Security « Informasietegnologie

Security

Stricter rules for VPN

Thursday, June 21st, 2018

Many of our staff and students use FortiClient to obtain VPN access to the Stellenbosch University network when they are not on campus. To maintain a safe and secure network, we have to put measures in place for our services to minimise the potential exposure to the University from damages which may result from unauthorised use of university resources. This is particularly important when it comes to access via VPN to our network.

From 6 August 2018 new VPN users have to register for VPN usage. If you have used VPN (FortiClient) since 1 January 2018, you are considered a registered user by default and don’t have to reapply for access. However, if you are a new VPN user, please follow the process described below.

If you need VPN access to the SU network via FortiClient, the following simple process is applicable:

The head of your department needs to send an email to help@sun.ac.za motivating why you require VPN access for work purposes.
You will receive an email confirming your registration with instructions on how to install the FortiClient needed for VPN usage.

A VPN (Virtual Private Network) is a way of connecting your off-site computer directly to the University network and allows you to access internal resources such as other computers, network storage, websites, journals using the applications already installed on your off-site computer. VPN provides an encrypted connection which helps to ensure that sensitive data is safely transmitted and prevents unauthorized people from eavesdropping on the traffic, allowing the user to conduct work remotely.

A secure VPN connection to the SU network with FortiClient is not necessary for standard, web-based services. These include email, library resources, SUNLearn or the SUN-e-HR website. All of these services are already accessible via the internet without a VPN connection.

More information on the use of VPN and FortiClient at SU is also available on our service catalogue.

Tags: forticlient, remote access, vpn
Posted in Connectivity, Security | Comments Off on Stricter rules for VPN

New variant of BIP Dharma ransomware found

Monday, June 11th, 2018

WHAT IS RANSOMWARE?

Ransomware, for example, CryptoLocker, WannaCry or BIP Dharma, is a type of malware that installs itself on a device, takes files on the device or network storage, encrypts them, and then extorts money from the user to unlock the files. This type of programme can be installed by means of an e-mail attachment, an infected programme or unsafe website with malware installed on it.

The software “kidnaps” your data by encrypting or limiting your access to it and then sending you a message demanding money to regain your access. The only way access is possible again is by acquiring an encryption key from the creator of the ransomware at a fee. However, paying this fee doesn’t guarantee that you will have access to your data again, so doing this is a huge risk.

According to Sophos security ransomware is one of the most widespread and damaging threats that internet users face today.

HOW TO AVOID BECOMING A RANSOMWARE VICTIM

You can practice the following security practices to avoid falling victim to ransomware.

1. Make backups

Ensure that you always have the latest backup of your work somewhere else, preferably off-site. If you do fall for a ransomware attack, you will still have your data. Having your data off-site also protects it from events such as a fire, flood or theft or damage to your device. Additionally, you can encrypt your device to ensure that if it ends up in the wrong hands, they won’t be able to access it.

2. Do not open attachments

If you receive an attachment from someone you don’t know. And even if you do know the person, first confirm whether they did send it to you. Just because it’s from someone you know, it doesn’t mean it’s safe. Your colleague or friend’s account could have been hacked.

3. Scan attachments

There are tools such as VirusTotal available for scanning attachments to ensure that they are safe to open. VirusTotal is an online scanning tool and can be found at https://www.virustotal.com/#/home/upload.

4. Keep Windows updated

Make sure all Windows updates are installed as soon as they come out. Also make sure you update all programmes, especially Java, Flash, and Adobe Reader. Older programs contain security vulnerabilities that are commonly exploited by malware distributors. Therefore it is important to keep them updated.

5. Security software

Make sure you have some sort of security software installed. If you are unsure whether you have adequate protection on your device, contact us to assess your security.

6. Difficult password

Use hard passwords and never reuse the same password at multiple sites.

[SOURCE: www.sophos.com]

Posted in E-mail, Security | Comments Off on New variant of BIP Dharma ransomware found

Phishing Scam about “Unexpected Mail Shutdown

Wednesday, June 6th, 2018

There is currently a bombardment of phishing emails arriving in university accounts about an “Unexpected Mail Shutdown”. The mail used alarmist threats about pending shutdowns and has all the signs of a phishing scam, including a website that is not on the university network.

This is a typical phishing scam and although it is being sent to university addresses, you should not react, respond or click on any links, as the phishers insert your email address in the link field and thus can identify your account as functional.

Below is the mail arriving in many university accounts:

If you have received this mail like this, please report is to the Information Technology Cybersecurity Team using the following method:

Send the spam/phishing mail to help@sun.ac.za and sysadm@sun.ac.za

Attach the phishing or suspicious mail on to the message if possible.
1. Start up a new mail addressed to sysadm@sun.ac.za (CC: help@sun.ac.za)
2. Use the Title “SPAM” (without quotes) in the Subject.
3. With this New Mail window open, drag the suspicious spam/phishing mail from your Inbox into the New Mail Window. It will attach the mail as an enclosure and a small icon with a light yellow envelope will appear in the attachments section of the New Mail.
4. Send the mail.

[Information supplied by David Wiles]

Tags: phishing, report phishing
Posted in phishing, Security | Comments Off on Phishing Scam about “Unexpected Mail Shutdown

Tripadvisor phishing scam

Monday, June 4th, 2018

It seems that there are a number of you who make some use of TripAdvisor.com for planning your overseas trips. TripAdvisor is travel and restaurant website that provides hotel and restaurant reviews, accommodation bookings etc. but the phishing scammers are currently targeting South African and Australian users with a phishing scam to try to get access to their TripAdvisor account.

Be on the lookout for a phishing scam that *might* target university personnel and student accounts over the next few days:

Hi <your name>,

Want to keep your username?
Since you haven’t been on TripAdvisor in a while, your username <your TripAdvisor username> will expire in two weeks. Want to keep it? Simply click on the button below:

Keep my username

While this might not seem to be much of an issue for some people, the real danger is that, in many cases, university personnel and students – some making use of TripAdvisor, use the same password for all their Internet accounts. According to a recent Ofcom report, over 55% of Internet users older than 16 used the same password for most – if not all! – the websites they tended to use.

If you do use the same password for lots of sites, and one of those sites are hacked, (like Tripadvisor) and hackers could start using your “leaked password” on multiple sites, they could gain access to more areas of your life such as your email, banking, social media and other accounts.

A very useful site to check if any of your online account have been hacked is https://haveibeenpwned.com/ This site helps you to check if you have an account that has been compromised in a data breach.

I concede that remembering passwords can be a real challenge, especially if you have a lot of online accounts. I recommend using password management software – also sometimes known as a password vault – like 1Password, KeePass and Lastpass.

Password management software can remember all your hard-to-crack passwords for you (they can even generate them to make sure they’re super complex), and store them securely behind one master password.

Please be very careful out there. Don’t become a statistic or a victim of identity theft!

[Article by David Wiles]

Posted in E-mail, Security | Comments Off on Tripadvisor phishing scam

Phishing mail using intimidation and threats

Friday, June 1st, 2018

There is no need to panic or be in anyway concerned for your personal safety about the latest batch of “phishing” emails that are going out with “death threats” or extortion regarding your “alleged” online activity around pornography sites etc.

A simple Google search using the following term “I Was Paid To Kill You scam” gave me 43 million results, all of the first 100 or so pages reporting this mail as a scam. A further search, narrowing the results down to only South Africa and only from last week, resulted in a little over 100 000 results, all of which were reporting as a hoax.

A similar scam first surfaced in the USA in 2006. An email from a would-be assassin was sent to a number of users from a Russian e-mail address. The “assassin” apparently appointed by a close acquaintance of his target, offers the victim the opportunity to buy him or herself a new lease on life by paying between $50,000 and $150,000.

If you receive mail like this, you should never panic. If you look at the extortion mail there are clues that reveal that the mail is a hoax:

The subject line: “I Was Paid To Kill You”, “YOU SHOULD BE ASHAMED OF YOURSELF”, “YOUR PRIVACY HAS BEEN COMPROMISED”
These are designed to cause anxiety, stress and panic.
Time limits: “You have 48 Hours to pay…”
How can the scammer know that you have received the mail and when you have read the mail and keep track of time to see if “48-hours” has passed?
Engagement: “Contact me back via e-mail…”
Never make contact with the scammers. This immediately alerts them that a “real person” read their mail and they will be able to concentrate their nefarious efforts on you.

If you ever receive emails like these, please report is to the Information Technology Cybersecurity Team using the following method:

Send the spam/phishing mail to help@sun.ac.za and sysadm@sun.ac.za.

[Article by David Wiles]

Tags: phishing, report phishing
Posted in E-mail, Security | Comments Off on Phishing mail using intimidation and threats

IT links

SU Links

Recent Posts

Categories

Archives