Computing Services

The department behind IT services at the University of Bath

Topic: Security

Guidance on protection against ransomware

  ,

📥  Security

Due to the ransomware attacks on the NHS and many other organisations as reported in the world media, we have provided some guidance to protect your personal devices (including ones you have at home) against similar attacks. If you have a University-owned device then please contact us for advice.

Windows XP
We recommend that you obtain the latest version of Windows as Microsoft no longer support this. However, they have provided an emergency update to protect your device against this particular attack.

If you are not able to obtain the latest version of Windows, then you need to run Windows update to ensure your system is up to date.

Ensure that you have antivirus software installed and that it is up to date. If you do not have antivirus software installed then we recommend Sophos which is offered to staff and students for free.

Windows 7/8/10
Run Windows update to ensure your system is up to date.

Ensure that you have antivirus software installed and that it is up to date. If you do not have antivirus software installed then we recommend Sophos which is offered to staff and students for free.

macOS
If possible, ensure you have upgraded to the latest macOS. 

If you are running Bootcamp, this will need to be updated too.

Check and run Mac software updates. 

Ensure that you have antivirus software installed and that it is up to date. If you do not have antivirus software installed then we recommend Sophos which is offered to staff and students for free.

Linux
Update your system to the latest version. 

If you are running a virtual machine this will need to be updated too.

Ensure that you have antivirus software installed and that it is up to date. If you do not have antivirus software installed then we recommend Sophos which is offered to staff and students for free.

iOS
Update your system to the latest version.

Ensure that you have antivirus software installed and that it is up to date. If you do not have antivirus software installed then we recommend Sophos.

Android
Update your phone to the latest software version. See your phone manufacturer’s website to find out how to do this.

Ensure that you have antivirus software installed and that it is up to date. If you do not have antivirus software installed then we recommend Sophos.

Further information and advice
Please feel free to contact us should you need any further information and advice about this issue.

We strongly advise you to back up your files on a regular basis.

 

 

Update: WannaCrypt Ransomware

  

📥  Security

This is an update about the WannaCrypt Ransomware virus that we blogged about earlier. We have discovered several new variants of the WannaCrypt Ransomware virus. Please be aware that we are doing everything we can to keep the University community safe and protected.

If you are in any doubt, the best way to contact us is at http://go.bath.ac.uk/it-help-form. If your enquiry is urgent then you can contact us on x3434. You can also visit the Service Desk in person on level 2 of the Library.

We will be providing a series of self help guides later on today.

Microsoft have provided guidance surrounding this at https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/

 

 

WannaCrypt Ransomware - please be vigilant

  ,

📥  Computing Services, Security

You will be aware of the news reports of ransomware attacks on the NHS and many other institutions around the world.  Ransomware attacks are mainly launched via email and are a major threat to our data.

To protect against these, the University of Bath relies on a layered approach to protect our systems with regular patching, anti-virus, firewall protection and mail filtering.  Updates to protect University systems against the vulnerability exploited in the latest attacks were tested and released to our systems and signature updates for the current attack were made available from our vendors.  Support teams are working to check that all updates have been deployed successfully and ensure that our systems are fully protected.

Ransomware does need someone to open the booby-trapped attachments so everyone should take care with emails containing attachments or links. An email may look genuine but can be spoofed. You should ask yourself:

  • Am I expecting an email from this organisation?
  • Have I actually purchased or used the service being referred to?
  • Am I confident that the attachment is safe?

Even if you choose to open the attachment:

  • Never tick/check enable macros on attachments, unless you explicitly need to and trust the sender. If in doubt contact Computing Services.
  • Don’t run a program if you don’t know where it has come from and haven’t chosen to install it yourself.

If you are in any doubt, the best way to contact us is at http://go.bath.ac.uk/it-help-form. If your enquiry is urgent then you can contact us on x3434.

Personal and home computers need to be protected as much as University systems, so make sure you run system updates and check your anti-virus is up to date the next time you use your computer. For more information see the article on the malware from Microsoft.

We also offer advice on dealing with fake and phishing emails on our website.

Twitter Counter App hacked

  ,

📥  Computing Services, Security

The Twitter Counter App used with Twitter accounts appears to have been compromised and has been used to post spam messages to users' feeds. The messages are written in Turkish and appear to target Holland. Twitter accounts for Amnesty International, Forbes and any other users with high post and follower counts seem to have been targeted. The company Twitter Counter have acknowledged the breach of their service and taken steps to secure it, however the breach appears to mirror an earlier one from November 2016.

Twitter account holders who made use of Twitter Counter should revoke access for it in line with Twitters instructions.

https://support.twitter.com/articles/76052#

Whilst Twitter account details should not have been compromised, in the event of any connected breach it is good practice to review the security of all Twitter accounts and make sure they:

  • have a new strong password
  • ensure that any mobile phone numbers associated with the account are current
  • use login verification where possible
  • review the access for third party Apps and revoke those that aren’t needed

More advice is available from Twitter on Account Security tips - https://support.twitter.com/articles/76036#

 

Phishing attempt: Email regarding payroll

  

📥  Security

We have been made aware that several users and RT queues were sent an email regarding a payroll notification. Please be aware that this is a fake phishing attempt. Please do not click any links, fill in any documents or enter any personal information. If you are concerned, you can forward any emails to the team at phishing@bath.ac.uk and they will advise.

If you have clicked on the link and filled out the documentation, please visit the Service Desk on Level 2 of the Library, or log a help ticket for further advice.

The junk email filter has picked this up but there may be cases (for example, RT queues) where it has ended up in your inbox.

Below is an example of the phishing email:

Dear Member
1 New Notification Regarding Your Payroll

[LINK TO FRAUDULENT SITE]

Thank You,
University of Bath

 

 

Further advice on University pay rise phishing scam.

  

📥  Security

The Police have issued further advice regarding the hoax phishing emails being sent to universities regarding fake pay rises. Action fraud have updated their website with more details.   

If you are concerned, you can forward any emails to the team at phishing@bath.ac.uk and they will advise.

If you have clicked on the link and filled out the documentation, please visit the Service Desk on Level 2 of the Library, or log a help ticket for further advice.

 

 

Phishing attempt: Email from HR about a pay rise

  

📥  Security

We have been made aware that over the weekend of Saturday 4 and Sunday 5 of February several users were sent emails about about a 13.86 % payrise. Please be aware these are fake phishing attempts. Please do not fill in any documents or enter any personal information. If you are concerned, you can forward any emails to the team at phishing@bath.ac.uk and they will advise.

If you have clicked on the link and filled out the documentation, please visit the Service Desk on Level 2 of the Library, or log a help ticket  for further advice.

Below is an example of the phishing email:

Subject: Your 13.86% Salary Raise Documents

The salary structure for 2017 Fiscal Year (FY '17) was reviewed
and it was noticed that you are due for a 13.86% salary raise on
your next paycheque starting February 2017

The salary raise documents are enclosed herewith.

All prorated bonuses and deductions are also advised therein

 

 

 

Phishing attempt: Please ignore and delete

  

📥  Computing Services, Security

We are getting reports of a phishing e-mail that has beeen sent to students and staff. If you receive this e-mail please be aware that it is fake. Please ignore and delete it.

Example of the phishing e-mail is below:

Subject: Pending Message

Sender: account@bath.ac.uk

 

phishingspoof

If you are concerned about any e-mails you receive you can forward it to phishing@bath.ac.uk and the team will advise.

 

Account deactivation phishing email - 24 November 2016

  

📥  Computing Services, Email, Security

We are aware that some users have received a phishing email with the subject line: Deactivation Request. We have made steps to prevent further instances of this email being received.

If you receive one of these emails, delete it and do not open the link.   If you opened the link and completed any information then please get in touch with our Service Desk at go.bath.ac.uk/it-help-form.

Read our advice on phishing emails.

Example content of the phishing email

Subject: Deactivation Request

Dear Customer,

We received a request to terminate your Email and process has started, kindly give us 24.00 hours to complete your request.

If you did not make this request Please here: undo deactivation request [LINK]

All information on your account will be deleted and access to your online access will be denied.

Thanks,

IT Service

 

 

Yahoo user security

📥  Computing Services, Security

As a result of the security incident involving Yahoo that has recently come to light, we are aware that some of you may have used the same security questions for both the Yahoo and University systems.

If this is the case, as well as securing your Yahoo account, we recommend that you change your security questions to protect the integrity of your University account. You can do this by going to https://www.bath.ac.uk/account/manager/