Malware and Ransomware Threats
Malware
Malware is short for "malicious software." It is a program or file designed to be disruptive, invasive and harmful to your computer. Types of malware include viruses, spyware, adware and worms. Malware frequently strikes the Ohio State campuses, causing varying degrees of trouble. It is most frequently transmitted through e-mail attachments, Instant Messages (IM), peer-to-peer downloads, phishing and misleading web sites. Virus outbreaks cause harm by destroying data on infected computers and/or by increasing network traffic by triggering e-mail messages that carry the virus to all e-mail addresses in an address book or a random combination of addresses.
Ransomware
Ransomware is a type of malware that is designed to block access to all or part of a computer system until a sum of money is paid. Because attackers are looking to maximize their payday, the targets are typically larger entities (departments, colleges, businesses) that not only are likely to have the funds, but also experience a significant loss when they cannot access their systems. However, individuals are still a target of ransomware because they can be a doorway into an organization’s systems.
When it comes to preventing or detecting ransomware, there is no silver bullet. However, you can use some of the following techniques to help prevent and detect ransomware, which may help minimize your risk of getting malware.
Limit access to network file shares
Keep things updated
Only open safe emails and links
Only download APS approves apps, extensions, and add ons.
Have I been Pwned?
If a company you have an account with has suffered a data breach it’s possible your email may have been pwned, which means your email and password for that site’s account has been exposed to cybercriminals. haveibeenpwned.com is a website that checks if an account has been compromised.
Test your work and personal email accounts to see if it has been involved in a breach. This is especially important if users share passwords across multiple accounts (a big no-no!). We encourage users to use separate passwords (and perhaps research different password managers that may work for them).
If you find out you have been pwned, please change your passwords (especially for those affected accounts). It may also be a good time to set up some multi-factor authentication on those accounts as well, if the vendor supports it.
Phishing
Phishing scams are a form of “Social Engineering” in which the attacker attempts to trick you into giving them your credentials or access to your system. Phishing typically refers to scams carried out through email, but very similar scams can be run through text or social media messaging. In phishing scams, the attacker, or “phisher,” will pose as an institution or individual that you trust by sending you a fake message that claims to be from that trusted party.
Often, the goal of a phishing attack is to get you to provide your login credentials or other sensitive information like your social security number or financial institution information. This information could then be used to gain access to your private accounts or to steal your identity. You should be suspicious of any email that asks you to provide personal information or that directs you to a webpage that ask for this information.
Another goal of phishing is to trick you into downloading malicious code onto your computer. This can occur when you click a link or open an attachment. The malicious code can then do any number of very bad things to you, your computer and your network. You may never know it’s there, or it may be glaringly obvious like when “Newman’s” face pops up on Samuel L. Jackson’s computer screen in Jurassic Park saying, “Ah Ah Ah.”
Phishers attempt to play on your emotions, often including disturbing or enticing information in their emails in an attempt to provoke you to act. They may try to create a false sense of urgency by saying "your account will be deleted" or that "you are over your email storage space." They often urge you to act immediately to "update" or "verify" your account information.
Phishing techniques and social engineering techniques in general are growing increasingly complex and the impersonations are getting more and more realistic and difficult to spot. Ohio State email accounts continue to be targets for an increasing number of phishing attacks. Some of these emails are very sophisticated; using "real" email addresses, convincing branding and/or "official" signatures.
If you think an email is a phishing attempt, report it!
Recognizing a Phishing Attempt
Here's a list of points to consider when deciding if an email is trustworthy. However, don't rely on any single factor.
False claims, warnings and threats
Unofficial "From" addresses
Impersonal or strange greetings
Spelling, punctuation and grammar
Spoofing popular websites or companies
Protecting Yourself from Phishing
Think before you act. Be wary of communications that implore you to act immediately, offers something that sounds too good to be true or warns of negative consequences if you do not act now.
Look closely at embedded links. Phishing emails often include links that may look legitimate but actually send you to malicious web sites that look and feel like the authentic ones. The web page address (URL) may use a variation in spelling. Or the URL shown may appear to be legitimate - but when you hover over the link with your mouse to see where it will lead, a fake address may be displayed.
Do not provide your login credentials or any personal information.
If you think an email is a phishing attempt, report it!
Using the Phish Alert Button is not only a way for you to report suspicious emails, it will also take the place of the need for creating service desk tickets when you receive suspicious emails. Reported emails are sent to our service desk and will be auto assigned to the correct team for review. So, your reporting of a suspicious email could prevent hundreds of our colleagues from falling victim to a malicious scam.
Email Best Practices
All school/ APS business should be conducted through your APS email. We have additional security in place to ensure school and district info stays safe. This is important to aligning with best practices and regulations that require archiving, record retention, and reporting.
But what about your personal emails and information,? There are a few things you can do to stay safer while using these services, particularly if you use that email address to reset passwords for banking, e-commerce or social media sites.
Turn on multi-factor authentication if the service provides it. This will provide an extra layer of defense. An attacker can’t simply guess your security question to reset your password.
NEVER share your password with a friend for ease-of-use. Keep separate email addresses and create a distribution list if you wish to receive incoming emails from multiple senders.
Consider closing accounts with email companies that have had major data breaches and did not provide details on what steps they took to ensure a similar incident didn't occur in the future. Conducting a web search will give you a good idea of which companies are most likely to keep your information safe.
Be sure your email site is encrypted through SSL/TLS. You can confirm this by looking at the web address. It should begin with https://. The “S” is what you are looking for to confirm encryption is being used.
Single Sign on
Single sign-on (SSO) is a session and user authentication service that permits a user to use one set of login credentials -- for example, a name and password -- to access multiple applications. For example, Classlink or my.aps.edu is a SSO.
Although single sign-on is a convenience to users, it presents risks to enterprise security. An attacker who gains control over a user's SSO credentials will be granted access to every application the user has rights to, increasing the amount of potential damage. In order to avoid malicious access, it's essential that every aspect of SSO implementation be coupled with identity governance. Organizations can also use two-factor authentication (2FA) or multifactor authentication (MFA) with SSO to improve security.
Google, LinkedIn, Twitter and Facebook offer popular SSO services that enable an end user to log in to a third-party application with their social media authentication credentials. Although social single sign-on is a convenience to users, it can present security risks because it creates a single point of failure that can be exploited by attackers.
Many security professionals recommend that end users refrain from using social SSO services altogether because, once an attacker gains control over a user's SSO credentials, they will be able to access all other applications that use the same credentials.
To learn more: https://searchsecurity.techtarget.com/definition/single-sign-on
Google Sign on
Many websites, such as Seesaw, Flipgrid, and others, will allow users to log in through Google. When setting up online accounts, you may be prompted with options to sign in with your Google account or another site like Facebook, Twitter, Apple, etc. The information stored on Google can create new user accounts and sign you in with only a few clicks. While this system makes logging in easier and more secure, you may be worried about potential privacy risks. Is it safe to sign in with Google?
Using the option to sign in with Google is safe. Google’s strong security and OAuth system provide better protection than current poor password practices. Users should understand the privacy concerns. Authenticators share data and account permissions to third-parties while collecting user login and traffic.
For more information: https://dataoverhaulers.com/sign-in-google-safe/
Page citation: https://cybersecurity.osu.edu/cybersecurity-you/develop-safe-habits/securing-3rd-party-email