for survey

Thank you very much for your time, we really value your input.

________________________________________________________________________________

If you would like to opt-out of mailings in relation to this research project, please click (here).
Please do not reply to this e-mail as the inbox is not monitored. If you are having trouble with this survey you can let us know (here) and we will address any technical problems as quickly as we can.

[:af]

Dis geen geheim dat feitlik enigiets op die internet nagemaak kan word nie – werksverwysings, nuus, akademiese kwalifikasies en wetenskap.

Akademiese joernale wat belangrike universiteitsnavorsing, soos die waarmee Stellenbosch te doen kry, moet die toename van onegte portuur beoordelings hanteer.Bedrogskemas, wat hulself versteek as akademiese joernale en betaling eis om verhandelinge te aanvaar en publiseer, sonder enige portuur beoordeling, is algemeen. Die portuurbeoordelingsproses self word nou egter gekraak deur middel van derde-party dienste wat betaal kan word op portuur beoordelings vir verhandelings te versin.

Identiteitsdiefstal is in baie gevalle ook betrokke en werklike wetenskaplikes besef nie dat hulle identiteite gesteel is met die doel om vals portuur beoordelings uit te reik nie.

Onder is `n e-pos wat gestuur is aan een van ons voorste navorsers waarin hy/sy lastig geval word met die versoek om `n opname oor die portuur beoordelingsproses te voltooi. Alhoewel dit onskadelik voorkom, het die webwerf retractionwatch.com gewys dat hierdie spesifieke opname aangemeld is as `n moontlike bron van identiteitsdiefstal, malware en phishing. Gevaarlike dele van die e-pos is verwyder.

Indien jy betrokke is by die skryf, indien en beoordeel van verhandelinge, wees bewus van die mynveld van kriminele wat slegs jou goeie naam en reputasie vir hulle eie geldelike voordeel en status wil misbruik. 

[ARTIKEL DEUR DAVID WILES]

From: Scholarly Research Survey <scholarlyresearch@dummyaddress.com>

Reply-To: Scholarly Research Survey <noreply@dummyaddress.com>
Date: Thursday, 12 November 2015 at 12:05
To: Dr R.E. Searcher <emailaddress@dummyaddress.com>
Subject: Survey on peer review

   

Dear Dr. Searcher,

We are contacting you because you are the corresponding author on a paper that was published in XXXX-XXXX. We would like to invite you to complete a survey, which is about the attitudes of researchers to peer review and scholarly publishing in general. It should take no longer than 8-12 minutes of your time.

This study is being conducted on behalf of a major publisher whose identity will be revealed at the end of the study as we do not wish to bias responses. Your results will be kept confidential and used only for research purposes.

To begin the survey, please click on the link below (or paste it into your browser):

Click here for survey

Thank you very much for your time, we really value your input.

________________________________________________________________________________

If you would like to opt-out of mailings in relation to this research project, please click (here).
Please do not reply to this e-mail as the inbox is not monitored. If you are having trouble with this survey you can let us know (here) and we will address any technical problems as quickly as we can.

[:]

Email

Tags: ,
Posted in Security | Comments Off on [:en]Phishing warning: Survey on peer review[:af]Phishing-waarskuwing: Opname oor portuurbeoordeling[:]

Cyber security – no science fictionKubersekuriteit – nie wetenskapfiksie nie

Monday, October 26th, 2015

“Cyber” – the word conjures up images of futuristic robots, a post apocalyptic world and machines displaying human characteristics. Clearly we’ve seen too many sci-fi movies.

However, cyber security isn’t in the future, it’s here now and the threat is very real.

Wikipedia defines cyber security as follows:

Computer security, also known as cybersecurity or IT security, is the protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide. It includes controlling physical access to the hardware, as well as protecting against harm that may come via network access, data and code injection, and due to malpractice by operators, whether intentional, accidental, or due to them being tricked into deviating from secure procedures. https://en.wikipedia.org/wiki/Computer_security (2015/10/12)

It is clear that any theft from ICT equipment or data, as well as any disruption of service, can be added to this definition.

The following categories have been included in Wikipedia: Backdoors; Denial-of-service attack; Direct-access attacks; Eavesdropping; Spoofing; Tampering; Privilege escalation; Phishing; Clickjacking; Social engineering and trojans. (Over the next few months we will be discussing these categories in more detail.)

The reasons for attacks on companies are mostly for financial gain, but where Stellenbosch University is concerned, there are a few other reasons. For example financially, manipulation of marks or degrees, access to exam papers, access to and manipulation of research material, obtaining contact information (staff, students or donors), for ideological reasons, using our computing power and abusing our high speed internet access to launch attacks on other entities, etc.

The biggest weak spots in security include usernames and passwords; untrained or inadvertent users; unsafe work stations; obsolete equipment, faulty hard drives; “man-in-the-middle“attacks and cloud services.

The easiest way to gain access to our systems is by means of an existing username and password. Of course it’s of the utmost importance that users choose passwords that are difficult to hack and maintain good password practice.

Don’t use official SU usernames and passwords for any other service or social media. Rather create a separate gmail or live.com e-mail address and use it for official registrations and services.

User access needs to be audited on a regular basis and out-dated rights, need to be removed.

Untrained or inadvertent users are probably the single biggest risk. It’s easy to be “convinced” to click on a link or open an e-mail attachment. Someone who does not pay attention to what they do, are easy targets – even in cyber space.

Work stations under control of end users with administrator rights provide another risk, since they can install any programme. Users navigate to any web address and click links without thinking twice. Any of these links can compromise the workstation and subsequently also the whole campus infrastructure.

Even outdated equipment contains data. Therefore it is important that any data be removed before equipment leaves university property.

These are just a few examples of threats to cyber security and the challenges they present Information Technology. With the assistance of our users, we can at least prevent a few of these dangers.

 

As ons die woord cyber hoor, dink ons aan futuristiese robotte,`n post-apokaliptiese wêreld en super-slim rekenaars.

Kubersekuriteit is egter nie in die verre toekoms nie, dis reeds hier en die bedreiging is werklik.

Wikipedia omskryf kubersekuriteit as volg:

Computer security, also known as cybersecurity or IT security, is the protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide. It includes controlling physical access to the hardware, as well as protecting against harm that may come via network access, data and code injection, and due to malpractice by operators, whether intentional, accidental, or due to them being tricked into deviating from secure procedures. https://en.wikipedia.org/wiki/Computer_security (2015/10/12) 

Dit is dus duidelik dat enige diefstal van IKT toerusting of data, en ook enige ontwrigting van die diens by die definisie ingesluit word. 

Die volgende kategorieë word volgens Wikipedia identifiseer: Backdoors; Denial-of-service attack; Direct-access attacks; Eavesdropping; Spoofing; Tampering; Privilege escalation; Phishing; Clickjacking; Social engineering and trojans. (Oor die volgende paar maande sal ons hierdie kategorieë in meer detail verduidelik.)

Die beweegrede vir aanvalle op firmas is dikwels van monetêre aard, maar in die geval van die Universiteit van Stellenbosch is speel ʼn paar ander motiverings ook ʼn rol, byvoorbeeld finansieel, punte/grade manipulasie, vooraf insig in vraestelle, toegang tot en manipulasie van navorsingsmateriaal en resultate, verkryging van kontakbesonderhede (personeel, studente, donateurs, ens), ideologiese redes, benutting van ons rekenaar verwerkingskrag, misbruik van ons hoë-spoed internettoegang om aanvalle op ander entiteite te loods, ens. 

Die grootste swakplekke in sekuriteit sluit gebruikersname en wagwoorde; onopgeleide of onoplettende gebruikers; onveilige werkstasies; uitgediende apparatuur; foutiewe hardeskywe; “man-in-the-middle“-aanvalle en cloud-dienste, in.

Die eenvoudigste manier om toegang tot ons stelsels te kry is om dit deur middel van ʼn bestaande gebruikersnaam en wagwoord. Vanselfsprekend is dit dus belangrik dat gebruikers wagwoorde kies wat moeilik ontsluit kan word en goeie wagwoord praktyk toepas.

Moenie amptelike US gebruikersname en wagwoorde vir enige ander diens en sosiale media te gebruik nie. Skep liewer `n aparte gmail of live.com e-posadres en gebruik dit vir nie-amptelike registrasies en dienste. 

Gebruikers se toegang moet gereeld geouditeer word en ou regte wat nie meer gebruik word nie, moet verwyder word.  

Onopgeleide of onoplettende gebruikers is heel moontlik die grootse enkele risiko wat daar is. Dis baie maklik om “oortuig” te word om op `n skakel te klik of ʼn e-pos aanhangsel oop te maak. Iemand wat nie oplet na wat hul doen nie is ʼn maklike teiken vir enige aanvaller — ook in die kuberruimte.

Werkstasies onder die beheer van eindgebruikers met administrateursregte, bied `n volgende risiko, aangesien hulle enige program kan installeer. Gebruikers navigeer na enige webadres en klik op skakels sonder om daaroor te dink.  Enigeen van die skakels kan die werkstasie en gevolglik die kampus-infrastruktuur en data blootstel. 

Ook uitgediende apparatuur kan data bevat en gevolglik is dit noodsaaklik dat alle data eers verwyder word voordat apparatuur US-eiendom verlaat.

Hierdie is bloot `n paar voorbeelde van kubersekuriteit risikos en die uitdagings wat dit aan Informasietegnologie bied. Met gebruikers se hulp kan ons egter die gevare so ver moontlik afweer.

Email

Posted in Security | Comments Off on Cyber security – no science fictionKubersekuriteit – nie wetenskapfiksie nie

« Older Entries
Newer Entries »