Re: Recent Phishing Uptick

[Bob Bayn <bob.bayn () USU EDU>]

The Direct Deposit spear phish hit our Banner implementation and the PeopleSoft implementation at a school to the south 
of us.  I've heard of others of both. 

Bob Bayn         SER 301         (435)797-2396       IT Security Team
Office of Information Technology,                   Utah State University
    Do you know the "Skeptical Hover Technique" and
    how to tell where a web link really goes?  See:
    https://it.usu.edu/computer-security/computer-security-threats/articleID=23737


________________________________________
From: The EDUCAUSE Security Constituent Group Listserv [SECURITY () LISTSERV EDUCAUSE EDU] on behalf of Shettler, David 
[dshettle () HOLYCROSS EDU]
Sent: Wednesday, February 19, 2014 6:29 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Recent Phishing Uptick

Phishing went from a nominal amount of our time, to a solid 20% since
calendar year change; a dramatic impact on other endeavors.  We're
also a Google Apps school.  The M.O. has been to compromise an
account, and email the phishing scam to other apps domain contacts
until hitting the apps sending limit, compromise those recipients,
rinse, repeat.  It took hours to hit 10% of the student body before we
were able to react and stop it -- very worm-like, and not fun, and has
highlighted the "student gap" in our awareness program.  While staff
also received it, very few fell for it.

As for the spear phishing attack targeting direct deposit, we heard of
this two weeks ago and responded by shutting down direct deposit
self-service. We plan to implement two factor prior to
re-implementation, if we do it at all.  Is it a specific ERP system
being targeted?  Been a chaotic 2014 -- between phishing and DDoS
attacks.  Anyone go through the iModules DDoS?

--
David Shettler
Information Security Officer
College of the Holy Cross
508-793-3073