October is Cyber Security Month.

We’re glad you decided to join us.

IT Forum, October 30, 2019

Division of Information Technology

Team & Agenda

• Susan Bowen; Chief Information Officer and Associate Vice President for IT

• Carl Hurst; Associate CIO

• Ikram Muhammad; Information Security Engineer

• Thomas Kern; Information Security Analyst

Agenda

• Why Cyber Security

• Don't Fall For a Phish

• Passwords

• What’s Next

What is Cyber Security

Cyber security focuses on protecting computers, networks, programs and data, from unintended or unauthorized access, change or destruction.

Why Cyber Security

• Cyber Security affects everyone

• Your computer, tablet, cellphone and social media probably contain information that hackers and other criminals would love to have

• When you are aware of the risks, it may be much easier to protect yourself

A strong cyber security system relies on cyber defense technology &

on people making smart cyber defense choices

One Technique: Phishing

• What: Specialized email attack against a specific target

• Goal: collect information or gain access to systems

• Technique: disguising oneself as a trustworthy entity in an electronic communication

Spot a Phish

Review the email samples on your tables.

1. Is it a phish?

2. Why or why not?

3. If it is a phish - what is your next step? What do you do or

not do?

Dear Colleagues:

Our aim is to provide guidance and align our behaviors as we make great decisions that impact our daily operations. We rely on our values and this code as guidelines, as a breach of the Policy may result in disciplinary action against the Employee concerned.

All employees, including all individuals on full-time or part-time employment with the institution are required to go through the guidelines attached in this email. It is important that we all adhere to these guidelines so you will be helping to ensure a future success of this great institution

Thank you for your ongoing commitment to delivering a better and reliable service.

Sincerely

Scott R. Pilarz

Dear Colleagues:

Our aim is to provide guidance and align our behaviors as we make great decisions that impact our daily operations. We rely on our values and this code as guidelines, as a breach of the Policy may result in disciplinary action against the Employee concerned.

All employees, including all individuals on full-time or part-time employment with the institution are required to go through the guidelines attached in this email. It is important that we all adhere to these guidelines so you will be helping to ensure a future success of this great institution

Thank you for your ongoing commitment to delivering a better and reliable service.

Sincerely

Scott R. PilarzPhish

Malware was detected in one or more attachments included with this email message.Action: All attachments have been deleted.

I want you to get some Gift cards available. We have some clients we would like to give some as gifts.

Let me know if it is possible for you to make arrangements for the gift cards, so I can tell you which

product we would need and what denomination they would be.

Kindly confirm this to me now.

Thank you

I need you to get a task done for me now. I am in a meeting can't take calls or text just reply my

email.

What do you need.

Social Engineering/Scam

I want you to get some Gift cards available. We have some clients we would like to give some as gifts.

Let me know if it is possible for you to make arrangements for the gift cards, so I can tell you which

product we would need and what denomination they would be.

Kindly confirm this to me now.

Thank you

I need you to get a task done for me now. I am in a meeting can't take calls or text just reply my

email.

What do you need.

Social Engineering/Scam

Hello!

I am a hacker who has access to your operating system. I also have full access to your account.

I've been watching you for a few months now. The fact is that you were infected with malware through an adult site that you visited.

If you are not familiar with this, I will explain. Trojan Virus gives me full access and control over a computer or other device.This means that I can see everything on your screen, turn on the camera and microphone, but you do not know about it. I also have access to all your contacts and all your correspondence.

Why your antivirus did not detect malware?Answer: My malware uses the driver, I update its signatures every 4 hours so that your antivirus is silent.

I made a video showing how you satisfy yourself in the left half of the screen, and in the right half you see the video that you watched.With one click of the mouse, I can send this video to all your emails and contacts on social networks.I can also post access to all your e-mail correspondence and messengers that you use.If you want to prevent this, transfer the amount of $545 to my bitcoin address (if you do not know how to do this, write to Google:

"Buy Bitcoin"). My bitcoin address (BTC Wallet) is: 1ELKdWgfedTJ9FV4U5W2JVXFzTpKSqcCjM

After receiving the payment, I will delete the video and you will never hear me again. I give you 50 hours (more than 2 days) to pay. I have a notice reading this letter, and the timer will work when you see this letter.

Filing a complaint somewhere does not make sense because this email cannot be tracked like my bitcoin address.I do not make any mistakes.If I find that you have shared this message with someone else, the video will be immediately distributed.

Best regards!

Extortion and using passwords from other breaches.

Hello!

I am a hacker who has access to your operating system. I also have full access to your account.

I've been watching you for a few months now. The fact is that you were infected with malware through an adult site that you visited.

If you are not familiar with this, I will explain. Trojan Virus gives me full access and control over a computer or other device.This means that I can see everything on your screen, turn on the camera and microphone, but you do not know about it. I also have access to all your contacts and all your correspondence.

Why your antivirus did not detect malware?Answer: My malware uses the driver, I update its signatures every 4 hours so that your antivirus is silent.

I made a video showing how you satisfy yourself in the left half of the screen, and in the right half you see the video that you watched.With one click of the mouse, I can send this video to all your emails and contacts on social networks.I can also post access to all your e-mail correspondence and messengers that you use.If you want to prevent this, transfer the amount of $545 to my bitcoin address (if you do not know how to do this, write to Google:

"Buy Bitcoin"). My bitcoin address (BTC Wallet) is: 1ELKdWgfedTJ9FV4U5W2JVXFzTpKSqcCjM

After receiving the payment, I will delete the video and you will never hear me again. I give you 50 hours (more than 2 days) to pay. I have a notice reading this letter, and the timer will work when you see this letter.

Filing a complaint somewhere does not make sense because this email cannot be tracked like my bitcoin address.I do not make any mistakes.If I find that you have shared this message with someone else, the video will be immediately distributed.

Best regards!

Spear phishing - Faculty and Deans

Legitimate

Legitimate

Legitimate

https://livescranton-my.sharepoint.com/:f:/g/personal/ikram_muhammad_scranton_edu/EvD_Cl6k

r6JPg8jcFyTg78ABcvl2e-imqOv4M1h4F_jVQg?e=5

%3aKXDB4I&at=9

The Anatomy of a Phish

Read all communications carefully, and look for:

• Unofficial or odd “From” address

• Links to a questionable website

• Misspellings or incorrect grammar

• Urgent action

• Claim to have compromised your account

• A request to send funds

Hover over these to review

• Keep personal information secure• Do not click on any links• Do not open any attachments • Forward the phishing attempt as an

attachment to infosec@scranton.edu• Mark the email as Junk

Questions

• Is Duo Mobile worth the effort? Please update us on its value, as it is a genuine pain in the ass.

• Is there any way to stop those awful Robo calls? Also, if I answer or call them back, does that

open me up to security breaches?

• Do your smartphones need apps for to check for anti-virus / malware / etc?

What’s in a password?

• Use Scranton or Royals

• End in numerals 123 or 1234

• End with a year, i.e. 2019 or 1888

• Same for multiple accounts

• Minimum 9 characters

• No password change in the past 6 months

Passwords: Good, better & best practices

Good• Use the longest password or passphrase permissible

• Always remember to log out

• Avoid common phrases, famous quotes, and lyrics

Passwords: Good, better & best practices

• Use different passwords on different systems and accounts

• Use a password manager to store multiple passwords• Common freeware solutions include:

• Sticky Password (mobile fingerprint scan, form autofill)

• Roboform (one-click logins, offline access)

• Dashlane (security alerts for breaches, password generator)

• Lastpass (Syncing across devices) - How secure is your password?

• Don’t save passwords in browsers

• Modify passwords every 6 months

• Do not reuse old passwords

Better

Passwords: Good, better & best practices

• Avoid using real words (in any language)

• Don’t use passwords based on personal information

• Update security questions

• Use 2FA/MFA when possible

• Mnemonics!

Best

Mnemonic ExampleI Can Never Remember A Password

For The Life Of Me!

1cnr@Pftl0m!

Questions

• How to keep track of multiple passwords - I usually end up using a few different ones, but know

that is not what I am supposed to do! And I keep different ones in a file in my Documents on my

home computer. Also wrong, I think. Help!

The Future of Cyber Security at the University

Microsoft Office 365 Security Initiatives

• Email Encryption & Data Loss Prevention (DLP)

• Exchange Online Protection (EOP)

• Advanced Threat Protection (ATP)

Email Encryption & Data Loss Prevention

Sensitive Data Detection in Email, One Drive, SharePoint and Teams

• U.S Social Security Number

• U.S /U.K Passport Number

• Credit Card Number

• U.S Driver License Number

• U.S Bank Account Number

Sensitive Data can be sent via an encrypted email

Office 365 Exchange Online Protection

Anti-spam

• This current policy protects our organization from spam and move emails to Junk folder.

Anti-malware

• This policy protects our organization from known Malware.

Office 365 Advanced Threat Protection Testing

ATP anti-phishing• This feature helps protect users from phishing attacks (like impersonation

and spoofing) and use safety tips to warn users about potentially harmful messages.

ATP safe attachments• This feature helps protect our organization from malicious content in email

attachments and files in SharePoint, OneDrive and Teams.

ATP Safe Links• This feature helps protect our users form opening and sharing malicious

links in email messages and office 2016 desktop application.

Questions

• Is it important to secure our own home wifi, if so what is suggested? Are we at risk when using various smart technology in the home? (light switches, plugs, cameras, etc.)

• Is Windows Defender our only Virus\Trojan\Malware protection service? How do we remove these files from the quarantined space (asks for admin)?

• Do you recommend any particular antivirus software for home computers? What recommendations do you have for our personal computers related to privacy and security?

Resources

• Office of Information Security at infosec@scranton.edu

• Online resources with videos and tips: Scranton.edu/infosec