Internet Storm Center Infocon Status

Search ISU Security

RSSSubscribe to the RSS Feed
ISU Information Security

Phishing Scam Targeting ISU

Tuesday, February 9, 2016 14:51

Warn_ComputerPhishing scams are a continual threat to be aware of. Currently, an email scam is targeting ISU users attempting to coerce users into giving up their personal data. The attempted scam, while older, can still mislead the unwary to giving up their ISU credentials.

The email, from “ISU Admin-Desk”, announces that ISU is upgrading webmail security and invited the user to update their account via a link in the email. It also contains a warning that failing to do so will render the user’s account inactive.

Clicking the link in the email will take the user to a site that looks similar to ISU webpages in color palette and contains images/logos from ISU resources. From there the victim is invited to enter their user details. All of this is a scam, intended to fleece the unwary of their ISU computer account credentials.

ISU IT services has never asked users for their account information in order to upgrade our web and email services.

Related Links

Phishing – Avoid the net.

LastPass Password Management Service possibly vulnerable to web attack

Thursday, January 21, 2016 15:19

Warn_GlobeA security researcher has found password management service LastPass is vulnerable to a certain web attack. The attack uses compromised websites and phishing style trickery to fool a LastPass user into giving up their login information.

    The attack

  1. The attack has your browser send a request to log out LastPass, then sends a notice to your browser that LastPass was logged out using a fake browser-banner.
  2. Clicking on the banner notice takes the victim to a fake login for the LastPass plugin. Where, if the user fills in the login, the attacker can harvest the user’s Lastpass login info.
  3. If a user has two-factor authentication enabled for their LastPass account, the attacker’s script will re=direct the user to a two-factor prompt and continue the attack from there.
  4. Once the attacker has the user’s credentials, they can log in to the LastPass account as the user and access the victim’s data.
    How can a user defend against possible compromise.

  • When visiting a webpage, if you are informed that LastPass has logged you out, via a browser banner, do NOT click the banner link. Instead, close the webpage, then open the Lastpass browser extension directly or visit the LastPass webpage to log back in to LastPass.
  • If, when visiting the same page, you get a browser-banner notification that you’ve been logged out again, the webpage (not necessarily your LastPass account) may have been compromised.

Mitigation

The security researcher responsible for this information points to this as a failure in how LastPass handles login and logout. It should be noted that LastPass has implemented an email verification step to their login/logout process to mitigate against this attack.

It should also be noted that the attack appears to be most effective using Google Chrome, as the extension’s windows, banners, and URL can be mocked up pretty effectively using very simple tools. This does not mean the attack cannot successfully be pulled off in Firefox or Safari

Related Links

The original paper on the attack.

LastPass’ FAQ page on the attack

IRS Scam Now Includes Ransomeware

Monday, January 4, 2016 17:29

Warn_NetworkScammers have long posed as government officials, attempting to scam unwary victims into giving away personal info and bilk them out of money. In the last few years ransomeware, malware that infects the victim’s machine and encrypts the victim’s data, threatening to destroy the data if the victim doesn’t pay up, has become a serious threat. Now the two scams are being combined in a malicious form.

Scammers are sending out fake emails claiming to be frm the IRS. Security firm Heimdal Security reports on the common format the emails take:

From: [spoofed / fake return address]

Subject Line: Payment for tax refund # 00 [6 random numbers]

Attached: Tax_Refund_00654767.zip -> Tax_Refund_00654767.doc.js

Within the email is a malicious attachment that when opened runs a script that download the malware to infect the victim’s machine with the ransomeware.

Users should always be wary when opening emails purporting to be from an official source and never open attachments or links within any email from an unknown or questionable source. If a user has questions about a purported official source, call the local offices of the department in question to ask directly about the validity of any email contact. (All US government departments have contact information on their websites and many will not contact a person through unsolicited emails. Use the contact info on the government website, not any given in the email.)

More Information

News article with further details about this particular attack

IRS Official webpage

Four tips toward a safer holiday

Friday, December 4, 2015 15:29

Santa_GlobeThe holidays are upon us. And while the hustle and bustle of the season may keep us busy, it’s a great time of year to check and double check your personal info security.

    Here are four security tips to help secure your holiday peace of mind:

  1. Enable multi-factor authentication on online accounts

    Many online services, email, social sites, or online gaming sites, have multi-factor authentication services available. Multi-factor authentication consists of some combination of 1) Something you know (a password), 2) Something you have (a key), and 3) something you are (like a fingerprint). So, when logging into a site you may be presented with a password prompt (factor 1) and then sent a numerical key as a text to your phone (factor 2), which will confirm you are the person requesting the login.

    Multi-factor authentication can assist in preventing scammers from hijacking your online accounts.

  2. Enable pin/password protection on your mobile devices.

    With all of the holiday rushing about, it’s easy to lose track of smaller things, like a cell phone. If your phone is lost or stolen, a pin or password can provide some degree of protection from having personal information stolen. Check with the manufacturers documentation for instructions on enabling pin/passwords.

  3. Never reuse passwords.

    Keep the tokens you use to authenticate to services seperate and nonrelated. When setting up passwords and the recovery methods be aware of the security questions you choose and avoid those that could have easily verifiable information (ie “What is your mother’s maiden name”). If you’re worried about having to remember a large roster of passwords, there are several password-keeper type applications available. Just be sure the applicatin you use encrypts the data when not in use.

  4. Back up your valuble data.

    Protect your data from being lost, so even when disaster strikes, you know you can eventually recoverthat important information. Large external harddrives are getting cheaper every year, and the investment is well worth it. Applications for running consistant timely backups are readily available through an internet search. If you decide to back up online, be sure the service offers encryption as a feature, so the data is protected even if the service is compromised.

We will continue our holiday tips next time with advice on protecting yourself against scams and the grinches that would try to ruin your holiday.

Scam Notice

Tuesday, October 20, 2015 15:43

Warn_GlobePocatello Police report that ISU students are being targeted by scammers claiming to befrom the Federal Bureau of Investigation (FBI).

The scammers are calling students and telling them that there is an “issue” with their taxes or financial aid. The student is directed to report to Western Union to make payment to resolve the false issue or their financial aid will be cancelled. According to the police department the scammers are using the ISU directory to gain basic information about the student such as major, email and phone number.

If students want to unlist their phone number from the ISU Directory, they can go to BengalWeb, choose “Academic Tools,” and then under “Student Records” they can hit the link for “update address and phone number.” At this last link, they can click on the “primary phone” link and then can check the box “unlisted.” To get a full Family Educational Rights and Privacy Act (FERPA) block and have all student information blocked from the ISU Directory students can contact the Registrar.

If a student thinks they have been targeted in a scam they can contact ISU Public Safety at 282-2515.

Related Links

Bengalweb Login

ISU students were targeted in a similar scam last spring

Mac OS X, El Capitan now available

Wednesday, September 30, 2015 14:43

apple-logoApple has released the latest upgrade to its operating system for the Mac. Dubbed El Capitan, this latest version integrates some new fetures aimed at making the system more secure and safe for the average user. Mac users can find the new OS in the App Store.

As with any major system update, users are advised to research the update to ensure applications they use are compatible with Apple’s latest offering. In particular, some application developers have reported delayed and, in a few cases, possibly no updates to some products due to some of the security features within the new OS making updating the functionality of the product prohibitive.

Related Links

The Mac OS X page

Welcome Back ISU! Are you up-to-date?

Monday, August 24, 2015 16:12

Anonymous_NetworkThe campus is coming to life. Students are once again wandering the halls and sidewalks of ISU, and faculty and staff are returning from their summer breaks. With the break of summer many systems and machines on campus are being powered back on for the first time since the end of Spring semester. While these systems were powered down the world kept moving forward. Flaws in software were discovered and patched, new exploits were uncovered by persons with both good and bad intent, and in general updates to software were introduced over the summer. Have you checked to make sure your software is up-to-date?

The major operating systems, Windows, MacOS, and Linux have all released updates over the last few months involving updates to the security of the systems. Major flaws were patched in the protocols and platforms the systems used to connect and communicate with the local network and the internet. While, in general, these systems will update automatically when they’re turned on, err on the side of caution and double check that your system’s “Auto-update” features are enabled.

Many third-party applications also have updated over the summer and have sat dormant while shutdown for the summer. While some, like the major internet browsers, have auto-checking for updates enabled by default and will update as soon as it is turned on, some software needs to be prompted to look for updates. And some updates may require the user to actively look up and download updates for the software.

Below are some links on how to automate your system’s updates.

Related Links

Steps to get Windows 7 and 8 security updates automatically

Automatic updates for Mac OS X

Possible Phone Scam

Monday, August 3, 2015 15:42

Warn_GlobeAn old telephone scam appears to be resurfacing that we would like you to be aware of.

You receive a series of hang-up calls with no CallerID information.
You then receive a call with CallerID information.
You call the number back and it rings a long time and then you get a voicemail greeting and/or music.

What just happened?
You were tricked into calling back a number that is set up to charge-back to the originating number (you or ISU) a flat fee + a per minute additional fee.
The cost of the fees can be staggering and since you have no control over foreign governments or utilities, you/ISU will not have a recourse other than to pay whatever you/ISU were charged.

How to avoid many of the most common telephone scams:

– Never call back a hang-up-call from a number when you do not know who called you.
– Never return a call when you have received a voicemail message when you do not have a relationship with the caller.
– Never return a call when you receive a voicemail message stating you have won something.
– Never give out personal or sensitive information to anyone when you do not know who they are.
– If someone calls you and says they are your bank, credit union, utility, etc. and they say they represent a company you normally have dealings with and they ask you for personal
or sensitive information, (username, passwords, security phrases, security questions, etc) to verify they are talking to the right person, hang up. They would not ask those questions.
– If someone calls and leaves a voicemail message and says they are from your bank, etc. do not call back the number they leave if it is not the published customer service number of your bank, etc.

Guard Against Sypware

Tuesday, July 21, 2015 11:01

Warn_NetworkRecently, unidentified attackers breached an Italian company called Hacking Team that sells spyware to governments and other organizations.

Spyware is a kind of targeted malware on both PCs and mobile devices that collects a broad amount of data about a person or organization without their knowledge. It then sends this data to the attacker(s) who typically gather that data for the purpose of espionage (spying) or criminal/financial gain.

Why should you care?
You personal computer and/or mobile device can contain a large amount of information which is valuable. By keeping yourself protected, you can safeguard your security and privacy.

    Targeted malware can get on your device in 2 ways:

  1. An attacker gains physical access to your device.
  2. An attacker tricks you into downloading an app via an email, SMS, or other message.
    How can you protect yourself?

  • Keep a secure passcode on your personal computer and/or mobile device. Some spyware sold on the market requires that the attacker have physical access to your device to install this software. Requiring a passcode (especially on your mobile device) makes it much harder to get the needed access.
  • Don’t download applications from untrusted third party marketplaces or online links. Only download from official and vetted marketplaces such as the Apple App Store and Google Play.
  • Don’t jailbreak your mobile device.

Related Links

Several tech companies are busy issuing patches for exploits found in the Hacking Team data

MicroSoft Windows Update Includes Windows 10 “reservation” invite

Wednesday, June 3, 2015 15:07

windows-logoThis past weekend, Windows 7 and 8 users were prompted, though an update in the regular updates, to “reserve” their free Windows 10 upgrade. While the method of delivering the message was a bit questionable, the widows prompts, in this case, are a legitimate effort by MicroSoft to inform their customer base about upgrading later this summer to Windows 10.

The update isn’t scheduled to start until the end of July, and users of Windows 7 and 8 will have free access to the upgrade for a year.

Related Links

MicroSoft Answers on the upgrade

Microsoft Knowledge Base Article on the update 3035583, the update that provides the prompt