Computing Services

The department behind IT services at the University of Bath

Topic: Security

Ransomware email: be vigilant

  , ,

📥  Computing Services, Security

There have been reports that an educational institution has been targetted by a ransomware email. It contains an attachment that, when opened, scrambles files on your computer and on shared drives.

As a result of these reports, we recommend that you do not open any email attachments from unknown sources and ensure that you have antivirus software installed which is up to date. You can read the full guidance on protecting yourself against ransomware in our blog post.

Please feel free to contact us should you need any further information and advice about this issue.

We strongly advise you to back up your files on a regular basis.

 

Phishing attack change of name request.

  

📥  Security

We are getting reports of a phishing email that has been sent to students and staff at the University. If you receive this email please be aware that it is fake. Please ignore it and delete it.

If you have clicked on the link you can visit the Service Desk on Level 2 of the Library, or log a help ticket for further advice.

Example of the phishing e-mail is below:

changeofnamephishing
Our guide on what to do if you receive a phishing email

You can read our guide to phishing emails.

 

Guidance on protection against ransomware

  ,

📥  Security

Due to the ransomware attacks on the NHS and many other organisations as reported in the world media, we have provided some guidance to protect your personal devices (including ones you have at home) against similar attacks. If you have a University-owned device then please contact us for advice.

Windows XP
We recommend that you obtain the latest version of Windows as Microsoft no longer support this. However, they have provided an emergency update to protect your device against this particular attack.

If you are not able to obtain the latest version of Windows, then you need to run Windows update to ensure your system is up to date.

Ensure that you have antivirus software installed and that it is up to date. If you do not have antivirus software installed then we recommend Sophos which is offered to staff and students for free.

Windows 7/8/10
Run Windows update to ensure your system is up to date.

Ensure that you have antivirus software installed and that it is up to date. If you do not have antivirus software installed then we recommend Sophos which is offered to staff and students for free.

macOS
If possible, ensure you have upgraded to the latest macOS. 

If you are running Bootcamp, this will need to be updated too.

Check and run Mac software updates. 

Ensure that you have antivirus software installed and that it is up to date. If you do not have antivirus software installed then we recommend Sophos which is offered to staff and students for free.

Linux
Update your system to the latest version. 

If you are running a virtual machine this will need to be updated too.

Ensure that you have antivirus software installed and that it is up to date. If you do not have antivirus software installed then we recommend Sophos which is offered to staff and students for free.

iOS
Update your system to the latest version.

Ensure that you have antivirus software installed and that it is up to date. If you do not have antivirus software installed then we recommend Sophos.

Android
Update your phone to the latest software version. See your phone manufacturer’s website to find out how to do this.

Ensure that you have antivirus software installed and that it is up to date. If you do not have antivirus software installed then we recommend Sophos.

Further information and advice
Please feel free to contact us should you need any further information and advice about this issue.

We strongly advise you to back up your files on a regular basis.

 

 

Update: WannaCrypt Ransomware

  

📥  Security

This is an update about the WannaCrypt Ransomware virus that we blogged about earlier. We have discovered several new variants of the WannaCrypt Ransomware virus. Please be aware that we are doing everything we can to keep the University community safe and protected.

If you are in any doubt, the best way to contact us is at http://go.bath.ac.uk/it-help-form. If your enquiry is urgent then you can contact us on x3434. You can also visit the Service Desk in person on level 2 of the Library.

We will be providing a series of self help guides later on today.

Microsoft have provided guidance surrounding this at https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/

 

 

WannaCrypt Ransomware - please be vigilant

  ,

📥  Computing Services, Security

You will be aware of the news reports of ransomware attacks on the NHS and many other institutions around the world.  Ransomware attacks are mainly launched via email and are a major threat to our data.

To protect against these, the University of Bath relies on a layered approach to protect our systems with regular patching, anti-virus, firewall protection and mail filtering.  Updates to protect University systems against the vulnerability exploited in the latest attacks were tested and released to our systems and signature updates for the current attack were made available from our vendors.  Support teams are working to check that all updates have been deployed successfully and ensure that our systems are fully protected.

Ransomware does need someone to open the booby-trapped attachments so everyone should take care with emails containing attachments or links. An email may look genuine but can be spoofed. You should ask yourself:

  • Am I expecting an email from this organisation?
  • Have I actually purchased or used the service being referred to?
  • Am I confident that the attachment is safe?

Even if you choose to open the attachment:

  • Never tick/check enable macros on attachments, unless you explicitly need to and trust the sender. If in doubt contact Computing Services.
  • Don’t run a program if you don’t know where it has come from and haven’t chosen to install it yourself.

If you are in any doubt, the best way to contact us is at http://go.bath.ac.uk/it-help-form. If your enquiry is urgent then you can contact us on x3434.

Personal and home computers need to be protected as much as University systems, so make sure you run system updates and check your anti-virus is up to date the next time you use your computer. For more information see the article on the malware from Microsoft.

We also offer advice on dealing with fake and phishing emails on our website.

Twitter Counter App hacked

  ,

📥  Computing Services, Security

The Twitter Counter App used with Twitter accounts appears to have been compromised and has been used to post spam messages to users' feeds. The messages are written in Turkish and appear to target Holland. Twitter accounts for Amnesty International, Forbes and any other users with high post and follower counts seem to have been targeted. The company Twitter Counter have acknowledged the breach of their service and taken steps to secure it, however the breach appears to mirror an earlier one from November 2016.

Twitter account holders who made use of Twitter Counter should revoke access for it in line with Twitters instructions.

https://support.twitter.com/articles/76052#

Whilst Twitter account details should not have been compromised, in the event of any connected breach it is good practice to review the security of all Twitter accounts and make sure they:

  • have a new strong password
  • ensure that any mobile phone numbers associated with the account are current
  • use login verification where possible
  • review the access for third party Apps and revoke those that aren’t needed

More advice is available from Twitter on Account Security tips - https://support.twitter.com/articles/76036#

 

Phishing attempt: Email regarding payroll

  

📥  Security

We have been made aware that several users and RT queues were sent an email regarding a payroll notification. Please be aware that this is a fake phishing attempt. Please do not click any links, fill in any documents or enter any personal information. If you are concerned, you can forward any emails to the team at phishing@bath.ac.uk and they will advise.

If you have clicked on the link and filled out the documentation, please visit the Service Desk on Level 2 of the Library, or log a help ticket for further advice.

The junk email filter has picked this up but there may be cases (for example, RT queues) where it has ended up in your inbox.

Below is an example of the phishing email:

Dear Member
1 New Notification Regarding Your Payroll

[LINK TO FRAUDULENT SITE]

Thank You,
University of Bath

 

 

Further advice on University pay rise phishing scam.

  

📥  Security

The Police have issued further advice regarding the hoax phishing emails being sent to universities regarding fake pay rises. Action fraud have updated their website with more details.   

If you are concerned, you can forward any emails to the team at phishing@bath.ac.uk and they will advise.

If you have clicked on the link and filled out the documentation, please visit the Service Desk on Level 2 of the Library, or log a help ticket for further advice.

 

 

Phishing attempt: Email from HR about a pay rise

  

📥  Security

We have been made aware that over the weekend of Saturday 4 and Sunday 5 of February several users were sent emails about about a 13.86 % payrise. Please be aware these are fake phishing attempts. Please do not fill in any documents or enter any personal information. If you are concerned, you can forward any emails to the team at phishing@bath.ac.uk and they will advise.

If you have clicked on the link and filled out the documentation, please visit the Service Desk on Level 2 of the Library, or log a help ticket  for further advice.

Below is an example of the phishing email:

Subject: Your 13.86% Salary Raise Documents

The salary structure for 2017 Fiscal Year (FY '17) was reviewed
and it was noticed that you are due for a 13.86% salary raise on
your next paycheque starting February 2017

The salary raise documents are enclosed herewith.

All prorated bonuses and deductions are also advised therein

 

 

 

Phishing attempt: Please ignore and delete

  

📥  Computing Services, Security

We are getting reports of a phishing e-mail that has beeen sent to students and staff. If you receive this e-mail please be aware that it is fake. Please ignore and delete it.

Example of the phishing e-mail is below:

Subject: Pending Message

Sender: account@bath.ac.uk

 

phishingspoof

If you are concerned about any e-mails you receive you can forward it to phishing@bath.ac.uk and the team will advise.